2018-01-29 - QUICK POST: HANCITOR INFECTION WITH ZEUS PANDA BANKER

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• Zip archive of the emails:  2018-01-29-Hancitor-malspam-16-examples.txt.zip   3.2 kB (3,203 bytes)

• 2018-01-29-Hancitor-malspam-16-examples.txt   (40,337 bytes)

• Zip archive of the pcap:  2018-01-29-Hancitor-infection-with-Zeus-Panda-Banker.pcap.zip   2.0 MB (1,971,807 bytes)

• 2018-01-29-Hancitor-infection-with-Zeus-Panda-Banker.pcap   (2,412,922 bytes)

• Zip archive of the malware:  2018-01-29-malware-from-Hancitor-infection.zip   314.2 kB (314,156 bytes)

• 2018-01-29-Hancitor-maldoc-sample-bofa_payment_167492.doc   (371,712 bytes)
• 2018-01-29-Zeus-Panda-Banker-sample.exe   (194,048 bytes)

NOTES:

• This week, the campaign is back to using Word documents with malicious macros (no more RTF docs exploiting CVE-2017-11882).

 

Click here to return to the main page.