2017-11-28 - TWO DAYS OF HANCITOR MALSPAM

ASSOCIATED FILES:

NOTES:

 


Shown above:  Traffic from an infection filtered in Wireshark (Monday 2017-11-27).

 


Shown above:  Traffic from an infection filtered in Wireshark (Tuesday 2017-11-28).

 

WEB TRAFFIC BLOCK LIST

Indicators are not a block list.  If you feel the need to block web traffic, I suggest the following domains and URLs:

 

EMAILS

MALSPAM INFO - MONDAY 2017-11-27:

 

MALSPAM INFO - TUESDAY 2017-11-28:

 

LINKS FROM THE EMAILS ON MONDAY 2017-11-27:

 

LINKS FROM THE EMAILS ON TUESDAY 2017-11-28:

 

TRAFFIC

TRAFFIC FROM AN INFECTED HOST ON MONDAY 2017-11-27:

 

TRAFFIC FROM AN INFECTED HOST ON TUESDAY 2017-11-28:

 

MALWARE

MALWARE RETRIEVED FROM AN INFECTED WINDOWS HOST:

 

 

FINAL NOTES

Once again, here are the associated files:

Zip and saz files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.