Stef Rand
@techiestef.bsky.social
Senior Intelligence Analyst at Red Canary, former DFIR at Mandiant. Psychology and history nerd. When I am not computering, I go outside and play!
Pinned
Stef Rand
@techiestef.bsky.social
· Mar 18
Welcome to the Red Canary Threat Detection Report
Our Threat Detection Report takes a close look at the top techniques, threats, and trends to help security teams focus on what matters most.
redcanary.com
Red Canary's 2025 Threat Detection Report is live! A ton of work went into this report and it's awesome to be able to share it with y'all. If you're curious about our top 10 threats for the year, trends we've seen, or what our color + bird threats are, answers are here!
redcanary.com/threat-detec...
redcanary.com/threat-detec...
Red Canary's 2025 Threat Detection Report is live! A ton of work went into this report and it's awesome to be able to share it with y'all. If you're curious about our top 10 threats for the year, trends we've seen, or what our color + bird threats are, answers are here!
redcanary.com/threat-detec...
redcanary.com/threat-detec...
Welcome to the Red Canary Threat Detection Report
Our Threat Detection Report takes a close look at the top techniques, threats, and trends to help security teams focus on what matters most.
redcanary.com
March 18, 2025 at 3:49 PM
Red Canary's 2025 Threat Detection Report is live! A ton of work went into this report and it's awesome to be able to share it with y'all. If you're curious about our top 10 threats for the year, trends we've seen, or what our color + bird threats are, answers are here!
redcanary.com/threat-detec...
redcanary.com/threat-detec...
Hey y'all, this month's Intelligence Insights is out! We had two new birds make the list:
- Infrared Ibis == how we track behavior related to malicious chrome extensions
- Saffron Starling == our name for a loader that delivers Danabot/DarkGate/Matanbuchus
redcanary.com/blog/threat-...
- Infrared Ibis == how we track behavior related to malicious chrome extensions
- Saffron Starling == our name for a loader that delivers Danabot/DarkGate/Matanbuchus
redcanary.com/blog/threat-...
Intelligence Insights: February 2025
Infrared Ibis infiltrates Chrome extensions and Saffron Starling surprises in this month's edition of Intelligence Insights
redcanary.com
February 20, 2025 at 9:37 PM
Hey y'all, this month's Intelligence Insights is out! We had two new birds make the list:
- Infrared Ibis == how we track behavior related to malicious chrome extensions
- Saffron Starling == our name for a loader that delivers Danabot/DarkGate/Matanbuchus
redcanary.com/blog/threat-...
- Infrared Ibis == how we track behavior related to malicious chrome extensions
- Saffron Starling == our name for a loader that delivers Danabot/DarkGate/Matanbuchus
redcanary.com/blog/threat-...
Exciting update to our blog! As part of our ongoing research we identified some public Github repos being leveraged that, I'm happy to say, are no longer active! More details--plus some IOCs for still-active sites--in the update.
redcanary.com/blog/threat-...
redcanary.com/blog/threat-...
Tangerine Turkey mines cryptocurrency in global campaign | Red Canary
Named by Red Canary, Tangerine Turkey is a VBS worm delivered via USB that ultimately drops a cryptomining payload
redcanary.com
January 30, 2025 at 9:12 PM
Exciting update to our blog! As part of our ongoing research we identified some public Github repos being leveraged that, I'm happy to say, are no longer active! More details--plus some IOCs for still-active sites--in the update.
redcanary.com/blog/threat-...
redcanary.com/blog/threat-...
Hey folks! Kicking off my Bluesky debut with a new Red Canary bird debut. This month we introduced Tangerine Turkey, Red Canary's name for a VBS worm that is delivered via an infected USB and uses a printui DLL hijack to deliver a cryptomining payload. Here's our blog!
redcanary.com/blog/threat-...
redcanary.com/blog/threat-...
Tangerine Turkey mines cryptocurrency in global campaign | Red Canary
Named by Red Canary, Tangerine Turkey is a VBS worm delivered via USB that ultimately drops a cryptomining payload
redcanary.com
January 24, 2025 at 4:29 PM
Hey folks! Kicking off my Bluesky debut with a new Red Canary bird debut. This month we introduced Tangerine Turkey, Red Canary's name for a VBS worm that is delivered via an infected USB and uses a printui DLL hijack to deliver a cryptomining payload. Here's our blog!
redcanary.com/blog/threat-...
redcanary.com/blog/threat-...