Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-10splunkSplunk Threat Research Team
@online{team:20220110:detecting:a46a6e5, author = {Splunk Threat Research Team}, title = {{Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021}}, date = {2022-01-10}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-malware-script-loaders-using-remcos-threat-research-release-december-2021.html}, language = {English}, urldate = {2022-01-25} } Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021
Remcos
2021-11-11splunkSplunk Threat Research Team
@online{team:20211111:fin7:cd0d233, author = {Splunk Threat Research Team}, title = {{FIN7 Tools Resurface in the Field – Splinter or Copycat?}}, date = {2021-11-11}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/fin7-tools-resurface-in-the-field-splinter-or-copycat.html}, language = {English}, urldate = {2021-11-12} } FIN7 Tools Resurface in the Field – Splinter or Copycat?
JSSLoader Remcos
2021-11-04splunkSplunk Threat Research Team
@online{team:20211104:detecting:d8aba5b, author = {Splunk Threat Research Team}, title = {{Detecting IcedID... Could It Be A Trickbot Copycat?}}, date = {2021-11-04}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-icedid-could-it-be-a-trickbot-copycat.html}, language = {English}, urldate = {2021-11-08} } Detecting IcedID... Could It Be A Trickbot Copycat?
IcedID
2021-10-26splunkMarcus LaFerrera
@online{laferrera:20211026:higher:9e4b682, author = {Marcus LaFerrera}, title = {{High(er) Fidelity Software Supply Chain Attack Detection}}, date = {2021-10-26}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/high-er-fidelity-software-supply-chain-attack-detection.html}, language = {English}, urldate = {2021-11-03} } High(er) Fidelity Software Supply Chain Attack Detection
2021-07-21splunkSplunk Threat Research Team
@online{team:20210721:detecting:ceb179f, author = {Splunk Threat Research Team}, title = {{Detecting Trickbot with Splunk}}, date = {2021-07-21}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-trickbots.html}, language = {English}, urldate = {2021-07-22} } Detecting Trickbot with Splunk
TrickBot
2021-07-06splunkSplunk Threat Research Team
@online{team:20210706:revil:2420164, author = {Splunk Threat Research Team}, title = {{REvil Ransomware Threat Research Update and Detections}}, date = {2021-07-06}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/revil-ransomware-threat-research-update-and-detections.html}, language = {English}, urldate = {2021-07-26} } REvil Ransomware Threat Research Update and Detections
REvil
2021-07-05splunkRyan Kovar
@online{kovar:20210705:kaseya:e1684ef, author = {Ryan Kovar}, title = {{Kaseya, Sera. What REvil Shall Encrypt, Shall Encrypt}}, date = {2021-07-05}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/kaseya-sera-what-revil-shall-encrypt-shall-encrypt.html}, language = {English}, urldate = {2021-07-26} } Kaseya, Sera. What REvil Shall Encrypt, Shall Encrypt
REvil
2021-06-10splunkSplunk Threat Research Team
@online{team:20210610:detecting:30a8985, author = {Splunk Threat Research Team}, title = {{Detecting Password Spraying Attacks: Threat Research Release May 2021}}, date = {2021-06-10}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-password-spraying-attacks-threat-research-release-may-2021.html}, language = {English}, urldate = {2021-06-21} } Detecting Password Spraying Attacks: Threat Research Release May 2021
2021-05-17splunkSplunk Threat Research Team
@online{team:20210517:darkside:e7a3747, author = {Splunk Threat Research Team}, title = {{DarkSide Ransomware: Splunk Threat Update and Detections}}, date = {2021-05-17}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/darkside-ransomware-splunk-threat-update-and-detections.html}, language = {English}, urldate = {2021-05-19} } DarkSide Ransomware: Splunk Threat Update and Detections
DarkSide
2021-05-11splunkJames Brodsky
@online{brodsky:20210511:darkside:9c81721, author = {James Brodsky}, title = {{The DarkSide of the Ransomware Pipeline}}, date = {2021-05-11}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/the-darkside-of-the-ransomware-pipeline.html}, language = {English}, urldate = {2021-05-13} } The DarkSide of the Ransomware Pipeline
DarkSide
2021-05-03splunkSplunk Threat Research Team
@online{team:20210503:clop:1d24527, author = {Splunk Threat Research Team}, title = {{Clop Ransomware Detection: Threat Research Release, April 2021}}, date = {2021-05-03}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/clop-ransomware-detection-threat-research-release-april-2021.html}, language = {English}, urldate = {2021-05-07} } Clop Ransomware Detection: Threat Research Release, April 2021
Clop
