Malware-Traffic-Analysis.net - 2019-09-30 - Data dump: Hancitor-style Amadey

2019-09-30 - DATA DUMP: HANCITOR-STYLE AMADEY

NOTICE:

The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.

ASSOCIATED FILES:

2019-09-30-Hancitor-style-Amadey-IOCs.txt.zip 1.7 kB (1,748 bytes)
2019-09-30-Hancitor-style-Amadey-malspam-3-examples.zip 5.0 kB (5,019 bytes)
2019-09-30-Hancitor-style-Amadey-infection-traffic.pcap.zip 610 kB (610,380 bytes)
2019-09-30-Hancitor-style-Amadey-malware-and-artifacts.zip 277 kB (277,298 bytes)

NOTES:

On Monday 2019-09-30, malspam pushing Amadey used links to fake IRS pages.
This is an evolution of the long-running Hancitor malspam campaign.
Since July 2019 this campaign switched from Hancitor to Amadey (link)
Therefore, I've been calling this Hancitor-style Amadey.

Click here to return to the main page.