2019-10-03 - DATA DUMP: CLASSIC-STYLE HANCITOR MALSPAM

ASSOCIATED FILES:

NOTES:

 

IMAGES


Shown above:  .

 


Shown above:  Downloading a Word document.

 


Shown above:  Password protected macro, eh?

 


Shown above:  Using the code from the email as the password.

 


Shown above:  It shows the password as incorrect, but I got some infection traffic anyway.

 


Shown above:  Traffic from the infection filtered in Wireshark.

 

Click here to return to the main page.