Tag: threat hunting

7 Attack Reports | 0 Vulnerabilities

Attack reports

Threat Hunting on potential APT35 Servers

The article discusses the discovery of two servers sharing similarities with those reported by Check Point on APT35, an Iranian threat group. The servers are active and resolve multiple domains used for phishing purposes. The analysis focuses on the HTML page displayed on some domains, which contai…
phishing
typosquatting
threat hunting
infrastructure tracking
2025-09-27
iranian apt
video conferencing
Published: September 27, 2025
Downloadable IOCs: 0

Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware

This research explores the challenges posed by LLM-enabled malware, which can generate malicious logic at runtime. The study identifies characteristics of such malware, including embedded API keys and specific prompt structures. Notable cases like PromptLock and APT28's LameHug are examined. The re…
threat hunting
lamehug
promptlock
2025-09-25
rkor
llm-enabled malware
offensive tools
api keys
malterminal
prompts
Published: September 25, 2025
Downloadable IOCs: 39

Actionable threat hunting with Threat Intelligence (I) - Hunting malicious desktop files

This analysis explores the detection of malicious .desktop files used by threat actors to infect Linux systems. It explains the structure of these files and how they are manipulated to obfuscate malicious content. The report details the execution process of these files, which often involve opening …
linux
obfuscation
pdf
threat hunting
google drive
2025-05-16
xfce
desktop files
kde
google threat intelligence
gnome
Published: May 16, 2025
Downloadable IOCs: 3

Proactive ClickFix Threat Hunting with Hunt.io

ClickFix is a browser-based delivery technique that uses deceptive prompts and clipboard hijacking to trick users into executing malicious commands. Cybercriminals and advanced actors employ this method to deploy malware, primarily information stealers. The technique involves luring users with fake…
powershell
cryptbot
lumma stealer
credential theft
clickfix
captcha
information stealers
malware delivery
threat hunting
browser-based attacks
2025-04-04
clipboard hijacking
Published: April 4, 2025
Downloadable IOCs: 0

A Practical Guide to Uncovering Malicious Infrastructure With Hunt.io

This guide demonstrates how to use Hunt.io to investigate and track malicious infrastructure. Starting with a single suspicious IP address, the process involves analyzing hosting providers, domain information, open ports, HTTP responses, and TLS certificates. The investigation reveals connections t…
latrodectus
malicious infrastructure
osint
tls certificates
threat hunting
2025-03-25
latrodectus malware
sql queries
hunt.io
network scanning
cryptocurrency fraud
Published: March 25, 2025
Downloadable IOCs: 0

One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks

The report discusses an automated approach using graph neural networks to proactively detect malicious infrastructure employed by threat actors in cyber attacks based on known indicators. It examines the relationships between different types of indicators, such as co-hosted domains, malware deliver…
phishing
carbanak
anunak
automation
threat hunting
2025-01-14
automated detection
aranuk
domain analysis
graph neural networks
web skimming
infrastructure discovery
2025-01-21
skimmer
malicious domains
aranuk/carbanak
Published: January 21, 2025
Downloadable IOCs: 103

Malicious PyPI crypto pay package aiocpa implants infostealer code

ReversingLabs detected a malicious package named 'aiocpa' on PyPI, engineered to compromise cryptocurrency wallets. Unlike typical attacks, the actors published their own crypto client tool to attract users before compromising them through a malicious update. The package appeared legitimate, with m…
obfuscation
infostealer
cryptocurrency
pypi
machine learning
software supply chain
2024-11-29
threat hunting
Published: November 29, 2024
Downloadable IOCs: 0
Click here to see more Attack Reports