A Practical Guide to Uncovering Malicious Infrastructure With Hunt.io

March 26, 2025, 1:20 p.m.

Description

This guide demonstrates how to use Hunt.io to investigate and track malicious infrastructure. Starting with a single suspicious IP address, the process involves analyzing hosting providers, domain information, open ports, HTTP responses, and TLS certificates. The investigation reveals connections to potential cryptocurrency fraud and malware operations. By leveraging Hunt's scan data and SQL queries, a small cluster of related servers is identified, possibly linked to Latrodectus malware. The guide emphasizes the importance of persistence, pattern recognition, and correlating data from multiple intelligence sources to effectively track threat actor operations.

External References

https://hunt.io/blog/practical-guide-unconvering-malicious-infrastructure
https://otx.alienvault.com/pulse/67e342d7a17ba37eb960497a
Tags
latrodectus
malicious infrastructure
osint
tls certificates
threat hunting
2025-03-25
latrodectus malware
sql queries
hunt.io
network scanning
cryptocurrency fraud

Date

  • Created: March 25, 2025, 11:57 p.m.
  • Published: March 25, 2025, 11:57 p.m.
  • Modified: March 26, 2025, 1:20 p.m.

Attack Patterns

  • Latrodectus