2021-06-01 (TUESDAY) - HANCITOR WITH COBALT STRIKE AND NETPING TOOL ACTIVITY
- 2021-06-01-Hancitor-IOCs.txt.zip 4.1 kB (4,136 bytes)
- 2021-06-01-Hancitor-malspam-21-examples.zip 51.3 kB (51,304 bytes)
- 2021-06-01-Hancitor-with-Cobalt-Stike-and-netping-tool.pcap.zip 7.6 MB (7,578,021 bytes)
- 2021-06-01-Hancitor-and-Cobalt-Strike-malware.zip 3.8 MB (3,754,126 bytes)
- All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website.
- Reference: Hancitor’s Use of Cobalt Strike and a Noisy Network Ping Tool
- Reference: Wireshark Tutorial: Examining Traffic from Hancitor Infections
Shown above: Traffic from the infection filtered in Wireshark - part 1 of 3: going to a Google docs link from one of the emails.
Shown above: Traffic from the infection filtered in Wireshark - part 2 of 3: Hancitor and Cobalt Strike activity starts.
Shown above: Traffic from the infection filtered in Wireshark - part 3 of 3: netping tool activity starts.
Click here to return to the main page.