Out of the Woods: The Threat Hunting Podcast

Top Headlines:

Elastic Security Labs | Phantom in the vault: Obsidian abused to deliver PhantomPulse RAT: https://www.elastic.co/security-labs/phantom-in-the-vault

SentinelOne | Annual Threat Report: A Defender's Guide from the Frontlines: https://www.sentinelone.com/resources/ebooks/assets/threat-intel-program-fy27/tdr-annual-threat-report-25-en?utm_medium=paid-display&utm_source=thehackernews&utm_campaign=amer-us-platform&utm_content=homepage-newsfeed-3-23-2026

eSentire | STX RAT: A new RAT in 2026 with Infostealer Capabilities: https://www.esentire.com/blog/stx-rat-a-new-rat-in-2026-with-infostealer-capabilities

----------
Stay in Touch!
Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/

In this special episode of Out of the Woods, Scott Poley and Tom Kostura review key findings from the Q1 2026 Threat Hunt Report and discuss what stood out across the quarter. They cover recurring living off the land activity, persistence techniques, valid account abuse, social engineering trends, geopolitical developments and supply chain compromises, with a focus on what those patterns mean for threat hunters and defenders.
Download the full Q1 2026 Threat Hunt Report: https://www.intel471.com/resources/whitepapers/threat-hunt-report-q1-2026
----------
Stay in Touch!
Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/

Can You Identify the Malware Family?

Out of the Woods: The Threat Hunting Podcast returns with another live, interactive edition designed to test how you analyze malicious activity. This session will focus on a specific malware family, revealing its behavior in stages as our hosts walk through execution patterns, infrastructure clues, and operational tradecraft.
Participants will examine how observed behaviors align to MITRE ATT&CK, how the malware evolves across campaigns, and how delivery methods and post-exploitation activity signal attribution. Before the final reveal, attendees will have the opportunity to submit their best guess on which malware family is responsible.
What You’ll Learn:

Real-world malware behavior – A phase-by-phase breakdown of an active malware campaign

MITRE ATT&CK in context – How techniques manifest during execution

Behavioral fingerprinting – Identifying patterns across variants and infrastructure

Delivery and objectives – What infection chains reveal about operator intent

Interactive analysis – Submit your guess before the final reveal

Watch the episode here: https://youtu.be/wo-Vy6okKVI

*[LIVE] Out of the Woods Podcast: Guess Who: The Malware Edition
March 25, 2026 | 12:00 - 1:30 PM ET
Sign Up: https://www.intel471.com/resources/podcasts/guess-who-the-malware-edition-1
*Threat Hunting Management Workshop: Rethinking Priority
March 18, 2026 | 12:00 - 12:30 PM ET
Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-management-workshop-rethinking-priority
----------

Top Headlines:

Arctic Wolf | SloppyLemming Deploys BurrowShell and Rust-Based RAT to Target Pakistan and Bangladesh: https://arcticwolf.com/resources/blog/sloppylemming-deploys-burrowshell-and-rust-based-rat-to-target-pakistan-and-bangladesh/

Huntress | Fake Tech Support Delivers Havoc Command & Control: https://www.huntress.com/blog/fake-tech-support-havoc-command-control

Socket | StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential Stealer: https://socket.dev/blog/stegabin-26-malicious-npm-packages-use-pastebin-steganography

ThreatLabz | APT37 Adds New Tools For Air-Gapped Networks: https://www.zscaler.com/blogs/security-research/apt37-adds-new-capabilities-air-gapped-networks?&web_view=true#technical-analysis

----------
Stay in Touch!
Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/

Top Headlines:

Group-IB | Operation Olalampo: Inside MuddyWater’s Latest Campaign: https://www.group-ib.com/blog/muddywater-operation-olalampo/

Point Wild | Remcos Revisited: Inside the RAT’s Evolving Command-and-Control Techniques: https://www.pointwild.com/threat-intelligence/remcos-revisited-inside-the-rats-evolving-command-and-control-techniques/

Lab 52 | Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure: https://lab52.io/blog/operation-macromaze-new-apt28-campaign-using-basic-tooling-and-legit-infrastructure/

therecord.media | Researchers warn Volt Typhoon still embedded in US utilities and some breaches may never be found: https://therecord.media/researchers-warn-volt-typhoon-still-active-critical-infrastructure?&web_view=true

----------
Stay in Touch!
Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/