Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-12-01splunkSplunk Threat Research Team
@online{team:20221201:from:4ac8d82, author = {Splunk Threat Research Team}, title = {{From Macros to No Macros: Continuous Malware Improvements by QakBot}}, date = {2022-12-01}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/from-macros-to-no-macros-continuous-malware-improvements-by-qakbot.html}, language = {English}, urldate = {2022-12-05} } From Macros to No Macros: Continuous Malware Improvements by QakBot
QakBot
2022-11-16splunkSplunk Threat Research Team
@online{team:20221116:inside:6c4f291, author = {Splunk Threat Research Team}, title = {{Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis}}, date = {2022-11-16}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/inside-the-mind-of-a-rat-agent-tesla-detection-and-analysis.html}, language = {English}, urldate = {2022-11-28} } Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis
Agent Tesla
2022-10-04splunkSplunk Threat Research Team
@online{team:20221004:deliver:dba14df, author = {Splunk Threat Research Team}, title = {{Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis}}, date = {2022-10-04}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/deliver-a-strike-by-reversing-a-badger-brute-ratel-detection-and-analysis.html}, language = {English}, urldate = {2022-10-06} } Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis
Brute Ratel C4
2022-08-25splunkSplunk Threat Research Team
@online{team:20220825:applocker:7ed5b33, author = {Splunk Threat Research Team}, title = {{AppLocker Rules as Defense Evasion: Complete Analysis}}, date = {2022-08-25}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/-applocker-rules-as-defense-evasion-complete-analysis.html}, language = {English}, urldate = {2022-08-30} } AppLocker Rules as Defense Evasion: Complete Analysis
Azorult
2022-07-26splunkSplunk Threat Research Team
@online{team:20220726:ml:048aaa9, author = {Splunk Threat Research Team}, title = {{ML Detection of Risky Command Exploit}}, date = {2022-07-26}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/ml-detection-of-risky-command-exploit.html}, language = {English}, urldate = {2022-08-22} } ML Detection of Risky Command Exploit
2022-06-23splunkSplunk Threat Research Team
@online{team:20220623:threat:c75f097, author = {Splunk Threat Research Team}, title = {{Threat Update: Industroyer2}}, date = {2022-06-23}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-update-industroyer2.html}, language = {English}, urldate = {2022-08-22} } Threat Update: Industroyer2
INDUSTROYER2
2022-05-19splunkSplunk Threat Research Team
@online{team:20220519:threat:63b1c42, author = {Splunk Threat Research Team}, title = {{Threat Update: AcidRain Wiper}}, date = {2022-05-19}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-update-acidrain-wiper.html}, language = {English}, urldate = {2022-05-29} } Threat Update: AcidRain Wiper
AcidRain
2022-04-15splunkSplunk Threat Research Team
@online{team:20220415:strtta03:9292c09, author = {Splunk Threat Research Team}, title = {{STRT-TA03 CPE - Destructive Software}}, date = {2022-04-15}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/strt-ta03-cpe-destructive-software.html}, language = {English}, urldate = {2022-04-29} } STRT-TA03 CPE - Destructive Software
AcidRain CyclopsBlink
2022-04-07splunkSplunk Threat Research Team
@online{team:20220407:you:2d088bc, author = {Splunk Threat Research Team}, title = {{You Bet Your Lsass: Hunting LSASS Access}}, date = {2022-04-07}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/you-bet-your-lsass-hunting-lsass-access.html}, language = {English}, urldate = {2022-05-04} } You Bet Your Lsass: Hunting LSASS Access
Cobalt Strike MimiKatz
2022-04-01splunkSplunk Threat Research Team
@online{team:20220401:threat:1955941, author = {Splunk Threat Research Team}, title = {{Threat Update: CaddyWiper}}, date = {2022-04-01}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-update-caddywiper.html}, language = {English}, urldate = {2022-04-12} } Threat Update: CaddyWiper
CaddyWiper
2022-03-28splunkSplunk Threat Research Team
