2018-10-29 - QUICK POST: HANCITOR INFECTION WITH URSNIF

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

NOTES:

• Hancitor is back after almost a month off, and the macro from it's word docs is kicking off the infection chain a little differently than before.
• However, the infection traffic looks about the same as last month when Hancitor was first noted pushing Ursnif (link).

 

ASSOCIATED FILES:

• 2018-11-29-Hancitor-infection-with-Ursnif.pcap.zip   522 kB (521,785 bytes)
• 2018-11-29-malware-from-Hancitor-infection.zip   342 kB (342,356 bytes)

 

Click here to return to the main page.