Blog

Hunt.io Blog

Hunt.io Blog

Hunt.io Blog

Check out our latest threat hunting articles, tips and stories

Check out our latest threat hunting articles, tips and stories

Check out our latest threat hunting articles, tips and stories

‘JustJoin’ Landing Page Linked to Suspected DPRK Activity Resurfaces
Jan 14, 2025

Learn how a landing page mimicking “JustJoin,” tied to suspected DPRK cyber activity, has reappeared with new infrastructure linked through SSH key overlaps.

Cyberhaven Extension Compromise: TLS Certificates Reveal Hidden Infrastructure
Jan 9, 2025

Read more about connections through a TLS certificate linking reported and unreported infrastructure tied to the Cyberhaven extension compromise.

Golang Beacons and VS Code Tunnels: Tracking a Cobalt Strike Server Leveraging Trusted Infrastructure
Jan 7, 2025

Learn how a Cobalt Strike server with a TLS certificate and prominent watermark showed a Golang-compiled beacon communicating with Visual Studio Code tunnels.

Dec 20, 2024

Discover Hunt.io's 2024 highlights: major product launches, innovations like AttackCapture™, C2 Feed, and Hunt SQL, and a look ahead to 2025.

Oyster’s Trail: Resurgence of Infrastructure Linked to Ransomware and Cybercrime Actors
Dec 12, 2024

Our latest analysis uncovers domains linked to the Oyster backdoor, revealing suspected Vanilla Tempest infrastructure and offering insights into server configuration patterns.

“Million OK!!!!” and the Naver Facade: Tracking Recent Suspected Kimsuky Infrastructure
Dec 10, 2024

Learn how the 'Million OK!!!' HTTP response previously linked to Kimsuky has reappeared on new IPs and domains. This update provides the latest insights into evolving infrastructure, helping defenders stay informed on potential North Korean threat activity.

MoqHao Leverages iCloud and VK in Campaign Targeting Apple IDs and Android Device
Dec 5, 2024

Discover how the MoqHao campaign leveraging iCloud and VK employs cross-platform tactics to steal credentials and distribute malicious APKs.

Rare Watermark Links Cobalt Strike 4.10 Team Servers to Ongoing Suspicious Activity
Dec 3, 2024

Uncover the infrastructure and learn how a unique watermark led to the discovery of Cobalt Strike 4.10 team servers impersonating well-known brands.

 Uncovering Threat Actor Tactics: How Open Directories Provide Insight into XWorm Delivery Strategies
Nov 28, 2024

Learn how threat actors leverage open directories to deliver XWorm malware disguised as popular software, providing insight into their tactics.

1

of

8

Next

‘JustJoin’ Landing Page Linked to Suspected DPRK Activity Resurfaces
Jan 14, 2025

Learn how a landing page mimicking “JustJoin,” tied to suspected DPRK cyber activity, has reappeared with new infrastructure linked through SSH key overlaps.

Cyberhaven Extension Compromise: TLS Certificates Reveal Hidden Infrastructure
Jan 9, 2025

Read more about connections through a TLS certificate linking reported and unreported infrastructure tied to the Cyberhaven extension compromise.

Golang Beacons and VS Code Tunnels: Tracking a Cobalt Strike Server Leveraging Trusted Infrastructure
Jan 7, 2025

Learn how a Cobalt Strike server with a TLS certificate and prominent watermark showed a Golang-compiled beacon communicating with Visual Studio Code tunnels.

Dec 20, 2024

Discover Hunt.io's 2024 highlights: major product launches, innovations like AttackCapture™, C2 Feed, and Hunt SQL, and a look ahead to 2025.

Oyster’s Trail: Resurgence of Infrastructure Linked to Ransomware and Cybercrime Actors
Dec 12, 2024

Our latest analysis uncovers domains linked to the Oyster backdoor, revealing suspected Vanilla Tempest infrastructure and offering insights into server configuration patterns.

“Million OK!!!!” and the Naver Facade: Tracking Recent Suspected Kimsuky Infrastructure
Dec 10, 2024

Learn how the 'Million OK!!!' HTTP response previously linked to Kimsuky has reappeared on new IPs and domains. This update provides the latest insights into evolving infrastructure, helping defenders stay informed on potential North Korean threat activity.

1

of

12

Next

‘JustJoin’ Landing Page Linked to Suspected DPRK Activity Resurfaces
Jan 14, 2025

Learn how a landing page mimicking “JustJoin,” tied to suspected DPRK cyber activity, has reappeared with new infrastructure linked through SSH key overlaps.

Cyberhaven Extension Compromise: TLS Certificates Reveal Hidden Infrastructure
Jan 9, 2025

Read more about connections through a TLS certificate linking reported and unreported infrastructure tied to the Cyberhaven extension compromise.

Golang Beacons and VS Code Tunnels: Tracking a Cobalt Strike Server Leveraging Trusted Infrastructure
Jan 7, 2025

Learn how a Cobalt Strike server with a TLS certificate and prominent watermark showed a Golang-compiled beacon communicating with Visual Studio Code tunnels.

Dec 20, 2024

Discover Hunt.io's 2024 highlights: major product launches, innovations like AttackCapture™, C2 Feed, and Hunt SQL, and a look ahead to 2025.

1

of

18

Next