Introducing Hunt 2.0
Deeper Threat Analysis & Enhanced Data for Cyber Intelligence
Published on
Published on
Published on
Mar 6, 2025
Mar 6, 2025
Mar 6, 2025
Driven by our commitment to empower security teams with the most advanced technology in threat hunting, we're proud to unveil Hunt 2.0.
This update delivers a modernized interface with enhanced performance, advanced IP visual tracking, and robust SQL and API capabilities that empower deeper threat analysis. This release also includes significant data improvements-including new threat actor, C2 and malware features-and streamlined integrations to bolster cyber intelligence and operational efficiency.
Here's a quick snapshot of what's new:
| Feature | What's New? |
|---|---|
| AttackCapture™ | Better Filtering, New Code Search, more data, better preview, API launched |
| IP Searching | Better Associations pre-computed so less dead ends |
| Threat Actors | First version launched with IOCs from 200 trusted research blogs |
| HuntSQL™ | Out of beta, Download Large Datasets, New Documentation. Includes History. |
| Bulk Search Updates | See C2s, Open Directories and more! |
| Advanced Search | Flattened data for lots of pivots everywhere |
| Integrations | Cyware and OpenCTI C2 Feed Integrations |
Ready to dive in? Let's explore the details below.
Improved Web Interface
Hunt 2.0's revamped web interface streamlines navigation and enhances data analysis for a fast, intuitive user experience. Explore the key improvements below.
Consistent, Fast Performance
New: Redesigned both the front end and backend, focusing on delivering consistent performance.
Redesigned Dashboard
Intuitive Layout: The redesigned dashboard offers quick access to key metrics with a clean, modern layout.
Unified Searching: searching is now standardized across all sections of the portal, ensuring a seamless user experience.
Collapsible Navigation: Collapsible navigation to allow more room for research.
Enhanced Search Functionality
Easy Domain Searching: Hunt 1.0 was very IP centric; in Hunt 2.0, we are diversifying search to allow easy access to various types of IOCs. Domain names have now been incorporated to broaden search capabilities.
Better IP Association Interface
Simplified IP Management: Introducing a new interface to simplify and improve the association of IP addresses with related data.
Threat Actors Web Feature
New: A new interactive feature that allows filtering and accessibility of IOCs from threat actors. It collects IOCs from IOC Hunter-including IPs, SHA256 hashes, Domains, Countries, and Threat Group Motives-assembled from public research on 200 sources and validated by a human in the loop.
Comprehensive IP Visual History Launch
New: Launching a comprehensive visual history tool that displays the evolution and associations of IP addresses over time.
HuntSQL™
Powerful SQL Interface: Query and manage data directly within Hunt 2.0.
New Table (URLx): Added for extended data coverage.
Documentation: Comprehensive guides for using HuntSQL™.
Export Options: Download query results in CSV or JSON for easy sharing and offline analysis.
Bulk Extractor and Enricher
New: Direct integration from extraction to enrichment with enhanced workflows:
Updated IP enrichment
Historical Open Directories Enrichment
Historical Malware/C2 Enrichment
New: Added line number counts to improve traceability.
New: Extractor now supports extraction from unstructured text, including:
Public IPv4 addresses
Public IPv6 addresses
Apex Domains
Hostnames
SHA256 hashes
AttackCapture™ Updates
New: Preview functionality now allows previewing of any file, regardless of its extension, providing enhanced flexibility and accessibility for reviewing captured files.
API
Our latest version expands our suite of API endpoints, making it easier to integrate with external tools and workflows. These updates provide deeper data access, support advanced threat analysis, and include comprehensive documentation to help you get started quickly.
Expanded Endpoints
AttackCapture™ Endpoints:
List Attack Captures:
GEThttps://api.hunt.io/v1/attackcapture/
Get Open Directory host data by the host's URLOpen Directory Listing:
GEThttps://api.hunt.io/v1/attackcapture/listing
Get Open Directory listing data filtered by query parametersOpen Directory Listing Stats:
GEThttps://api.hunt.io/v1/attackcapture/listing/stats
Provides statistics for open directory listings.Download Open Directory File as a Password-Protected ZIP
GEThttps://api.hunt.io/v1/attackcapture/download-zip-file
Encrypts an S3 file with a password and streams it to the client as a ZIP file.
SQL Endpoints:
Execute an SQL query with pagination support
GEThttps://api.hunt.io/v1/sql
This endpoint allows users to execute SQL queries against the system.
C2 and IP Enrichment Endpoints:
Get List of Active C2 Servers
GEThttps://api.hunt.io/v1/c2s
Fetch the list of currently active C2 servers with basic metadata.Enrich IP
GEThttps://api.hunt.io/v1/enrich/ip/{ip}
Enrich IPv4 addresses with lots of data points with the latest stored values.Download C2 feed as gzip-compressed JSON
GEThttps://api.hunt.io/v1/feeds/c2
Download C2 Feed
Comprehensive Documentation
Updated API reference with code examples and use cases.
HuntSQL™ API Release
Endpoint: https://api.hunt.io/v1/sql - Accepts GET requests with SQL queries in a plain text format and returns results in JSON.
