2019-07-22 - HANCITOR SWITCHES TO AMADEY, STILL PUSHING PONY/URSNIF/COBALT STRIKE

ASSOCIATED FILES:

  • 2019-07-22-Amadey-infection-with-Pony-and-Ursnif-and-Cobalt-Strike.pcap   (6,439,886 bytes)
  • 10703351608909_4400271827.zip   (58,682 bytes)
  • 10703351608909_7812450780530.vbs   (122,537 bytes)
  • 2019-07-22-Amadey-binary-dropped-by-VBS-file-yddSomO.exe   (80,573 bytes)
  • 2019-07-22-Cobalt-Strike-H7mp-from-31.44.184.33.exe   (210,944 bytes)
  • 2019-07-22-Cobalt-Strike-a22.exe-from-ectcnepal.org.exe   (118,784 bytes)
  • 2019-07-22-Pony-pp.exe-from-neu.x-sait.de.exe   (246,784 bytes)
  • 2019-07-22-Ursnif-4.exe-from-neu.x-sait.de.exe   (258,560 bytes)
  • 2019-07-22-Windows-registry-updates-caused-by-Ursnif.txt   (13,771,512 bytes)
  • 2019-07-22-artifact-dropped-by-VBS-file-rFEoVZsY.txt   (8 bytes)

NOTES:

 


Shown above:  The infection traffic filtered in Wireshark.

 

 

Click here to return to the main page.