2021-03-18 - HANCITOR (CHANITOR) ACTIVIY (MAN1/MOSKALVZAPOE/TA511)

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2021-03-18-Hancitor-infection-IOCs.txt.zip   3.1 kB   (3,137 bytes)
• 2021-03-18-Hancitor-malspam-20-examples.zip   50.9 kB   (50,883 bytes)
• 2021-03-18-Hancitor-doc-and-DLL-files-5-pairs.zip   4.3 MB   (4,317,232 bytes)
• 2021-03-18-Hancitor-infection-traffic.pcap.zip   9.8 MB   (9,803,424 bytes)

 

IMAGES

Shown above:  Example of Hancitor malspam today.

 

 

Shown above:  Downloading a malicious Word document from one of the email links.

 

Shown above:  Traffic from an infection filtered in Wireshark.

 

Click here to return to the main page.