2021-06-01 (TUESDAY) - HANCITOR WITH COBALT STRIKE AND NETPING TOOL ACTIVITY

ASSOCIATED FILES:

NOTES:

 

IMAGES


Shown above:  Traffic from the infection filtered in Wireshark - part 1 of 3: going to a Google docs link from one of the emails.

 


Shown above:  Traffic from the infection filtered in Wireshark - part 2 of 3: Hancitor and Cobalt Strike activity starts.

 


Shown above:  Traffic from the infection filtered in Wireshark - part 3 of 3: netping tool activity starts.

 

Click here to return to the main page.