2021-05-13 (THURSDAY) - HANCITOR WITH FICKER STEALER AND COBALT STRIKE

ASSOCIATED FILES:

REFERENCES:

NOTES:

  • Victim's LAN segment range:  10.0.0.0/24 (10.0.0.0 through 10.0.0.255
  • Victim's Domain:  sunbattleaxes.com
  • Victim's Domain controller:  10.0.0.2 - BattleAx-DC
  • LAN segment gateway:  10.0.0.1
  • LAN segment broadcast address:  10.0.0.255
  • IP address of the infected Windows host:  10.0.0.101
  • Host name of the infected Windows host:  DESKTOP-UGSXCLB
  • User account name on the infected Windows host:  albert.hamstein

 

IMAGES


Shown above:  Traffic from the infection filtered in Wireshark.

 

Click here to return to the main page.