2018-08-14 - QUICK POST: HANCITOR MALSPAM INFECTIONS FROM 2018-08-13 AND 2018-08-14
ASSOCIATED FILES:
- 2018-08-13-Hancitor-malspam-12-email-examples.zip 22.9 kB (22,864 bytes)
- 2018-08-13-Hancitor-malspam-infection-traffic.pcap.zip 460 kB (459,552 bytes)
- 2018-08-13-malware-from-Hancitor-infection.zip 338 kB (337,639 bytes)
- 2018-08-14-Hancitor-malspam-1750-UTC.eml.zip 2.1 kB (2,062 bytes)
- 2018-08-14-Hancitor-malspam-infection-traffic.pcap.zip 804 kB (804,348 bytes)
- 2018-08-14-malware-from-Hancitor-infection.zip 341 kB (341,027 bytes)
NOTES:
- Saw some issues with Zeus Panda Banker from Hancitor infections in my lab this week.
- Not as much Zeus Panda Banker traffic, and several DNS queries from the infected host showed "No such name".
- Otherwise, it's pretty much business as usual for Hancitor malspam.
- Zip archives are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Shown above: Flow chart for this infection traffic.
IMAGES
Shown above: Traffic from an infection filtered in Wireshark from today (2018-08-14).
Shown above: Traffic from the same infection about 2 & 1/2 hours later.
Click here to return to the main page.