Threat Hunting | Intel 471 Skip to content

Threat Hunting

Hero background fallback
Threat hunting case study: DragonForce
Threat Hunting// Jun 10, 2025

Threat hunting case study: DragonForce

After compromising a system, attackers seek ways to maintain persistence. Here's how to threat hunt for a common persistence method used by attackers including DragonForce.

Threat hunting case study: Medusa ransomware
Security Operations// May 14, 2025

Threat hunting case study: Medusa ransomware

The Medusa gang is one of the most active ransomware-as-a-service groups. Here's how to threat hunt for a User Account Control bypass, one of the tactics, techniques and procedures this group and its affiliates use.

Understanding and threat hunting for RMM software misuse
Security Operations// Apr 15, 2025

Understanding and threat hunting for RMM software misuse

Remote monitoring and management software is useful for administrators and threat actors, who often abuse or install it. Here's a briefing on RMM platform misuse and guidance for how to threat hunt for misbehavior.

Threat-hunting case study: Windows Management Instrumentation abuse
Threat Hunting// Apr 09, 2025

Threat-hunting case study: Windows Management Instrumentation abuse

Attackers often use Windows Management Instrumentation (WMI) for reconnaissance to map networks. This case study describes how to threat hunt for malicious use of WMI, which is also used legitimately by administrators.

Six Key Takeaways From the SANS 2025 Threat Hunting Survey
Threat Hunting// Mar 26, 2025

Six Key Takeaways From the SANS 2025 Threat Hunting Survey

SANS 2025 Threat Hunting Survey shines the light on why behavioral threat hunting can do what AI and IOC-hunts can’t do alone. 

Threat hunting case study: RMM software
Threat Hunting// Mar 18, 2025

Threat hunting case study: RMM software

Attackers hijack or install their own remote monitoring and management software to penetrate deeper into organizations. This activity, however, can be detected using threat hunts based on threat intelligence.

Threat hunting case study: SocGholish
Cybercriminals// Malicious Actors// Feb 13, 2025

Threat hunting case study: SocGholish

SocGholish is a malware campaign that spreads via hacked web pages. This is a guide for how to detect infections by searching in SIEMs and logging systems for attacker behaviors.

Threat hunting case study: PsExec
Threat Hunting// Jan 21, 2025

Threat hunting case study: PsExec

PsExec, a command-line utility used for remotely managing Windows computers, is often abused by threat actors. Here's how to threat hunt for suspicious PsExec activity.

Bring Your Own Hunts to HUNTER
Threat Hunting// Dec 18, 2024

Bring Your Own Hunts to HUNTER

As a HUNTER customer utilizing the Hunt Management Module (HMM), you can now “bring your own” (BYO) threat hunting content to the HUNTER threat hunting platform.

Threat hunting case study: Uncovering Turla
Threat Hunting// Nov 11, 2024

Threat hunting case study: Uncovering Turla

Adversaries try to hide malicious components by renaming them as legitimate Windows binaries. This technique has been used by the Turla threat actor group and others. Here's how to threat hunt for this behavior.

Featured Resource
Intel 471 Logo 2024

AresLoader is a new loader malware-as-a-service (MaaS) offered by threat actors with links to Russian hacktivism that was spotted recently in the wild.