Introducing Hunt 2.6:
IP Risk & Reputation, Smarter IOC Hunting, and Faster Integrations

Hunt 2.6 brings powerful updates designed to give security teams deeper visibility and faster insights. From a brand-new IP Risk & Reputation view to enhanced API and IOC Hunter capabilities, this release makes every investigation sharper and more efficient.

These updates make it easier for threat hunters to move from discovery to insight in fewer clicks.

Here's a quick snapshot of what's new:

Below is a closer look at some of the most impactful improvements in Hunt 2.6.

General Updates

• IP Risk & Reputation: added a new section displaying risk and reputation details, including Scanned C2, News Articles, TOR Nodes, VPN detections, Malicious Open Directories, and related IOCs from external sources.

• Layout Improvements: modals now close with click or Escape; phishing screenshots repositioned for better visuals.

• Domain Listing Page: added rank explanation; history link now visible when no current services are found.

• IOC Hunter: titles are now shorter and more descriptive; added hundreds of new sources, including content from X (formerly Twitter).

• OpenCTI 1.1 integration update: more efficient and faster.

• Numerous IP Search enhancements: including PTR record visibility under hostnames for clearer context. PTR records now display directly on the IP details page beneath the hostname.

• New C2 Additions: we expanded our C2 dataset with several newly identified infrastructures, including GobRat, Myth Stealer, Clay Rat, ZeroTrace C2, Raptor RAT, OHM Android RAT, Burp Suite, UltraVNC, Odyssey, Lazarus, Adaptix C2, Starkiller, Nemo C2, Latrodectus, Bofamet, and ValleyRat - all now available for investigation across our platform.

• HuntSQL™ LIMIT and OFFSET improvements: improved handling for better query performance and accuracy.

• ASN Page: redesigned with a cleaner layout and simplified structure for easier browsing of ASN type, number of IPv4 addresses, IP ranges, and related company data.

New Pivots

• We've added five new data pivots: now available in the IP information view under the Pivots tab for faster exploration and advanced SQL-based searches. These include:

  • Normalized Headers (Murmur3)

  • HTML body (SHA256)

  • Unique, Normalized Headers (Murmur3)

  • Alphabetically Sorted Headers (Murmur3)

  • Redacted Headers (SHA256)

API Updates

• API SQL Downloads: added official support for downloading query results directly through the API. Users can now export data using the new /v1/sql/download endpoint and specify their preferred format - CSV, JSON, or NDJSON - by adding the &file_type= parameter.

• API PIOC Handling: now aligned with our improved backend; IOC and PIOC counts are now deduplicated and accurate.

AttackCapture™ Improvements

• AI Text File Analysis: now displays the correct filename in all cases (previously used the first SHA256 seen with that filename).

• Time Range Filter: fixed an issue where "Last 30 days" returned no results; all ranges now work correctly.

Bug Fixes

• HuntSQL™ Schema Copy: fixed an issue where HuntSQL™ schema copying occasionally failed.

• UI and Logos: fixed missing China Telecom logo and several display inconsistencies.

• C2 Listing Editing: refined confidence_score handling for malware info retrieval.

• Dashboard: fixed minor pagination and display issues.

As always, if you run into any issues or have ideas for what we should tackle next, reach out. We're building Hunt.io alongside real threat hunters; every update is shaped by your feedback and daily investigations.