Blog

Threat Hunting Blog

Threat Hunting Blog

Threat Hunting Blog

Check out our latest threat hunting articles, tips and stories

Check out our latest threat hunting articles, tips and stories

Check out our latest threat hunting articles, tips and stories

SmokeLoader Malware Targets Ukraine’s Auto & Banking Sectors via Open Directories
Feb 6, 2025

Attackers used open directories to spread SmokeLoader malware, luring Ukraine’s auto and banking sectors. Explore findings, execution, and tactics.

GreenSpot APT Targets 163.com Users with Fake Download Pages & Spoofed Domains
Feb 4, 2025

GreenSpot APT targets 163.com users via fake download pages and domain spoofing. Learn their tactics, risks, and how to protect your email accounts.

Unlock SSL Intelligence: How SSL History Boosts Threat Hunting
Jan 30, 2025

Explore how SSL intelligence and SSL history empower proactive threat hunting. Learn tools, real-world examples, and strategies to track cyber threats.

Unmasking SparkRAT: Detection & macOS Campaign Insights
Jan 28, 2025

Explore SparkRAT detection tactics, macOS targeting, and insights into recent DPRK-linked campaigns with actionable research findings.

Suspected KEYPLUG Infrastructure: TLS Certificates and GhostWolf Links
Jan 23, 2025

Uncover how Hunt’s TLS records reveal patterns in suspected KEYPLUG infrastructure, linking GhostWolf and RedGolf/APT41 to ongoing activity.

VS Code Extension Impersonating Zoom Targets Google Chrome Cookies
Jan 21, 2025

Uncover a deceptive VS Code extension, masquerading as Zoom, that pilfers your Google Chrome cookies. Join us as we expose the techniques behind this alarming supply chain campaign.

‘JustJoin’ Landing Page Linked to Suspected DPRK Activity Resurfaces
Jan 14, 2025

Learn how a landing page mimicking “JustJoin,” tied to suspected DPRK cyber activity, has reappeared with new infrastructure linked through SSH key overlaps.

Cyberhaven Extension Compromise: TLS Certificates Reveal Hidden Infrastructure
Jan 9, 2025

Read more about connections through a TLS certificate linking reported and unreported infrastructure tied to the Cyberhaven extension compromise.

Golang Beacons and VS Code Tunnels: Tracking a Cobalt Strike Server Leveraging Trusted Infrastructure
Jan 7, 2025

Learn how a Cobalt Strike server with a TLS certificate and prominent watermark showed a Golang-compiled beacon communicating with Visual Studio Code tunnels.

1

of

9

Next

SmokeLoader Malware Targets Ukraine’s Auto & Banking Sectors via Open Directories
Feb 6, 2025

Attackers used open directories to spread SmokeLoader malware, luring Ukraine’s auto and banking sectors. Explore findings, execution, and tactics.

GreenSpot APT Targets 163.com Users with Fake Download Pages & Spoofed Domains
Feb 4, 2025

GreenSpot APT targets 163.com users via fake download pages and domain spoofing. Learn their tactics, risks, and how to protect your email accounts.

Unlock SSL Intelligence: How SSL History Boosts Threat Hunting
Jan 30, 2025

Explore how SSL intelligence and SSL history empower proactive threat hunting. Learn tools, real-world examples, and strategies to track cyber threats.

Unmasking SparkRAT: Detection & macOS Campaign Insights
Jan 28, 2025

Explore SparkRAT detection tactics, macOS targeting, and insights into recent DPRK-linked campaigns with actionable research findings.

Suspected KEYPLUG Infrastructure: TLS Certificates and GhostWolf Links
Jan 23, 2025

Uncover how Hunt’s TLS records reveal patterns in suspected KEYPLUG infrastructure, linking GhostWolf and RedGolf/APT41 to ongoing activity.

VS Code Extension Impersonating Zoom Targets Google Chrome Cookies
Jan 21, 2025

Uncover a deceptive VS Code extension, masquerading as Zoom, that pilfers your Google Chrome cookies. Join us as we expose the techniques behind this alarming supply chain campaign.

1

of

13

Next

SmokeLoader Malware Targets Ukraine’s Auto & Banking Sectors via Open Directories
Feb 6, 2025

Attackers used open directories to spread SmokeLoader malware, luring Ukraine’s auto and banking sectors. Explore findings, execution, and tactics.

GreenSpot APT Targets 163.com Users with Fake Download Pages & Spoofed Domains
Feb 4, 2025

GreenSpot APT targets 163.com users via fake download pages and domain spoofing. Learn their tactics, risks, and how to protect your email accounts.

Unlock SSL Intelligence: How SSL History Boosts Threat Hunting
Jan 30, 2025

Explore how SSL intelligence and SSL history empower proactive threat hunting. Learn tools, real-world examples, and strategies to track cyber threats.

Unmasking SparkRAT: Detection & macOS Campaign Insights
Jan 28, 2025

Explore SparkRAT detection tactics, macOS targeting, and insights into recent DPRK-linked campaigns with actionable research findings.

1

of

19

Next