Supercharge Your Threat Investigations with IrisQL

This document introduces IrisQL — a text-based query language for threat hunting — and supplies example queries, IOC lists, and hunting patterns for multiple active campaigns and actor types (LummaC2 infostealer, SocGholish TDS, Tycoon PhaaS, APT28/FrostArmada DNS hijacking, RansomHub reconnaissance, typosquatting, etc.), referencing government and vendor advisories and providing time-bound, risk-scored search templates to locate malicious domains, infrastructure, and attribution pivots.