Hunt Blog
Check out our latest threat hunting articles, tips and stories
April 23, 2024
Spotting SparkRAT: Detection Tactics & Sandbox Findings
The Hunt Research Team vigilantly monitors GitHub, sifts through the IOC sections of threat intelligence reports...
April 16, 2024
In Plain Sight: Uncovering SuperShell & Cobalt Strike from an Open Directory
Hunt scans every corner of the public IPV4 space and constantly scours the Internet for open directories. Through...
April 09, 2024
BlueShell: Four Years On, Still A Formidable Threat
Platforms like GitHub offer a valuable resource for developers and the open-source community. However, these sites also create a potential...
April 02, 2024
A Hunt How-To: Detecting RedGuard C2 Redirector
If you’re like me, you’ve likely read multiple reports on network intrusions involving a “standard” deployment...
March 28, 2024
Coin Miner and Mozi Botnet
Open directories can sometimes contain unexpected dangers in the hidden parts of the internet. Our recent investigation...
March 21, 2024
A Treasure Trove of Trouble: Open Directory Exposes Red Team Tools
While open directories are often seen as a goldmine for security researchers and blue teams searching for malware...
March 19, 2024
One More Trip to The W3LL: Phishing Kit Targets Outlook Credentials
The W3LL Phishing Kit, a phishing-as-a-service (PAaS) tool, was identified by Group-IB in 2022. What makes the kit...
March 12, 2024
Hunting PrismX: Techniques for Network Discovery
Described on its GitHub README as an "Integrated lightweight cross-platform penetration system," PrismX goe...
March 05, 2024
Open Directory Exposes Phishing Campaign Targeting Google & Naver Credentials
Over the past month, Hunt has tracked an ongoing phishing campaign by a likely North Korean threat actor focused on...