Hunters

Malware updated 10 months ago (2024-11-29T14:45:20.861Z)

Download STIX

Preview STIX

Malware hunters, often referred to as bug hunters, play a critical role in cybersecurity by identifying and addressing vulnerabilities in software systems. In 2023, these professionals proved their worth at the Pwn2Own Toronto event where they identified 58 unique zero-day vulnerabilities, earning a total of $1,038,250 for their efforts. These specialists leverage a range of tools and technologies, including a framework designed to help them test software for potential flaws through a human-like workflow. This includes a code browser, debugger, reporter tool, and sandbox environment for running Python scripts and recording output. Artificial Intelligence (AI) is increasingly being integrated into the work of malware hunters to enhance threat identification and analysis. Google's team of zero-day hunters, for instance, have noted that AI can lead to improved automated threat identification and detect vulnerabilities that current tools may miss. Trend, a company at the forefront of AI innovation since 2005, has been empowering security operations center (SOC) analysts and threat hunters with technologies that streamline their operations and bolster risk response. Various malware types, including Hunters, have posed significant threats to digital security. Following the contested presidential elections in Venezuela on July 28th, 2024, hacktivist groups including Anonymous Venezuela and Cyber Hunters executed attacks against the Venezuelan government. Furthermore, SharpRhino, an attack tool used by Hunters International, aims to gain persistence and control over targeted systems to launch sophisticated ransomware attacks for financial gain. This group targets opportunistically, without prioritizing any specific sector or region.

Description last updated: 2024-11-05T22:01:59.279Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Extortion

Malware

Facebook

Exploit

Vulnerability

Ransom

Sandbox

Linux

Google

Encryption

Zero Day

Cybercrime

Crowdstrike

Data Leak

Tool

RaaS

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Hive Malware is associated with Hunters. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostag	Unspecified	4

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Lapsus Threat Actor is associated with Hunters. Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor	Unspecified	5
The Hunters International Threat Actor is associated with Hunters. Hunters International, an active threat actor group since October of the previous year, has been identified as a significant cybersecurity concern. The group has taken over and rebranded the Hive ransomware, despite their disputes about this association. This development followed the disbandment of	Unspecified	4
The Hive Ransomware Threat Actor is associated with Hunters. Hive ransomware, a prominent threat actor active in 2022, was known for its widespread malicious activities in numerous countries, including the US. The group's modus operandi involved the use of SharpRhino, which upon execution, established persistence and provided remote access to the attackers, e	Unspecified	3
The Scattered Spider Threat Actor is associated with Hunters. Scattered Spider, also known as Octo Tempest, 0ktapus, and UNC3944, is a notorious threat actor group involved in major data extortion campaigns. This cybercriminal group has been associated with high-profile attacks on organizations like Caesars Entertainment and MGM, often in collaboration with th	Unspecified	2
The Shinyhunters Threat Actor is associated with Hunters. ShinyHunters, a notorious threat actor group, has been involved in several significant data breaches, posing a serious cybersecurity concern for businesses worldwide. The group is known for its malicious activities targeting corporate entities, with the intent of stealing proprietary information. Be	Unspecified	2

Source Document References

Information about the Hunters Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	3 days ago	Jaguar Land Rover discloses a data breach after recent cyberattack
Unit42	4 days ago	Data Is the New Diamond: Latest Moves by Hackers and Defenders
Recorded Future	4 days ago	Why Manual Cyber Operations Can Create Dangerous Gaps
InfoSecurity-magazine	10 days ago	Scattered Spider-Linked Group Claims JLR Cyber-Attack
Krebs on Security	12 days ago	The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
Securityaffairs	25 days ago	Exploit weaponizes SAP NetWeaver bugs for full system compromise
Flashpoint	a month ago	Scattered Spider: A Threat Profile
CrowdStrike	a month ago	CrowdStrike 2025 Threat Hunting Report: AI Becomes a Weapon and a Target
Unit42	2 months ago	Fix the Click: Preventing the ClickFix Attack Vector
Securityaffairs	2 months ago	Hunters International ransomware gang shuts down and offers free decryption keys to all victims
InfoSecurity-magazine	2 months ago	Hunters International Ransomware Is Not Shutting Down, It’s Rebranding
Malwarebytes	2 months ago	AT&T to pay compensation to data breach victims. Here's how to check if you were affected
Flashpoint	3 months ago	5,100 Flashpoint Known Exploited Vulnerabilities (KEV): Another Major Milestone for VulnDB
Unit42	3 months ago	The Evolution of Linux Binaries in Targeted Cloud Operations
Securelist	3 months ago	How to find container-based threats in host-based logs
Securityaffairs	4 months ago	Pwn2Own Berlin 2025 Day Two: researcher earned 150K hacking VMware ESXi
CrowdStrike	5 months ago	CrowdStrike Advances Next-Gen SIEM with AI-Driven UEBA, Case Management
Securityaffairs	5 months ago	Android spyware hidden in mapping software targets Russian soldiers
ESET	5 months ago	Facebook exploit allowed attackers to remotely delete photos
Unit42	5 months ago	Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon