2020-01-21 - HANCITOR INFECTION WITH COBALT STRIKE

ASSOCIATED FILES:

  • 2020-01-21-Hancitor-IOCs.txt   (2,878 bytes)
  • 2020-01-21-Hancitor-malspam-example.eml   (5,583 bytes)
  • 2020-01-21-Hancitor-infection-with-Cobalt-Strike.pcap   (720,256 bytes)
  • 2020-01-21-Cobalt-Strike-EXE.bin   (163,328 bytes)
  • 2020-01-21-Hancitor-DLL.bin   (156,672 bytes)
  • 2020-01-21-VBS-file-extracted-from-downloaded-zip-archive.txt   (389,313 bytes)
  • 2020-01-21-downloaded-zip-archive-from-link-in-Hancitor-malspam.zip   (124,326 bytes)

NOTES:

 

IMAGES


Shown above:  Email example from Hancitor malspam on Tuesday 2020-01-21.

 


Shown above:  Traffic from an infection filtered in Wireshark.

 

Click here to return to the main page.