Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-03-09Medium Invictus Incident ResponseInvictus Incident Response
Set up Splunk for Incident Response in GCP in 15 minutes..
2022-02-23splunkShannon Davis, SURGe
An Empirically Comparative Analysis of Ransomware Binaries
Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk
2022-01-27splunkSplunk Threat Research Team
Threat Advisory: STRT-TA02 - Destructive Software
WhisperGate
2022-01-27splunkSplunk Threat Research Team
Threat Advisory: STRT-TA02 - Destructive Software
WhisperGate
2022-01-10splunkSplunk Threat Research Team
Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021
Remcos
2021-11-11splunkSplunk Threat Research Team
FIN7 Tools Resurface in the Field – Splinter or Copycat?
JSSLoader Remcos
2021-11-04splunkSplunk Threat Research Team
Detecting IcedID... Could It Be A Trickbot Copycat?
IcedID
2021-10-26splunkMarcus LaFerrera
High(er) Fidelity Software Supply Chain Attack Detection
2021-07-21splunkSplunk Threat Research Team
Detecting Trickbot with Splunk
TrickBot
2021-07-06splunkSplunk Threat Research Team
REvil Ransomware Threat Research Update and Detections
REvil
2021-07-05splunkRyan Kovar
Kaseya, Sera. What REvil Shall Encrypt, Shall Encrypt
REvil
2021-06-10splunkSplunk Threat Research Team
Detecting Password Spraying Attacks: Threat Research Release May 2021
2021-05-17splunkSplunk Threat Research Team
DarkSide Ransomware: Splunk Threat Update and Detections
DarkSide
2021-05-11splunkJames Brodsky
The DarkSide of the Ransomware Pipeline
DarkSide
2021-05-03splunkSplunk Threat Research Team
Clop Ransomware Detection: Threat Research Release, April 2021
Clop
2021-04-22splunkDave Herrald, Drew Church, James Brodsky, John Stoner, Katie Brown, Marcus LaFerrera, Michael Natkin, Mick Baccio, Ryan Kovar
SUPERNOVA Redux, with a Generous Portion of Masquerading
SUPERNOVA
2021-04-21splunkBill Wright, Dave Herrald, James Brodsky, John Stoner, Kelly Huang, Marcus LaFerrerra, Michael Natkin, Mick Baccio, Ryan Kovar, Shannon Davis, Tamara Chacon
Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)
2021-04-13splunkSplunk Threat Research Team
Detecting Clop Ransomware
Clop
2021-03-12splunkAmy Heng, Dave Herrald, Derek King, James Brodsky, John Stoner, Jose Hernandez, Marcus LaFerrera, Michael Haag, Mick Baccio, Ryan Kovar, Shannon Davis
Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…
2021-03-09splunkSecurity Research Team
Cloud Federated Credential Abuse & Cobalt Strike: Threat Research February 2021
Cobalt Strike
2021-03-03splunkRyan Kovar
Detecting HAFNIUM Exchange Server Zero-Day Activity in Splunk
HAFNIUM
2021-01-08splunkJames Brodsky, John Stoner, Lily Lee, Marcus LaFerrera, Ryan Kovar
A Golden SAML Journey: SolarWinds Continued
SUNBURST
2021-01-04splunkJohn Stoner
Detecting Supernova Malware: SolarWinds Continued
SUPERNOVA
2020-12-17splunkJohn Stoner
Onboarding Threat Indicators into Splunk Enterprise Security: SolarWinds Continued
SUNBURST
2020-12-14splunkRyan Kovar
Using Splunk to Detect Sunburst Backdoor
SUNBURST
2020-11-12Hurricane LabsDusty Miller
Splunking with Sysmon Part 4: Detecting Trickbot
TrickBot
2020-10-31splunkRyan Kovar
Ryuk and Splunk Detections
Ryuk
2019-05-23Vulnerability.ch BlogCorsin Camichel
Analysing "Retefe" with Sysmon and Splunk
Retefe
2017-02-24Some stuff about security.. BlogAngel Alonso
Hunting Retefe with Splunk - some interesting points
Retefe
2016-04-21splunkSplunk
When entropy meets Shannon