2017-10-31 - QUICK POST: HANCITOR MALSPAM (PAYMENT NOTICE FOR INVOICE)
ASSOCIATED FILES:
- Zip archive of the pcap: 2017-10-31-Hancitor-malspam-traffic-example.pcap.zip 335 kB (334,899 bytes)
- 2017-10-30-Hancitor-malspam-traffic-example.pcap (479,535 bytes)
- Zip archive of the malware: 2017-10-31-Hancitor-malspam-and-artifacts.zip 232 kB (232,164 bytes)
- 2017-10-31-Hancitor-maldoc-receipt_561268.doc (224,768 bytes)
- 2017-10-31-Hancitor-malspam-all-emails.txt (23,018 bytes)
- 2017-10-31-Hancitor-malspam-notes.txt (4,245 bytes)
- 2017-10-31-Zeus-Panda-Banker.exe (151,040 bytes)
NOTES
- See "2017-10-31-Hancitor-malspam-notes.txt" in the malware archive for domains, IP addresses, SHA256 hashes, URLs, etc.
- Zip archives are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Shown above: Traffic from the infection filtered in Wireshark.
Click here to return to the main page.