2021-05-24 (MONDAY) - QUICK POST: HANCITOR INFECTION WITH FICKER STEALER AND COBALT STRIKE

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2021-05-24-some-of-the-Hancitor-IOCs.txt.zip   3.1 kB   (3,073 bytes)
• 2021-05-24-Hancitor-malspam-35-examples.zip   88.4 kB   (88,409 bytes)
• 2021-05-24-Hancitor-infection.pcap.zip   9.5 MB   (9,527,558 bytes)
• 2021-05-24-Hancitor-malware.zip   5.3 MB   (5,254,558 bytes)

 

IMAGES

Shown above:  Traffic from an infection filtered in Wireshark.

 

Click here to return to the main page.