2020-01-21 - HANCITOR INFECTION WITH COBALT STRIKE

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2020-01-21-Hancitor-IOCs.txt.zip   1.5 kB (1,503 bytes)

• 2020-01-21-Hancitor-IOCs.txt   (2,878 bytes)

• 2020-01-21-Hancitor-malspam-example.eml.zip   2.0 kB (1,988 bytes)

• 2020-01-21-Hancitor-malspam-example.eml   (5,583 bytes)

• 2020-01-21-Hancitor-infection-with-Cobalt-Strike.pcap.zip   501 kB (500,877 bytes)

• 2020-01-21-Hancitor-infection-with-Cobalt-Strike.pcap   (720,256 bytes)

• 2020-01-21-Hancitor-and-Cobalt-Strike-malware-and-artifacts.zip   381 kB (380,883 bytes)

• 2020-01-21-Cobalt-Strike-EXE.bin   (163,328 bytes)
• 2020-01-21-Hancitor-DLL.bin   (156,672 bytes)
• 2020-01-21-VBS-file-extracted-from-downloaded-zip-archive.txt   (389,313 bytes)
• 2020-01-21-downloaded-zip-archive-from-link-in-Hancitor-malspam.zip   (124,326 bytes)

 

IMAGES

Shown above:  Email example from Hancitor malspam on Tuesday 2020-01-21.

 

Shown above:  Traffic from an infection filtered in Wireshark.

 

Click here to return to the main page.