2021-04-06 AND 07 (TUESDAY AND WEDNESDAY) - DATA DUMP: HANCITOR ACTIVITY

ASSOCIATED FILES:

• 2021-04-06-Hancitor-emails-and-malware.zip   2.2 MB   (2,161,564 bytes)
• 2021-04-06-Hancitor-infection-with-Ficker-Stealer-and-attempted-Cobalt-Strike.pcap.zip   10.3 MB   (10,311,723 bytes)

• 2021-04-07-Hancitor-emails-and-malware.zip   2.5 MB   (2,549,658 bytes)
• 2021-04-07-Hancitor-infection-with-Cobalt-Strike-and-Ficker-Stealer.pcap.zip   9.0 MB   (9,047,627 bytes)

NOTES:

• All zip archives on this site are password-protected.  If you don't know the password, see the "about" page of this website.
• IP for Cobalt Strike C2 on Tuesday 2021-04-06 did not repsond when the infected host tried to contact it.
• Palo Alto Networks recently published a Wireshark tutoral I wrote, which you can find here.

 

IMAGES

 

Click here to return to the main page.