Malware-Traffic-Analysis.net - 2019-09-30 - Data dump: Hancitor-style Amadey

2019-09-30 - DATA DUMP: HANCITOR-STYLE AMADEY

ASSOCIATED FILES:

2019-09-30-Hancitor-style-Amadey-IOCs.txt.zip 1.7 kB (1,748 bytes)
2019-09-30-Hancitor-style-Amadey-malspam-3-examples.zip 4.5 kB (4,475 bytes)
2019-09-30-Hancitor-style-Amadey-infection-traffic.pcap.zip 610 kB (610,380 bytes)
2019-09-30-Hancitor-style-Amadey-malware-and-artifacts.zip 277 kB (276,510 bytes)

NOTES:

On Monday 2019-09-30, malspam pushing Amadey used links to fake IRS pages.
This is an evolution of the long-running Hancitor malspam campaign.
Since July 2019 this campaign switched from Hancitor to Amadey (link)
Therefore, I've been calling this Hancitor-style Amadey.

Zip archives are password-protected with the standard password. If you don't know it, see the "about" page of this website.

Click here to return to the main page.