2019-07-03 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE

ASSOCIATED FILES:

NOTES:

 

IMAGES


Shown above:  Traffic from the infection filtered in Wireshark.

 


Shown above:  Alerts from the traffic using Security Onion with Suricata and the Emergingthreats Pro ruleset viewed through Squil.

 


Shown above:  Further beaconing activity related to Cobalt Strike.

 


Shown above:  Some contents of the Cobalt Strike callback traffic.

 

Click here to return to the main page.