Splunk Security Content

Splunk Threat Reasearch Team (STRT)

We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats.

DLLHost with no Command Line Arguments with Network

Process Injection

Suspicious microsoft workflow compiler rename

Masquerading, Trusted Developer Utilities Proxy Execution, Rename System Utilities

CMD Echo Pipe - Escalation

Command and Scripting Interpreter, Windows Command Shell, Windows Service, Create or Modify System Process

Suspicious Rundll32 no Command Line Arguments

System Binary Proxy Execution, Rundll32

Windows Exchange Autodiscover SSRF Abuse

Exploit Public-Facing Application, External Remote Services