@online{team:20220328:threat:5310e19, author = {Splunk Threat Research Team}, title = {{Threat Update DoubleZero Destructor}}, date = {2022-03-28}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-update-doublezero-destructor.html}, language = {English}, urldate = {2022-03-30} } Threat Update DoubleZero Destructor
DoubleZero
2022-03-23splunkShannon Davis
@online{davis:20220323:gone:56f570f, author = {Shannon Davis}, title = {{Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed}}, date = {2022-03-23}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html}, language = {English}, urldate = {2022-03-25} } Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed
Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk
2022-03-10splunkSplunk Threat Research Team
@online{team:20220310:detecting:d1cb280, author = {Splunk Threat Research Team}, title = {{Detecting HermeticWiper}}, date = {2022-03-10}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-hermeticwiper.html}, language = {English}, urldate = {2022-03-22} } Detecting HermeticWiper
HermeticWiper PartyTicket
2022-03-09Medium Invictus Incident ResponseInvictus Incident Response
@online{response:20220309:set:5298d9e, author = {Invictus Incident Response}, title = {{Set up Splunk for Incident Response in GCP in 15 minutes..}}, date = {2022-03-09}, organization = {Medium Invictus Incident Response}, url = {https://invictus-ir.medium.com/set-up-splunk-for-incident-response-in-gcp-in-15-minutes-52eebc7e5a91}, language = {English}, urldate = {2022-03-28} } Set up Splunk for Incident Response in GCP in 15 minutes..
2022-02-23splunkShannon Davis, SURGe
@techreport{davis:20220223:empirically:fe03729, author = {Shannon Davis and SURGe}, title = {{An Empirically Comparative Analysis of Ransomware Binaries}}, date = {2022-02-23}, institution = {splunk}, url = {https://www.splunk.com/en_us/pdfs/resources/whitepaper/an-empirically-comparative-analysis-of-ransomware-binaries.pdf}, language = {English}, urldate = {2022-03-25} } An Empirically Comparative Analysis of Ransomware Binaries
Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk
2022-01-27splunkSplunk Threat Research Team
@online{team:20220127:threat:6829079, author = {Splunk Threat Research Team}, title = {{Threat Advisory: STRT-TA02 - Destructive Software}}, date = {2022-01-27}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-advisory-strt-ta02-destructive-software.html?splunk}, language = {English}, urldate = {2022-02-02} } Threat Advisory: STRT-TA02 - Destructive Software
WhisperGate
2022-01-27splunkSplunk Threat Research Team
@online{team:20220127:threat:ea9f405, author = {Splunk Threat Research Team}, title = {{Threat Advisory: STRT-TA02 - Destructive Software}}, date = {2022-01-27}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/threat-advisory-strt-ta02-destructive-software.html}, language = {English}, urldate = {2022-02-01} } Threat Advisory: STRT-TA02 - Destructive Software
WhisperGate
2022-01-10splunkSplunk Threat Research Team
@online{team:20220110:detecting:a46a6e5, author = {Splunk Threat Research Team}, title = {{Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021}}, date = {2022-01-10}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-malware-script-loaders-using-remcos-threat-research-release-december-2021.html}, language = {English}, urldate = {2022-01-25} } Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021
Remcos
2021-11-11splunkSplunk Threat Research Team
@online{team:20211111:fin7:cd0d233, author = {Splunk Threat Research Team}, title = {{FIN7 Tools Resurface in the Field – Splinter or Copycat?}}, date = {2021-11-11}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/fin7-tools-resurface-in-the-field-splinter-or-copycat.html}, language = {English}, urldate = {2021-11-12} } FIN7 Tools Resurface in the Field – Splinter or Copycat?
JSSLoader Remcos
2021-11-04splunkSplunk Threat Research Team
@online{team:20211104:detecting:d8aba5b, author = {Splunk Threat Research Team}, title = {{Detecting IcedID... Could It Be A Trickbot Copycat?}}, date = {2021-11-04}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-icedid-could-it-be-a-trickbot-copycat.html}, language = {English}, urldate = {2021-11-08} } Detecting IcedID... Could It Be A Trickbot Copycat?
IcedID