Collaborate Disseminate
This video shows how Cobalt Strike and Hancitor C2 traffic can be detected using CapLoader. Your browser does not support the video tag. I bet you’re going: 😱 OMG he’s analyzing Windows malware on a Windows PC!!! Relax, I know what I’m doing. I have al… Continue reading Detecting Cobalt Strike and Hancitor traffic in PCAP
An email with the subject of “This is an electronic efax Notification” pretending to come from efax but coming from efax@ramatmed.com with a link to download a malicious word doc that delivers Hancitor They are using email addresse… Continue reading Hancitor delivered via fake This is an electronic efax Notification
Evading detection when distributing payloads is a key part of an effective malware campaign. Hancitor shows that it has yet another trick up its sleeve for that.
Categories:
Malware
Threat analysis
Tags: filelessHancitormacromalwarepayloads
… Continue reading Hancitor: fileless attack with a kernel trick
DocuSign warns of a breach and subsequent theft of email addresses that are part of a phishing campaign that employs malicious macro-laced Word documents. Continue reading DocuSign Phishing Campaign Includes Hancitor Downloader
Continuing with the never ending series of malware downloaders is an email with the subject of HSBC Bank – 24086 Loan Program Notification coming from noreply9@creditsupport.gdn which delivers what looks like hancitor malware. It is quite unusual for malware authors to use 7zip (7z) compressed ( zip ) files, although most current extraction … Continue reading → Continue reading fake HSBC Bank – 24086 Loan Program Notification malspam delivers hancitor
A recent lull in the distribution of spam linking to the malicious downloader Hancitor has been snapped as researchers warn of new campaigns. Continue reading Spammers Revive Hancitor Downloader Campaigns