2018-05-14 - QUICK POST: HANCITOR MALSPAM

ASSOCIATED FILES:

• Zip archive of the emails:  2018-05-14-Hancitor-malspam-48-email-examples.zip   95 kB (95,305 bytes)
• Zip archive of the infection traffic:  2018-05-14-Hancitor-malspam-infection-traffic.pcap.zip   2.5 MB (2,450,593 bytes)
• Zip archive of the malware:  2018-05-14-malware-from-Hancitor-infection.zip   234 kB (234,271 bytes)

 

IMAGES

Shown above:  Flow chart for recent Hancitor infections.

 

Shown above:  Screenshot from an email.

 

Shown above:  Example of a Word document downloaded from link in the email.

 

Shown above:  Traffic from an infection filtered in Wireshark.

 

FINAL NOTES

Once again, here are the associated files:

• Zip archive of the emails:  2018-05-14-Hancitor-malspam-48-email-examples.zip   95 kB (95,305 bytes)
• Zip archive of the infection traffic:  2018-05-14-Hancitor-malspam-infection-traffic.pcap.zip   2.5 MB (2,450,593 bytes)
• Zip archive of the malware:  2018-05-14-malware-from-Hancitor-infection.zip   234 kB (234,271 bytes)

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.