https://hexpysya.github.io/tags/suricata/Recent content in Suricata on bubka hacks stuffHugo -- gohugo.ioen-usTue, 07 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/splunk-nerisbot/Tue, 07 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/splunk-nerisbot/A victim host downloaded multiple malicious executables via HTTP, including Emotet, ransomware, and trojan payloads, detected through Suricata IDS alerts and confirmed malicious via VirusTotal.https://hexpysya.github.io/blue_team/wazuh+suricata-malware-traffic/Mon, 02 Mar 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/wazuh+suricata-malware-traffic/Replayed a malicious PCAP file containing Hancitor dropper traffic that deployed Cobalt Strike, Dridex, and Ficker Stealer. Analyzed 423 Suricata alerts in Wazuh, reconstructed the full infection chain, and mapped findings to MITRE ATT&CK.