Stef Rand

Super excited to introduce Tangerine Turkey! Tangerine Turkey is @redcanary's name for a VBS worm that is delivered via an infected USB and uses a printui DLL hijack to deliver a cryptomining payload. This was a fascinating rabbit hole to go down! redcanary.com/blog/threat-in…

📈 After ranking first for the whole year in our newly released Threat Detection Report, SocGholish takes the number one spot in our 10 top threat list for the month as well. Learn more about fake browser updates and worms in this month's edition of Intelligence Insights. redcanary.com/blog/threat-in…

📣 The 2025 Threat Detection Report is here! Dive into our analysis of 93,000 threats our customers' security controls missed, with actionable guidance on every page. Read the ungated report here: redcanary.com/threat-detecti…

🆕 Two emerging threats make their debuts in our top 10 list: Infrared Ibis and Saffron Starling Get detection opportunities and more in this month's edition of Intelligence Insights. redcanary.com/blog/threat-in…

Exciting update to our blog! As part of our ongoing research we identified some public Github repos being leveraged that, I'm happy to say, are no longer active! More details--plus some IOCs for still-active sites--in the update.

@techieStef Get more of this month's Intelligence Insights here: redcanary.com/blog/threat-in…

HijackLoader—a newcomer to our monthly top 10 list—is fond of renaming executables, which presents a detection opportunity. Learn more in this month's edition of Intelligence Insights. redcanary.com/blog/threat-in…

📈 We've seen a spike in LummaC2 stealer activity over the last two months. Get detection guidance and more in this month's edition of Intelligence Insights. redcanary.com/blog/threat-in…

ChromeLoader and SocGholish remained our top threats in September, but a new technique stood out, tricking users into copying a PowerShell script, pasting it into Windows Run, and executing malicious code that leads to LummaC2: redcanary.com/blog/threat-in…

Removal Complete! Salmon can now access much more cold water habitat and excellent spawning grounds… oregonlive.com/native-america…

At the end of August 2024, Red Canary observed ransomware incidents that leveraged VPNs both as an initial access vector and to facilitate further access within organizations. redcanary.com/blog/threat-in…

Keep tabs on ChromeLoader and other browser-related threats in this month's edition of Intelligence Insights. redcanary.com/blog/threat-in…

This month's newcomers: 🏵️ Amber Albatross, which starts with a potentially unwanted program and ultimately leads to a pyInstaller executable with stealer capabilities 💸 dllFake, a malware family that primarily targets browsers and crypto wallets redcanary.com/blog/threat-in…

@DannyDrinksWine Umbrellas of Cherbourg

What's the best "Technicolor" movie you've ever seen?

It's Koi phishing season! Red Canary Intel has been tracking an activity cluster that drops Koi Loader and a final payload of a .NET stealer. redcanary.com/blog/threat-in…

@chrissanders88 😆 Thanks for the shout out! What can I say, malware jerks getting up to their jerky shenanigans makes me grumpy

Shout out to @techieStef for complaining about seeing this enough that it inspired the scenario.

Investigation Scenario 🔎 You’ve discovered regsvr32.exe running from the C:\Users\Username\Appdata\Roaming directory on a Windows system. What do you look for to investigate whether an incident occurred? #InvestigationPath #DFIR #SOC

Keeping up with threats and trends can feel like navigating a labyrinth in the dark. @techieStef & @ForensicITGuy explore topics from our 2024 Threat Detection Report, including initial access tradecraft, cloud abuse, identity attacks, and more. 🎬 🍿 youtu.be/4HTd6boLPDc

Tax season springs financially-themed phishing lures on users, and vulnerabilities continue to sprout up in this month’s edition of Intelligence Insights. redcanary.com/blog/intellige…

I do not have words for how much this delights me. These loud little birds are one of my favorite things in the world. Look ye upon this glorious wrendering that captures their noisy bossy chaos. Absolutely wonderful, @thepacketrat

TDR Day 🥳🎉 also means it’s Threat Sounds release day!!! Vol. 4 has dropped and it’s epic, y’all! 🔥 redcanary.com/threat-sounds/