Splunk Security Content

Splunk Threat Reasearch Team (STRT)

We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats.

Suspicious wevtutil Usage

Clear Windows Event Logs, Indicator Removal

Sdelete Application Execution

Data Destruction, File Deletion, Indicator Removal

DNS Query Length With High Standard Deviation

Exfiltration Over Unencrypted Non-C2 Protocol, Exfiltration Over Alternative Protocol

Winhlp32 Spawning a Process

Process Injection

Suspicious Copy on System32

Rename System Utilities, Masquerading