2018-09-05 - QUICK POST: HANCITOR MALSPAM STOPS USING PDF ATTACHMENTS AFTER 1 DAY

ASSOCIATED FILES:

NOTES:


Shown above:  Chain of events for today's Hancitor malspam infection.

 

IMAGES


Shown above:  Screenshot of an email from today's wave of Hancitor malspam.

 


Shown above:  After downloading the Word doc, enable macros to infect a vulnerable Windows host.

 


Shown above:  Traffic from an infection filtered in Wireshark (domains hosting the Word doc had already been taken off-line by the time I recorded this).

 

Click here to return to the main page.