Blog

Hunt.io Blog

Hunt.io Blog

Hunt.io Blog

Check out our latest threat hunting articles, tips and stories

Check out our latest threat hunting articles, tips and stories

Check out our latest threat hunting articles, tips and stories

RunningRAT’s Next Move: From Remote Access to Crypto mining For Profit
Nov 5, 2024

RunningRAT has shifted from access-driven tactics to crypto mining, using open directories to stage payloads and reduce direct C2 traffic.

Oct 31, 2024

Discover an open directory of red team tools fit for Halloween, from Cobalt Strike to BrowserGhost.

Suspected DPRK Phishing Campaign Targets Naver; Separate Apple Domain Spoofing Cluster Identified
Oct 29, 2024

Explore a suspected North Korean-linked phishing campaign targeting Naver and how unknown actors use distinct TLS certificates to spoof Apple domains.

Rekoobe Backdoor Discovered in Open Directory, Possibly Targeting TradingView Users
Oct 24, 2024

Discover how an open directory of Rekoobe malware samples led to different domains resembling trading platforms, posing risks for traders and investors.

WarmCookie Infrastructure Update: Uncovering New C2 Servers and Threats
Oct 17, 2024

Get an inside look at Warmcookie’s updated C2 infrastructure linked to its latest update. We reveal insights into newly identified servers that can assist defenders in identifying related servers.

Introducing Code Search on AttackCapture: Uncover Exploit Code, Reverse Shells, C2 Configs, and More
Oct 15, 2024

Read how CodeSearch helps security professionals to identify exploit code, reverse shells, and C2 configs across open directories, enhancing threat detection.

Unmasking Adversary Infrastructure: How Certificates and Redirects Exposed Earth Baxia and PlugX Activity
Oct 10, 2024

Learn how basic tracking techniques using unusual certificates and redirects helped uncover Earth Baxia and a hidden cyber threat, providing practical insights for network defense.

Inside a Cybercriminal’s Server: DDoS Tools, Spyware APKs, and Phishing Templates
Oct 8, 2024

Explore our in-depth analysis of a cybercriminal’s server, revealing DDoS tools, SpyNote spyware, phishing sites, and ransomware tactics.

Announcing Hunt SQL
Oct 3, 2024

We’re excited to release Hunt SQL and to provide the power and flexibility of SQL to researchers, analysts and threat hunters alike. 

1

of

6

Next

RunningRAT’s Next Move: From Remote Access to Crypto mining For Profit
Nov 5, 2024

RunningRAT has shifted from access-driven tactics to crypto mining, using open directories to stage payloads and reduce direct C2 traffic.

Oct 31, 2024

Discover an open directory of red team tools fit for Halloween, from Cobalt Strike to BrowserGhost.

Suspected DPRK Phishing Campaign Targets Naver; Separate Apple Domain Spoofing Cluster Identified
Oct 29, 2024

Explore a suspected North Korean-linked phishing campaign targeting Naver and how unknown actors use distinct TLS certificates to spoof Apple domains.

Rekoobe Backdoor Discovered in Open Directory, Possibly Targeting TradingView Users
Oct 24, 2024

Discover how an open directory of Rekoobe malware samples led to different domains resembling trading platforms, posing risks for traders and investors.

WarmCookie Infrastructure Update: Uncovering New C2 Servers and Threats
Oct 17, 2024

Get an inside look at Warmcookie’s updated C2 infrastructure linked to its latest update. We reveal insights into newly identified servers that can assist defenders in identifying related servers.

Introducing Code Search on AttackCapture: Uncover Exploit Code, Reverse Shells, C2 Configs, and More
Oct 15, 2024

Read how CodeSearch helps security professionals to identify exploit code, reverse shells, and C2 configs across open directories, enhancing threat detection.

1

of

9

Next

RunningRAT’s Next Move: From Remote Access to Crypto mining For Profit
Nov 5, 2024

RunningRAT has shifted from access-driven tactics to crypto mining, using open directories to stage payloads and reduce direct C2 traffic.

Oct 31, 2024

Discover an open directory of red team tools fit for Halloween, from Cobalt Strike to BrowserGhost.

Suspected DPRK Phishing Campaign Targets Naver; Separate Apple Domain Spoofing Cluster Identified
Oct 29, 2024

Explore a suspected North Korean-linked phishing campaign targeting Naver and how unknown actors use distinct TLS certificates to spoof Apple domains.

Rekoobe Backdoor Discovered in Open Directory, Possibly Targeting TradingView Users
Oct 24, 2024

Discover how an open directory of Rekoobe malware samples led to different domains resembling trading platforms, posing risks for traders and investors.

1

of

13

Next