2021-02-09 (TUESDAY) - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE

NOTES:

• All zip files on this site are password-protected.  If you don't know the password, see the "about" page of this website.

ASSOCIATED FILES:

• 2021-02-09-Hancitor-malspam-6-emails.zip   45 kB   (44,988 bytes)
• 2021-02-09-Hancitor-infection-with-Cobalt-Strike.pcap.zip   3.7 MB   (3,745,941 bytes)
• 2021-02-09-Hancitor-malware.zip   333 kB   (333,273 bytes)

 

IMAGES

Shown above:  Screenshot from one of the emails pushing Hancitor.

 

Shown above:  Google Drive page from one of the email links.

 

Shown above:  Word document and redirection to KeyBank page.

 

Shown above:  Screenshot from a KeyBank-themed Word document with macros for Hancitor.

 

Click here to return to the main page.