From ValleyRAT to Silver Fox: How Graph-Based Threat Intel is Changing the Game

In this episode of Breaking Badness, host Kali Fencl welcomes Wes Young of CSIRT Gadgets and Daniel Schwalbe, CISO and head of investigations at DomainTools, dive into a recent DomainTools Investigations (DTI) analysis involving ValleyRAT and Silver Fox, and how new tools are enabling faster, more accessible analysis for junior and seasoned analysts alike. Whether you're a threat intel veteran or an aspiring analyst, this episode is packed with hard-earned lessons, technical insights, and future-forward thinking. They also unpack the evolution of threat intelligence from early higher-ed days of wiki-scraped snort rules to today’s graph-powered AI analysis. Wes shares the origin story behind his platform AlphaHunt, how it's being used to automate and enhance threat detection, and why community sharing remains essential even in an era of advanced tooling.