2019-07-01 - QUICK POST: HANCITOR MALSPAM
- 2019-07-01-Hancitor-malspam-example.eml.zip 2.2 kB (2,243 bytes)
- 2019-07-01-infection-traffic-from-Hancitor-malspam.pcap.zip 962 kB (961,610 bytes)
- 2019-07-01-malware-and-artifacts-from-Hancitor-infection.zip 276 kB (276,420 bytes)
- As always, my thanks to everyone who keeps an eye on this malspam and reports about it near-real-time on Twitter.
- Indicators are available in this Twitter thread (more indicators than I saw).
- Zip archives are password-protected with the standard password. If you don't know it, see the "about" page of this website.
Shown above: Flow chart for today's Hancitor malspam infection.
Shown above: Example of the malspam.
Shown above: Traffic from my infection filtered in Wireshark.
Click here to return to the main page.