2019-11-19 - PCAP AND MALWARE FOR AN ISC DIARY (HANCITOR INFECTION)

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

REFERENCE:

• The associated ISC diary is:  Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike

 

ASSOCIATED FILES:

• 2019-11-19-Hancitor-infections-2-pcaps.zip   7.0 MB (7,033,185 bytes)

• 2019-11-19-Hancitor-infection-1st-run-with-Pony-EvilPony-and-Ursnif.pcap   (22,630,000 bytes)
• 2019-11-19-Hancitor-infection-2nd-run-with-Ursnif-and-Cobalt-Strike.pcap   (555,854 bytes)

• 2019-11-19-Hancitor-infection-malware-and-artifacts.zip   3.5 MB (3,540,381 bytes)

• 2019-11-19-Cobalt-Strike-EXE-retrieved-by-Hancitor-infected-host.exe   (49,152 bytes)
• 2019-11-19-Hancitor-DLL-dropped-after-running-VBS-file.dll   (178,176 bytes)
• 2019-11-19-Hancitor-infection-IOCs.txt   (3,270 bytes)
• 2019-11-19-downloaded-zip-archive-from-link-in-Hancitor-malspam.zip   (114,089 bytes)
• 2019-11-19-extracted-VBS-file-from-downloaded-zip-archive.txt   (562,310 bytes)
• 2019-11-19-initial-Ursnif-EXE-retrieved-by-Hancitor-infected-host.exe   (305,152 bytes)
• 2019-11-19-registry-entries-caused-by-Ursnif.txt   (13,811,500 bytes)

 

Click here to return to the main page.