Search Again
Hunters International
Summary of Actor:Hunters International is a sophisticated and organized cyber threat actor known for targeting various sectors across the globe. The group has been linked to numerous high-profile cyber espionage campaigns and cyber attacks. They utilize advanced tactics, techniques, and procedures (TTPs) to achieve their objectives.
General Features:Hunters International often employs a mix of custom and off-the-shelf malware, advanced social engineering tactics, and exploits for both zero-day and known vulnerabilities. The group is known for its persistent and adaptive methods, constantly evolving to bypass security measures.
Related Other Groups: Dark Hydra,Shadow Breach Collective
Indicators of Attack (IoA):
- Suspicious large data transfers
- Unusual login times
- Abnormal usage of administrative tools
- Deployment of custom malware
Recent Activities and Trends:
- Latest Campaigns : Recently, Hunters International has been linked to a series of attacks targeting the energy sector in Europe and the healthcare sector in North America. These campaigns often involve spear-phishing emails with malicious attachments and links.
- Emerging Trends : The group has shown a recent increase in the use of ransomware as a secondary stage of their attacks. Additionally, they've been observed leveraging supply chain attacks to infiltrate larger networks indirectly.
hive
Target Countries
Canada
Korea, Republic of
Germany
United Kingdom
Brazil
+3
Target Sectors
Manufacturing
Public Administration
Educational Services
Energy & Utilities
Automotive
+6
Associated Malware/Software
BlackSuit
Akira
anubis
cobalt_strike
emotet
+21
️Related CVEs
ATT&CK IDs:
T1140 - Deobfuscate/Decode Files or Information
T1102 - Web Service
T1553 - Subvert Trust Controls
T1071.001 - Web Protocols
T1530 - Data from Cloud Storage Object
+64
| Tactic | Id | Technique | |||
|---|---|---|---|---|---|
| Collection | T1530 | Data from Cloud Storage |
Sub Techniques |
Detections |
Mitigations |
| Collection | T1005 | Data from Local System |
Sub Techniques |
Detections |
Mitigations |
| Command And Control | T1102 | Web Service |
Sub Techniques |
Detections |
Mitigations |
| Command And Control | T1573 | Encrypted Channel |
Sub Techniques |
Detections |
Mitigations |
| Command And Control | T1105 | Ingress Tool Transfer |
Sub Techniques |
Detections |
Mitigations |
| Command And Control | T1090 | Proxy |
Sub Techniques |
Detections |
Mitigations |
| Command And Control | T1071 | Application Layer Protocol |
Sub Techniques |
Detections |
Mitigations |
| Credential Access | T1110 | Brute Force |
Sub Techniques |
Detections |
Mitigations |
| Credential Access | T1003 | OS Credential Dumping |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1218 | System Binary Proxy Execution |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1134 | Access Token Manipulation |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1078 | Valid Accounts |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1553 | Subvert Trust Controls |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1574 | Hijack Execution Flow |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1140 | Deobfuscate/Decode Files or Information |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1070 | Indicator Removal |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1497 | Virtualization/Sandbox Evasion |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1112 | Modify Registry |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1055 | Process Injection |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1562 | Impair Defenses |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1036 | Masquerading |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1027 | Obfuscated Files or Information |
Sub Techniques |
Detections |
Mitigations |
| Defense Evasion | T1480 | Execution Guardrails |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1087 | Account Discovery |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1083 | File and Directory Discovery |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1057 | Process Discovery |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1046 | Network Service Discovery |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1497 | Virtualization/Sandbox Evasion |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1135 | Network Share Discovery |
Sub Techniques |
Detections |
Mitigations |
| Discovery | T1016 | System Network Configuration Discovery |
Sub Techniques |
Detections |
Mitigations |
| Execution | T1204 | User Execution |
Sub Techniques |
Detections |
Mitigations |
| Execution | T1053 | Scheduled Task/Job |
Sub Techniques |
Detections |
Mitigations |
| Execution | T1569 | System Services |
Sub Techniques |
Detections |
Mitigations |
| Execution | T1203 | Exploitation for Client Execution |
Sub Techniques |
Detections |
Mitigations |
| Execution | T1059 | Command and Scripting Interpreter |
Sub Techniques |
Detections |
Mitigations |
| Impact | T1490 | Inhibit System Recovery |
Sub Techniques |
Detections |
Mitigations |
| Impact | T1486 | Data Encrypted for Impact |
Sub Techniques |
Detections |
Mitigations |
| Initial Access | T1078 | Valid Accounts |
Sub Techniques |
Detections |
Mitigations |
| Initial Access | T1190 | Exploit Public-Facing Application |
Sub Techniques |
Detections |
Mitigations |
| Initial Access | T1566 | Phishing |
Sub Techniques |
Detections |
Mitigations |
| Lateral Movement | T1210 | Exploitation of Remote Services |
Sub Techniques |
Detections |
Mitigations |
| Lateral Movement | T1021 | Remote Services |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1078 | Valid Accounts |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1053 | Scheduled Task/Job |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1574 | Hijack Execution Flow |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1543 | Create or Modify System Process |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1505 | Server Software Component |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1136 | Create Account |
Sub Techniques |
Detections |
Mitigations |
| Persistence | T1547 | Boot or Logon Autostart Execution |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1134 | Access Token Manipulation |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1078 | Valid Accounts |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1053 | Scheduled Task/Job |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1574 | Hijack Execution Flow |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1543 | Create or Modify System Process |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1055 | Process Injection |
Sub Techniques |
Detections |
Mitigations |
| Privilege Escalation | T1547 | Boot or Logon Autostart Execution |
Sub Techniques |
Detections |
Mitigations |
| Reconnaissance | T1598 | Phishing for Information |
Sub Techniques |
Detections |
Mitigations |
| Reconnaissance | T1593 | Search Open Websites/Domains |
Sub Techniques |
Detections |
Mitigations |
| Resource Development | T1587 | Develop Capabilities |
Sub Techniques |
Detections |
Mitigations |
Copyright © 2025 SOCRadar Cyber Intelligence Inc.
All rights
reserved.
