2018-12-04 - FILES FOR AN ISC DIARY (HANCITOR)

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

NOTES:

• The associated ISC diary is:  Campaign evolution: Hancitor changes its Word macros

 

ASSOCIATED FILES:

• 2018-12-04-Hancitor-malspam-3-email-examples.zip   6.5 kB (6,519 bytes)

• 2018-12-04-Hancitor-malspam-1540-UTC.eml   (4,001 bytes)
• 2018-12-04-Hancitor-malspam-1724-UTC.eml   (4,092 bytes)
• 2018-12-04-Hancitor-malspam-1743-UTC.eml   (3,894 bytes)

• 2018-12-04-Hancitor-infection-with-Ursnif-and-SSEbot.pcap.zip   8.2 MB (7,161,933 bytes)

• 2018-12-04-Hancitor-infection-with-Ursnif-and-SSEbot.pcap   (18,190,357 bytes)

• 2018-12-04-malware-and-artifacts-from-Hancitor-infection.zip   5.2 MB (5,171,308 bytes)

• 2018-12-04-downloaded-Word-doc-with-macro-for-Hancitor.doc   (458,240 bytes)
• 2018-12-04-Hancitor-infection-werd.exe   (114,690 bytes)
• 2018-12-04-Hancitor-infection-wird.exe   (52,226 bytes)
• 2018-12-04-macro-extracted-from-Hancitor-Word-doc.txt   (4,452 bytes)
• 2018-12-04-registry-entries-created-by-Ursnif.txt   (14,306,600 bytes)
• 2018-12-04-SSE-spambot-malware-retreived-by-Hancitor-infected-host.exe   (2,163,976 bytes)
• 2018-12-04-Ursnif-retrieved-by-Hancitor-infected-host.exe   (249,544 bytes)

 

Click here to return to the main page.