Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 29/06/2021

29nd of June 2021 - Winners of the 26th week : njRAT, Redline and Formbook.

 

Threat statistics report

Publication date:

29/06/2021

Distribution :

TLP : WHITE  

What's new?

Hancitor (ID Mitre : S0499 )

Hancitor Continues to Push Cobalt Strike

Hancitor is a trojan downloader used to deliver several malwares. The infection vector starts with a malicious Office document followed by the dropping of #Pony, #Vawtrak, #DELoader or #Flicker Stealer. From that stage a Cobalt Strike beacon payload is leveraged to perform post infection activities. After the first infection, the payload tries to find a second target by alternating discovery and silent phases. Even though this downloader is a long-standing threat, the integration of Cobalt Strike payloads provides versatility such as lateralization phases required upon doxware attacks leveraging for instance Cuba doxware as reported by GroupIB in the recent past.

https://thedfirreport.com/2021/06/28/hancitor-continues-to-push-cobalt-strike/

 

Download the report

 

 

Print Email