Support for executing advanced SQL queries remotely.
Fully documented API endpoints for SQL operations, with sample queries and responses.
For more details, see the Hunt SQL Documentation, SQL Search API Documentation and the SQL Search Reference.
Data Improvements
Hunt 2.0 refines data collection and processing to deliver more accurate and actionable threat intelligence. Key enhancements include:
New: Manual Submission of Open Directories for AttackCapture™.
New: SSL Insecure Cyphers now used by default to detect older devices and malware/C2s.
New: SSL parsing of certificates loosened up to get malformed/C2 malware certificates.
New: IOC Hunter human review added to the weekend.
New: C2 and Malware Pages - New pages featuring counts, direct filtering links, the latest news, and open directories that contain C2 or malware indicators.
Integrations
This release seamlessly connects with leading cyber intelligence platforms to enhance your workflows. Key integrations include:
Cyware
The Cyware integration allows automatic ingestion of Hunt 2.0's C2 feed into Cyware's platform. Built by Cyware, it ensures real-time access to C2 infrastructure data, helping security teams detect and respond to threats more effectively.
OpenCTI
To bring our intelligence data closer to the broader cybersecurity community, we have developed an OpenCTI connector for our C2 feed using the external import option. This integration allows OpenCTI users to seamlessly import our C2 threat intelligence into their platform, enabling automated ingestion of threat data via STIX format through our Hunt API.
This is just the beginning-while our initial release supports the C2 feed, we plan to extend support for additional intelligence feeds in future updates.
Ready to boost your threat hunting?
Hunt 2.0 brings deeper insights, better performance, and seamless integrations to enhance your cyber intelligence workflow. Whether you're tracking threat actors, analyzing infrastructure, or automating intelligence, this update gives you the tools to move faster and dig deeper.
Experience Hunt 2.0 today and elevate your threat hunting intelligence to the next level.
Driven by our commitment to empower security teams with the most advanced technology in threat hunting, we're proud to unveil Hunt 2.0.
This update delivers a modernized interface with enhanced performance, advanced IP visual tracking, and robust SQL and API capabilities that empower deeper threat analysis. This release also includes significant data improvements-including new threat actor, C2 and malware features-and streamlined integrations to bolster cyber intelligence and operational efficiency.
Here's a quick snapshot of what's new:
| Feature | What's New? |
|---|---|
| AttackCapture™ | Better Filtering, New Code Search, more data, better preview, API launched |
| IP Searching | Better Associations pre-computed so less dead ends |
| Threat Actors | First version launched with IOCs from 200 trusted research blogs |
| HuntSQL™ | Out of beta, Download Large Datasets, New Documentation. Includes History. |
| Bulk Search Updates | See C2s, Open Directories and more! |
| Advanced Search | Flattened data for lots of pivots everywhere |
| Integrations | Cyware and OpenCTI C2 Feed Integrations |
Ready to dive in? Let's explore the details below.
Improved Web Interface
Hunt 2.0's revamped web interface streamlines navigation and enhances data analysis for a fast, intuitive user experience. Explore the key improvements below.
Consistent, Fast Performance
New: Redesigned both the front end and backend, focusing on delivering consistent performance.
Redesigned Dashboard
Intuitive Layout: The redesigned dashboard offers quick access to key metrics with a clean, modern layout.
Unified Searching: searching is now standardized across all sections of the portal, ensuring a seamless user experience.
Collapsible Navigation: Collapsible navigation to allow more room for research.
Enhanced Search Functionality
Easy Domain Searching: Hunt 1.0 was very IP centric; in Hunt 2.0, we are diversifying search to allow easy access to various types of IOCs. Domain names have now been incorporated to broaden search capabilities.
Better IP Association Interface
Simplified IP Management: Introducing a new interface to simplify and improve the association of IP addresses with related data.
Threat Actors Web Feature
New: A new interactive feature that allows filtering and accessibility of IOCs from threat actors. It collects IOCs from IOC Hunter-including IPs, SHA256 hashes, Domains, Countries, and Threat Group Motives-assembled from public research on 200 sources and validated by a human in the loop.
Comprehensive IP Visual History Launch
New: Launching a comprehensive visual history tool that displays the evolution and associations of IP addresses over time.
HuntSQL™
Powerful SQL Interface: Query and manage data directly within Hunt 2.0.
New Table (URLx): Added for extended data coverage.
Documentation: Comprehensive guides for using HuntSQL™.
Export Options: Download query results in CSV or JSON for easy sharing and offline analysis.
Bulk Extractor and Enricher
New: Direct integration from extraction to enrichment with enhanced workflows:
Updated IP enrichment
Historical Open Directories Enrichment
Historical Malware/C2 Enrichment
New: Added line number counts to improve traceability.
New: Extractor now supports extraction from unstructured text, including:
Public IPv4 addresses
Public IPv6 addresses
Apex Domains
Hostnames
SHA256 hashes
AttackCapture™ Updates
New: Preview functionality now allows previewing of any file, regardless of its extension, providing enhanced flexibility and accessibility for reviewing captured files.
