2021-02-09 (TUESDAY) - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2021-02-09-Hancitor-malspam-6-emails.zip   45.6 kB   (45,634 bytes)
• 2021-02-09-Hancitor-infection-with-Cobalt-Strike.pcap.zip   3.7 MB   (3,745,941 bytes)
• 2021-02-09-Hancitor-malware.zip   334 kB   (333,569 bytes)

 

IMAGES

Shown above:  Screenshot from one of the emails pushing Hancitor.

 

Shown above:  Google Drive page from one of the email links.

 

Shown above:  Word document and redirection to KeyBank page.

 

Shown above:  Screenshot from a KeyBank-themed Word document with macros for Hancitor.

 

Click here to return to the main page.