HOMETHREATSHunters International
MALWARE FAMILY💰 FINANCIALHIGH

Hunters International

Internal ID: win.hunters_international
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Emerging in Q3 2023 as a Ransomware-as-a-Service (RaaS) operation, Hunters International has established itself as a distinct yet controversial threat actor in the cybercrime ecosystem. While initial analysis revealed a code overlap with the dismantled Hive ransomware, the group claims independence, asserting it purchased Hive’s source code rather than directly rebranding. This operational lineage enables advanced double-extortion campaigns prioritizing data exfiltration over encryption, with confirmed theft of medical records, financial data, and proprietary business information. The group's ransomware is written in Rust, a programming language favored for its resilience to reverse engineering and cross-platform compatibility.

Threat Analysis

Hunters International is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.

Financially motivated threat actors like Hunters International prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, Hunters International is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

External References

Quick Facts

TypeMalware Family
Motivation💰 financial
Sophisticationhigh
Aliases1

Also Known As

win.hunters_international

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Hunters International — Malware Family | Threat Intelligence | CTIWATCH.COM