2022-02-01 (TUESDAY) - HANCITOR (CHANITOR/MAN1/MOSKALVZAPOE/TA511) INFECTION WITH COBALT STRIKE

ASSOCIATED FILES:

NOTES:

 

IMAGES


Shown above:  Screenshot from one of the emails.

 


Shown above:  Link from the email returned a Word doc.

 


Shown above:  Screenshot of the Hancitor Word doc.

 


Shown above:  Batch file and Hancitor DLL (moexx.bin) on the infected Windows host.

 


Shown above:  Traffic from the infection filtered in Wireshark.

 

Click here to return to the main page.