Change Log

Hunt Change Log

Q3 2024

Announcing Hunt SQL

Hunt is announcing the release of Hunt SQL for threat hunting and analysis. This is a new feature that allows researchers, analysts and threat hunters to query the extensive Hunt database using the power and flexibility of SQL.

This initial release of Hunt SQL will contain:

HTTP - Users can query first party HTTP data to identify threat actors and malicious activity.

Malware - Users can query the Hunt database of confirmed C2 servers and build detailed statistics on threat actor activity.

Certificates - Users can query first party certificate data, allowing users to track and identify malicious certificates.

HoneyPot - Users can query honeypot data and obtain detailed stats on internet scanning activity.

Open Directories - Users can query the Hunt database of past and present open directories. This helps discover malware, exploits and attack tooling.

Phishing - Query an extensive list of phishing sites to identify and track phishing kits and threat actor tooling.

Access to Hunt SQL can be obtained by signing up for a free demo.

Announcing Hunt APIs

Today Hunt is announcing our IP Enrichment API. You can get detailed data on every IPv4 Address and enrich any existing system.

Unlock the true potential of your IP addresses with our groundbreaking IP Enrichment API.
Steps to using the API:

Reach out to our team to get access for commercial (paid), demo or research purposes.

Create an API key.

Look at the IP Enrichment Guide.

Prototype with the IP Enrichment Reference.

Check it out and schedule a demo today.

Launching AttackCapture from Hunt.io

Today, to kick off our 1 year anniversary, we're launching an update and rethink to our Open Directory feature. It's been an amazing year with over 50,000,000 files processed from bad actors.

Full Code Search across attacker code

MITRE ATT&CK codes baked in everywhere

Editorial observations

Automatic extraction of attacker credentials and keys

Download files as a password protect zip

Open Directories for Attributed IOCs

Attack files by scan signature

Attack files by File Signature

More Files Sandboxed - automatically

Check it out and schedule a demo today.

Q1 2024

January

enhancement

Preview in Open Directory now works with uppercase extensions like .TXT by default

enhancement

IOC Hunter now has a human in the loop to ensure the data is top quality all the time

enhancement

Added open directory signature for W3ll phishing kit

New signatures

Ares, MuddyWater APT, Godzilla Loader, Ermac, Gh0st RAT, Kaiji, Neptune Loader, Noterce, Epsilon Stealer, Octopus, Winnti, Gozi

enhancement

Added 110 new tags to GitHub recon projects and exports to the Exposed Open Directories

Q4 2023

December

enhancement

Added lists of Hosts and IPs to IOC Hunter page

New signatures

JinxLoader, Axile Stealer

enhancement

Added 230 new tags to GitHub recon projects and exports to the Exposed Open Directories

November

enhancement

Added IOC Hunter post links in IOC Hunter box on Dashboard page

new feature

Added new IOC Hunter page

New signatures

Serpent Stealer, Godzilla Loader, PlugX C2 Profile, IcedID

enhancement

Added 415 new tags to GitHub recon projects and exports to the Exposed Open Directories

October

new feature

Possibility to download list of new certificates as JSON file on Feeds page (Commercial)

Possibility to Download certificate image

enhancement

On Dashboard page New C2 Online and New Open directories are shown in tabs

C2 online and New open directories image

enhancement

Added Date, Software found, Tags and Hosting Company filters on Open Directories Page

new feature

Implementation of 2FA

new feature

Added Settings page on Dashboard

Q3 2023

September

new feature

Added Settings page on Dashboard

new feature

Added Certificate page with new JA4X certificate info

new feature

Added new type for searching Open Directories on Advanced Search page

new feature

Added pagination on Open Directory Search and removed 250 records limit

New signatures

Unknown Android Malware, Easy Stealer

New signatures

Nessus VA, Unknown Android Malware, OWASP ZAP API

Nessus VA, Unknown Android Malware image

new feature

Created Recent C2 Discoveries Page

new feature

Added copy button for the IPs on Overview page

enhancement

Syntax highlighting on JSON output

August

BUG FIX

Fixed links on Cobalt Strike Filters page

enhancement

Added example links on Advanced Search

enhancement

Redirection to Dashboard page after login

enhancement

Added colors to the changelog items

BUG FIX

Improved search box on Advanced search

BUG FIX

HTTPS → HTTP redirection when “is_ssl”: false

New signatures

Acunetix, SuperShell, Responder, ChaosRat, RedWarden, RedGuard, Mystic, AZORult

BUG FIX

Improved Search by Actor in Sensors

new feature

Added Dashboard Page

new feature

Added System wide Stats on Dashboard Page

enhancement

Updated ASN data in our databases

enhancement

Updated lists of downloaded extensions in Open Directories to aide in investigations (added the following ASP.NET, PHP, C, C++ files)

enhancement

Added tagging of common tools from Exposed Open Directories and linked to GitHub (total number: 240)

July

enhancement

New data sources and signatures for Exposed Open Directories go identify more

enhancement

Make external links more obvious with this icon

enhancement

Added search by file name to Exposed Open Directory

new feature

Added tagging of common tools from Exposed Open Directories and linked to GitHub (total number: 230)

Added tagging of common tools from exposed open directories image

BUG FIX

Added TLS protocol check algorithm to fix misleading TLS data on IP search

Q2 2023

June

improved detections

Protocols for TLS, DNS, FTP, mySQL, pop3, rdp, and Redis

new detections

Protocols for OpenVPN, MS-NMF, netbios, mikroitk, and server exec

BUG FIX

Improved Siemens detection to exclude false positives

New signatures

Araneida, Vidar

enhancement

Open Directories

May

new feature

Added extract IP info to Bulk Search

enhancement

Added many ports for daily scanning cloud IPs

New signatures

Rengine, L3mon, Hak5, EvilGoPhish, Pupy, Hookbot, Daam, BianLian

April

new feature

Added OpenAI to determine actor intent of Open Directories

New signatures

Added initial tracker version of : Havoc, Silver, Amadey, AgentTesla, VShel, IntectSh, Meterpreter, DcRat, BYoB

Q1 2023

March

enhancement

Added Login Pages and Dark mode

New signatures

Titan Stealer, Orcus, Ursnif, Nexus, ImBetter, Opendir Malware, HightHawk

February

enhancement

Added Protocol fingerprinting and enriching API

New signatures

PixPirate, ARL, Viper, DarkComet, RapperBot, StealC

January

new feature

Added Open Directory search

New signatures

Bitrat, RisePro, Mars Stealer, Shadowpad, Dacls, Alienbot, Lumma, Misha, Cova, Nosu, Spy-Agent, SystemBC, Brute Ratel, Posh C2, GoPhish, Burp Suite, BeEf, Mirai, Hydra, Ramnit, Rhadamanthys, Deimos C2, SharkStealer, Emotet

Q4 2022

December

enhancement

Added Actor and VPN Info

new feature

Created Bulk Search

New signatures

mythic, Metasploit, Covenan, AsyncRAT, Raccoon, RedLine, Laplas, Aurora Stealer, Lokibot

November

New signatures

CobaltStike, qakbot, bumblebee

October

new feature

Created Search Pages

new feature

Created C2 Summary and Activity Pages

New signatures

Added Initial version of Cobalt Strike tracker

CONTENTS

Q3 2024

Q1 2024

Q4 2023

Q3 2023

Q2 2023

Q1 2023

Q4 2022

Hunt Intelligence, Inc.