2019-09-30 - DATA DUMP: HANCITOR-STYLE AMADEY
- 2019-09-30-Hancitor-style-Amadey-IOCs.txt.zip 1.7 kB (1,748 bytes)
- 2019-09-30-Hancitor-style-Amadey-malspam-3-examples.zip 4.5 kB (4,475 bytes)
- 2019-09-30-Hancitor-style-Amadey-infection-traffic.pcap.zip 610 kB (610,380 bytes)
- 2019-09-30-Hancitor-style-Amadey-malware-and-artifacts.zip 277 kB (276,510 bytes)
- On Monday 2019-09-30, malspam pushing Amadey used links to fake IRS pages.
- This is an evolution of the long-running Hancitor malspam campaign.
- Since July 2019 this campaign switched from Hancitor to Amadey (link)
- Therefore, I've been calling this Hancitor-style Amadey.
- Zip archives are password-protected with the standard password. If you don't know it, see the "about" page of this website.
Click here to return to the main page.