2021-04-22splunkJohn Stoner, Mick Baccio, Katie Brown, James Brodsky, Drew Church, Dave Herrald, Ryan Kovar, Marcus LaFerrera, Michael Natkin
@online{stoner:20210422:supernova:53b895c, author = {John Stoner and Mick Baccio and Katie Brown and James Brodsky and Drew Church and Dave Herrald and Ryan Kovar and Marcus LaFerrera and Michael Natkin}, title = {{SUPERNOVA Redux, with a Generous Portion of Masquerading}}, date = {2021-04-22}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/supernova-redux-with-a-generous-portion-of-masquerading.html}, language = {English}, urldate = {2021-04-28} } SUPERNOVA Redux, with a Generous Portion of Masquerading
SUPERNOVA
2021-04-21splunkDave Herrald, Mick Baccio, James Brodsky, Tamara Chacon, Shannon Davis, Kelly Huang, Ryan Kovar, Marcus LaFerrerra, Michael Natkin, John Stoner, Bill Wright
@online{herrald:20210421:monitoring:088de4c, author = {Dave Herrald and Mick Baccio and James Brodsky and Tamara Chacon and Shannon Davis and Kelly Huang and Ryan Kovar and Marcus LaFerrerra and Michael Natkin and John Stoner and Bill Wright}, title = {{Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)}}, date = {2021-04-21}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/monitoring-pulse-connect-secure-with-splunk-cisa-emergency-directive-21-03.html}, language = {English}, urldate = {2021-04-28} } Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)
2021-04-13splunkSplunk Threat Research Team
@online{team:20210413:detecting:83655d0, author = {Splunk Threat Research Team}, title = {{Detecting Clop Ransomware}}, date = {2021-04-13}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-clop-ransomware.html}, language = {English}, urldate = {2021-04-14} } Detecting Clop Ransomware
Clop
2021-03-12splunkJohn Stoner, Mick Baccio, James Brodsky, Shannon Davis, Michael Haag, Amy Heng, Jose Hernandez, Dave Herrald, Derek King, Ryan Kovar, Marcus LaFerrera
@online{stoner:20210312:detecting:b7b189e, author = {John Stoner and Mick Baccio and James Brodsky and Shannon Davis and Michael Haag and Amy Heng and Jose Hernandez and Dave Herrald and Derek King and Ryan Kovar and Marcus LaFerrera}, title = {{Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…}}, date = {2021-03-12}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-microsoft-exchange-vulnerabilities-0-8-days-later.html}, language = {English}, urldate = {2021-03-16} } Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…
2021-03-09splunkSecurity Research Team
@online{team:20210309:cloud:4deeb78, author = {Security Research Team}, title = {{Cloud Federated Credential Abuse & Cobalt Strike: Threat Research February 2021}}, date = {2021-03-09}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/cloud-federated-credential-abuse-cobalt-strike-threat-research-feb-2021.html}, language = {English}, urldate = {2021-03-11} } Cloud Federated Credential Abuse & Cobalt Strike: Threat Research February 2021
Cobalt Strike
2021-03-03splunkRyan Kovar
@online{kovar:20210303:detecting:f8ba84c, author = {Ryan Kovar}, title = {{Detecting HAFNIUM Exchange Server Zero-Day Activity in Splunk}}, date = {2021-03-03}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-hafnium-exchange-server-zero-day-activity-in-splunk.html}, language = {English}, urldate = {2021-03-10} } Detecting HAFNIUM Exchange Server Zero-Day Activity in Splunk
HAFNIUM
2021-01-08splunkMarcus LaFerrera, John Stoner, Lily Lee, James Brodsky, Ryan Kovar
@online{laferrera:20210108:golden:d31442a, author = {Marcus LaFerrera and John Stoner and Lily Lee and James Brodsky and Ryan Kovar}, title = {{A Golden SAML Journey: SolarWinds Continued}}, date = {2021-01-08}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/a-golden-saml-journey-solarwinds-continued.html}, language = {English}, urldate = {2021-01-11} } A Golden SAML Journey: SolarWinds Continued
SUNBURST
2021-01-04splunkJohn Stoner
@online{stoner:20210104:detecting:c521df9, author = {John Stoner}, title = {{Detecting Supernova Malware: SolarWinds Continued}}, date = {2021-01-04}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/detecting-supernova-malware-solarwinds-continued.html}, language = {English}, urldate = {2021-01-10} } Detecting Supernova Malware: SolarWinds Continued
SUPERNOVA
2020-12-17splunkJohn Stoner
@online{stoner:20201217:onboarding:cef2450, author = {John Stoner}, title = {{Onboarding Threat Indicators into Splunk Enterprise Security: SolarWinds Continued}}, date = {2020-12-17}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/smoothing-the-bumps-of-onboarding-threat-indicators-into-splunk-enterprise-security.html}, language = {English}, urldate = {2021-01-11} } Onboarding Threat Indicators into Splunk Enterprise Security: SolarWinds Continued
SUNBURST