API
Our latest version expands our suite of API endpoints, making it easier to integrate with external tools and workflows. These updates provide deeper data access, support advanced threat analysis, and include comprehensive documentation to help you get started quickly.
Expanded Endpoints
AttackCapture™ Endpoints:
List Attack Captures:
GEThttps://api.hunt.io/v1/attackcapture/
Get Open Directory host data by the host's URLOpen Directory Listing:
GEThttps://api.hunt.io/v1/attackcapture/listing
Get Open Directory listing data filtered by query parametersOpen Directory Listing Stats:
GEThttps://api.hunt.io/v1/attackcapture/listing/stats
Provides statistics for open directory listings.Download Open Directory File as a Password-Protected ZIP
GEThttps://api.hunt.io/v1/attackcapture/download-zip-file
Encrypts an S3 file with a password and streams it to the client as a ZIP file.
SQL Endpoints:
Execute an SQL query with pagination support
GEThttps://api.hunt.io/v1/sql
This endpoint allows users to execute SQL queries against the system.
C2 and IP Enrichment Endpoints:
Get List of Active C2 Servers
GEThttps://api.hunt.io/v1/c2s
Fetch the list of currently active C2 servers with basic metadata.Enrich IP
GEThttps://api.hunt.io/v1/enrich/ip/{ip}
Enrich IPv4 addresses with lots of data points with the latest stored values.Download C2 feed as gzip-compressed JSON
GEThttps://api.hunt.io/v1/feeds/c2
Download C2 Feed
Comprehensive Documentation
Updated API reference with code examples and use cases.
HuntSQL™ API Release
Endpoint: https://api.hunt.io/v1/sql - Accepts GET requests with SQL queries in a plain text format and returns results in JSON.
Support for executing advanced SQL queries remotely.
Fully documented API endpoints for SQL operations, with sample queries and responses.
For more details, see the Hunt SQL Documentation, SQL Search API Documentation and the SQL Search Reference.
Data Improvements
Hunt 2.0 refines data collection and processing to deliver more accurate and actionable threat intelligence. Key enhancements include:
New: Manual Submission of Open Directories for AttackCapture™.
New: SSL Insecure Cyphers now used by default to detect older devices and malware/C2s.
New: SSL parsing of certificates loosened up to get malformed/C2 malware certificates.
New: IOC Hunter human review added to the weekend.
New: C2 and Malware Pages - New pages featuring counts, direct filtering links, the latest news, and open directories that contain C2 or malware indicators.
Integrations
This release seamlessly connects with leading cyber intelligence platforms to enhance your workflows. Key integrations include:
Cyware
The Cyware integration allows automatic ingestion of Hunt 2.0's C2 feed into Cyware's platform. Built by Cyware, it ensures real-time access to C2 infrastructure data, helping security teams detect and respond to threats more effectively.
OpenCTI
To bring our intelligence data closer to the broader cybersecurity community, we have developed an OpenCTI connector for our C2 feed using the external import option. This integration allows OpenCTI users to seamlessly import our C2 threat intelligence into their platform, enabling automated ingestion of threat data via STIX format through our Hunt API.
This is just the beginning-while our initial release supports the C2 feed, we plan to extend support for additional intelligence feeds in future updates.
Ready to boost your threat hunting?
Hunt 2.0 brings deeper insights, better performance, and seamless integrations to enhance your cyber intelligence workflow. Whether you're tracking threat actors, analyzing infrastructure, or automating intelligence, this update gives you the tools to move faster and dig deeper.
Experience Hunt 2.0 today and elevate your threat hunting intelligence to the next level.
Related Posts:
Discover how an open directory exposed a threat actor impersonating EFF to target gamers and how we mapped their infrastructure to Stealc & Pyramid C2.
Discover how an open directory exposed a threat actor impersonating EFF to target gamers and how we mapped their infrastructure to Stealc & Pyramid C2.
Discover Joker malware infrastructure with Hunt SSL History, mapping its C2 network through certificate tracking of recent and past activity.
Discover Joker malware infrastructure with Hunt SSL History, mapping its C2 network through certificate tracking of recent and past activity.
Uncover how Hunt’s TLS records reveal patterns in suspected KEYPLUG infrastructure, linking GhostWolf and RedGolf/APT41 to ongoing activity.
Uncover how Hunt’s TLS records reveal patterns in suspected KEYPLUG infrastructure, linking GhostWolf and RedGolf/APT41 to ongoing activity.
A new LightSpy server expands its attack scope, targeting Facebook and Instagram database files. Explore its evolving capabilities and infrastructure.
A new LightSpy server expands its attack scope, targeting Facebook and Instagram database files. Explore its evolving capabilities and infrastructure.
Discover how an open directory exposed a threat actor impersonating EFF to target gamers and how we mapped their infrastructure to Stealc & Pyramid C2.
Discover Joker malware infrastructure with Hunt SSL History, mapping its C2 network through certificate tracking of recent and past activity.
Threat Hunting Platform - Hunt.io
Products
Hunt Intelligence, Inc.
Threat Hunting Platform - Hunt.io
Products
Hunt Intelligence, Inc.
Threat Hunting Platform - Hunt.io
Products
Hunt Intelligence, Inc.