Hunters

Malware updated 14 days ago (2024-10-17T12:04:02.669Z)
Download STIX
Preview STIX
Malware hunters, also known as bug hunters, are cybersecurity professionals who search for vulnerabilities in systems that can be exploited by malicious software (malware). In 2023, at the Pwn2Own Toronto event, these experts earned a total of $1,038,250 for identifying 58 unique zero-day vulnerabilities. These findings have crucial importance in preventing malware attacks, including those from ransomware strains like LockBit, Play, RansomHub, Cactus, Akira, Hunters, and BlackBasta. Trend, a leading entity in AI innovation since 2005, has been instrumental in providing tools that enhance the operations of security operation center (SOC) analysts and threat hunters, thereby improving their risk response capabilities. However, despite these preventive measures, hacktivist groups such as Anonymous Venezuela and Cyber Hunters launched attacks against the Venezuelan government following contested presidential elections on July 28th, 2024. This shows that cyber threats continue to evolve and adapt, requiring constant vigilance and advancement in defensive measures. Hunters International, a group linked to Russia, is one such evolving threat. They use SharpRhino malware to gain control over targeted systems and launch sophisticated ransomware attacks for financial gain. The group uses an installer system that modifies registry keys and establishes directories facilitating multiple channels to their command and control (C2) system. Like many other ransomware operators, Hunters International exfiltrates data before encrypting files, altering file extensions to .locked, and leaving a README message with payment instructions on the Tor network. The group acquired the malware from its original owners who disbanded after international law enforcement intervened.
Description last updated: 2024-10-17T11:45:36.547Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Zero Day
Ransom
Exploit
Vulnerability
Facebook
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Hive Malware is associated with Hunters. Hive is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It often enters undetected through dubious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. In one notable incident, an entiUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Hunters International Threat Actor is associated with Hunters. Hunters International, an active threat actor group since October of the previous year, has been identified as a significant cybersecurity concern. The group has taken over and rebranded the Hive ransomware, despite their disputes about this association. This development followed the disbandment of Unspecified
2
The Hive Ransomware Threat Actor is associated with Hunters. Hive ransomware, a prominent threat actor active in 2022, was known for its widespread malicious activities in numerous countries, including the US. The group's modus operandi involved the use of SharpRhino, which upon execution, established persistence and provided remote access to the attackers, eUnspecified
2
Source Document References
Information about the Hunters Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
4 months ago
Securityaffairs
4 months ago
BankInfoSecurity
4 months ago
InfoSecurity-magazine
2 months ago
Trend Micro
2 months ago
Checkpoint
2 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
DARKReading
3 months ago
CERT-EU
9 months ago
CERT-EU
8 months ago
CERT-EU
8 months ago
CERT-EU
7 months ago
MITRE
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
8 months ago