Splunk Security Content

Splunk Threat Reasearch Team (STRT)

We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats.

Wscript Or Cscript Suspicious Child Process

Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation

DNS Query Length With High Standard Deviation

Exfiltration Over Unencrypted Non-C2 Protocol, Exfiltration Over Alternative Protocol

Winhlp32 Spawning a Process

Process Injection

Suspicious Copy on System32

Rename System Utilities, Masquerading

Process Writing DynamicWrapperX

Command and Scripting Interpreter, Component Object Model