2019-10-03 - DATA DUMP: CLASSIC-STYLE HANCITOR MALSPAM
- 2019-10-03-Hancitor-malspam-1745-UTC.eml.zip 1.9 kB (1,939 bytes)
- 2019-10-03-Hancitor-infection-traffic.pcap.zip 336 kB (336,379 bytes)
- 2019-10-03-Hancitor-malware-and-artifacts.zip 230 kB (229,940 bytes)
- Zip archives are password-protected with the standard password. If you don't know it, see the "about" page of this website.
Shown above: .
Shown above: Downloading a Word document.
Shown above: Password protected macro, eh?
Shown above: Using the code from the email as the password.
Shown above: It shows the password as incorrect, but I got some infection traffic anyway.
Shown above: Traffic from the infection filtered in Wireshark.
Click here to return to the main page.