New Features
Deep Text File Analysis: AttackCapture™ now includes one-click file summaries that auto-tag exploits, tooling, and intent.
IOC Feed API Upgrade: Added malware_name and description fields to enrich IOCs natively.
Platform + UI Improvements
New Subdirectory Stats in AttackCapture™: See total subdirs, file counts, and sizes at a glance.
AttackCapture™ File Type Stats: Visual breakdown of captured file extensions and sizes.
New Bulk Extractor Design: Malware rows now highlighted in red, sortable IP columns added.
Unified History Tab: IP view now consolidates timeline, SSL, SSH, ports, and JARM in one place.
New Certificate Details Page: Clean layout with pivot links for JA4X and fingerprints.
Platform Stats: Now includes real-time breakdown of certificates, ports, HTTP, SSH, and more.
Threat Intelligence Enhancements
Expanded Threat Actor Dataset: We’ve added significantly more threat actors and extended metadata across profiles.
New Filters: Search by adversary name, incident type (ransomware, espionage), or victim sector.
Data + Schema
Open Directory Filenames Dataset: Track exposed files missed by download, with metadata and URLs.
Improved HuntSQL™ Navigation: Schemas now grouped by type (Malware, SSH, HTTP, etc.).
Updated SQL Docs: More examples, pivot tips, regex filters, and advanced queries.
Integrations
Cyware Integration: IOC Hunter feed is now supported without extra config.
Bug Fixes
Fixed session timeout issue affecting some users.
Fixed protocol mismatch bug impacting approximately 400,000 collections per day (“plain HTTP sent to HTTPS port”).
👉 Read the full blog post for more.
We’ve launched two key upgrades to enhance threat detection and attribution: the new IOC Hunter Feed and added threat actor metadata in the C2 Feed.
IOC Hunter Feed
This feed collects IOCs from public research and adds valuable context like:
Source info (title, date, URL)
Threat actor attribution (name, aliases, country)
Related indicators (IPs, hostnames, file hashes)
It provides a reliable, enriched stream of IOCs for faster analysis.
Attribution in the C2 Feed
Our C2 Feed now includes optional metadata connecting infrastructure to known actors and malware, based on matches from the IOC Hunter dataset.
Each entry includes:
Actor names, campaigns, origin
IPs, hostnames, malware, confidence scores
How to Access
Both feeds are available via the Hunt.io API in compressed JSON.
Why It Matters
Moving from raw indicators to identifying threat actors helps teams prioritize and respond with greater clarity.
👉 Read the full blog post for more.
Hunt 2.0 introduces a more powerful platform for threat analysis, improved data access, and a modernized interface designed to enhance security operations. This update includes a refined UI, advanced IP visualization, expanded HuntSQL™ and API features, and new integrations with Cyware and OpenCTI.
Improved Web Interface
The updated web interface offers a more intuitive design, optimizing navigation and data analysis for a seamless user experience.
Redesigned dashboard – Faster, more intuitive, and now supports collapsible navigation.
Enhanced search functionality – Expanded support for domains and IP associations.
Threat Actors Feature – Interactive IOC filtering from public research, validated by analysts.
IP Visual History – New tool to track IP relationships over time.
HuntSQL™ Enhancements
New URLx table for extended dataset queries.
Export options: CSV, JSON for offline analysis.
Updated documentation and sample queries.
AttackCapture™ Updates
New preview functionality – View any file type before downloading.
Expanded data collection – More sandboxed files for deeper analysis.
API Upgrades
The latest API enhancements provide deeper data access, streamline integrations with external tools, and include detailed documentation to simplify implementation.
AttackCapture™ API – Retrieve Open Directory data, listings, and statistics.
SQL API – Execute SQL queries remotely and fetch large datasets.
C2 & IP Enrichment APIs – Fetch active C2 servers, enrich IPs with detailed metadata, and download feeds in compressed JSON format.
Data Improvements
Hunt 2.0 improves data collection and processing, delivering more precise and actionable threat intelligence.
Key enhancements include:
Manual submission of Open Directories for AttackCapture™.
Enhanced SSL parsing for detecting malware-related certificates.
New C2 and malware pages with real-time filtering, news, and IOC insights.
New Integrations
New integrations with top cyber intelligence platforms ensure smoother workflows and enhanced operational efficiency.
Key integrations include:
Cyware Integration – Automatic ingestion of Hunt’s C2 feed for real-time threat detection.
OpenCTI Connector – Import Hunt’s C2 intelligence into OpenCTI via STIX format, with plans to expand feed support.
Experience Hunt 2.0 today and take your threat hunting to the next level.
Hunt is announcing the release of Hunt SQL for threat hunting and analysis. This is a new feature that allows researchers, analysts and threat hunters to query the extensive Hunt database using the power and flexibility of SQL.
This initial release of Hunt SQL will contain:
HTTP - Users can query first party HTTP data to identify threat actors and malicious activity.
Malware - Users can query the Hunt database of confirmed C2 servers and build detailed statistics on threat actor activity.
Certificates - Users can query first party certificate data, allowing users to track and identify malicious certificates.
HoneyPot - Users can query honeypot data and obtain detailed stats on internet scanning activity.
Open Directories - Users can query the Hunt database of past and present open directories. This helps discover malware, exploits and attack tooling.
Phishing - Query an extensive list of phishing sites to identify and track phishing kits and threat actor tooling.
Access to Hunt SQL can be obtained by signing up for a free demo.
Today Hunt is announcing our IP Enrichment API. You can get detailed data on every IPv4 Address and enrich any existing system.
Unlock the true potential of your IP addresses with our groundbreaking IP Enrichment API.
Steps to using the API:
Reach out to our team to get access for commercial (paid), demo or research purposes.
Create an API key.
Look at the IP Enrichment Guide.
Prototype with the IP Enrichment Reference.
Check it out and schedule a demo today.
Today, to kick off our 1 year anniversary, we're launching an update and rethink to our Open Directory feature. It's been an amazing year with over 50,000,000 files processed from bad actors.
Full Code Search across attacker code
MITRE ATT&CK codes baked in everywhere
Editorial observations
Automatic extraction of attacker credentials and keys
Download files as a password protect zip
Open Directories for Attributed IOCs
Attack files by scan signature
Attack files by File Signature
More Files Sandboxed - automatically
Check it out and schedule a demo today.
January
enhancement
enhancement
enhancement
New signatures
enhancement
December
enhancement
New signatures
enhancement
November
enhancement
new feature
New signatures
enhancement
October
new feature
enhancement
enhancement
new feature
new feature
September
new feature
new feature
new feature
new feature
New signatures
New signatures
new feature
new feature
enhancement
August
BUG FIX
enhancement
enhancement
enhancement
BUG FIX
BUG FIX
New signatures
BUG FIX
new feature
new feature
enhancement
enhancement
enhancement
July
enhancement
enhancement
enhancement
new feature
BUG FIX
June
improved detections
new detections
BUG FIX
New signatures
enhancement
May
new feature
enhancement
New signatures
April
new feature
New signatures
March
enhancement
New signatures
February
enhancement
New signatures
January
new feature
New signatures
December
enhancement
new feature
New signatures
November
New signatures
October
new feature
new feature
New signatures
