Original Threat Intelligence Research

Hands-on malware analysis turned into structured, evidence-based intelligence — technically deep enough to trust, clear enough to act on. Free and open: published by a solo analyst for the defender community, with no paywall or signup.

33 Reports 706 Detection Rules 1895 IOCs

Latest Reports

Series · 6 reports

HIGH · Jun 2026

Multi-Actor AI-Agent Framework Abuse

AI Abuse Multi-Family Threat Open Dir

MED · Jun 2026

Flask C2 & MSSQL CLR Backdoor on a Windows Post-Exploitation Staging Host

Post-Ex Priv Esc C2 Open Dir

HIGH · May 2026

CVE-2026-41940 cPanel Harvester Toolkit (216.126.227.49)

CVE Exploit Cred Theft Phishing Open Dir

Series · 3 reports

CRITICAL · May 2026

Multi-Cluster Open Directory — 79.137.192.3 (Rhadamanthys / BellaMain / Inkognito)

MaaS Stealer Loader Open Dir

View all reports →

Mission

Most threat intelligence fails defenders in one of two ways. It is either too shallow to be actionable — headlines dressed up as analysis — or technically rigorous but locked behind paywalls, stripped of indicators, and written for researchers rather than the people responding at 2am.

The Hunter's Ledger exists to fill that gap. Every report here is built from original research: real samples, real infrastructure, real detections. The goal is intelligence that a defender can open, read, and act on the same day — with IOCs ready to ingest, detection rules ready to deploy, and analysis deep enough to actually understand what a threat does and how to stop it.

All of it is free. Defenders should not have to pay to defend.

Not a collection of open-source intel reports, IOCs, or TTPs — findings are from original research, though they may overlap with known threats.

Explore

Reports

In-depth malware analysis & reverse engineering

Hunting Detections

Sigma, YARA, and Suricata rules

IOC Feeds

Indicators ready for your SIEM or EDR

STIX Bundles

STIX 2.1 bundles for OpenCTI & MISP

About & Connect

About Me

Background & how to reach me

Behind the Reports

How the intelligence is produced

Consulting

Malware analysis, IR & detection services

Support

Help keep the research free

Have original research, detections, or IOCs to share? Reach out at intel@the-hunters-ledger.com — findings can be posted on your behalf as a co-author or attributed however you prefer.

Resources

MITRE ATT&CK · Sigma Rules · YARA