Intruvent Technologies
Contact us

Threat Hunting Guides

Detection Rules • Hunting Queries • IOCs

Free, actionable threat hunting guides built from real-world investigations. Each guide includes MITRE ATT&CK mapping, detection rules for Splunk/Sigma/KQL, and hunting queries you can deploy today.

7
Hunting Guides
175+
Threat Groups Tracked
400+
Investigations

Want Continuous Coverage?

BRACE monitors 175+ threat groups and delivers weekly sector-specific intelligence with detection rules automatically.

Learn About BRACE

Featured Guide

Critical New 13 Modules

BRICKSTORM Backdoor

UNC5221 / WARP PANDA • 5-7 hours

Comprehensive hunting procedures for BRICKSTORM backdoor targeting VMware vCenter and ESXi. 13 hunt modules, CISA-verified IOCs, and DNS-over-HTTPS C2 detection.

All Hunting Guides

Critical 13 Modules New

BRICKSTORM Backdoor

UNC5221 / WARP PANDA

Comprehensive hunting procedures for BRICKSTORM backdoor targeting VMware vCenter and ESXi. 13 hunt modules, CISA-verified IOCs, and DNS-over-HTTPS C2 detection.

Origin: China (PRC) Targets: Government, IT/MSPs, Critical Infrastructure
5-7 hours December 2025
View Hunting Guide → PDF ↓
Critical 8 Modules

Qilin Ransomware

Qilin / Agenda

#1 ransomware threat to US SLTT organizations. GPO-based Chrome credential harvesting, BYOVD EDR evasion with dark.sys driver detection.

Origin: Russia (suspected) Targets: Healthcare, Manufacturing, Government
4-6 hours December 2024
View Hunting Guide →
Critical 10 Modules

Scattered Spider

UNC3944 / Octo Tempest

Social engineering specialists targeting identity providers. SIM swapping, MFA bombing, and help desk impersonation detection.

Origin: US/UK Targets: Telecommunications, Technology, Gaming
4-6 hours December 2024
View Hunting Guide →
Critical 12 Modules

APT44 / Sandworm

Sandworm Team / IRIDIUM

Russian military intelligence unit. NotPetya, Olympic Destroyer, Ukraine/NATO targeting. Critical infrastructure defense focus.

Origin: Russia (GRU Unit 74455) Targets: Critical Infrastructure, Energy, Government
4-6 hours December 2024
View Hunting Guide →
Critical 10 Modules

Volt Typhoon

VANGUARD PANDA / Bronze Silhouette

China-nexus actor pre-positioning in US critical infrastructure. Living-off-the-land techniques for long-term persistence detection.

Origin: China (PRC) Targets: US Critical Infrastructure
4-6 hours December 2024
View Hunting Guide →
High 6 Modules

Z-Pentest

ZPT

Pro-Russian hacktivist group targeting industrial control systems and critical infrastructure in NATO countries.

Origin: Russia Targets: ICS/OT, Critical Infrastructure
2-4 hours December 2024
View Hunting Guide →
High 5 Modules

SafePay Ransomware

SafePay

Emerging RaaS operation with unique encryption and double extortion tactics. Growing victim count in Q4 2024.

Origin: Unknown Targets: SMB, Healthcare
2-4 hours December 2024
View Hunting Guide →

What's Included in Each Guide

Every guide is built from real investigation data and includes actionable content you can deploy immediately.

🎯

MITRE ATT&CK Mapping

Techniques and sub-techniques with T-codes for framework alignment.

📋

Detection Rules

Production-ready Splunk SPL, Sigma, and KQL queries with copy buttons.

🔍

Hunt Modules

Step-by-step hunting procedures with priority levels and time estimates.

🚨

IOCs & Artifacts

IPs, domains, file hashes, registry keys, and file paths.

Also Explore

👤

Threat Actors

In-depth profiles of ransomware groups, APTs, and cybercriminal operations.

25+ Profiles →
🔓

CVE Analysis

Vulnerability analysis with exploitation details and remediation guidance.

40+ Advisories →

Automate Your Threat Hunting

BRACE provides continuous monitoring for 175+ threat actors with weekly detection rule updates and sector-specific intelligence.

Get BRACE Talk to an Expert