2020-07-16 - HANCITOR INFECTION WITH INFO STEALER

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2020-07-16-Hancitor-IOCs.txt.zip   2.0 kB (1,977 bytes)
• 2020-07-16-Hancitor-infection-traffic.pcap.zip   3.6 MB (3,619,332 bytes)
• 2020-07-16-Hancitor-and-followup-malware.zip   4.0 MB (3,966,788 bytes)

NOTES:

• I'm not sure what the follow-up malware is, but it appears to be some sort of info stealer (previously it's been Ursnif and/or Cobalt Strike).

 

Click here to return to the main page.