Threat Brief: Hancitor Actors

Read this Threat Brief to learn how Hancitor threat actors use fundamental business tactics to deliver attacks

Pythons and Unicorns and Hancitor…Oh My! Decoding Binaries Through Emulation

This blog post is a continuation of my previous post, VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick, where we analyzed a new Visual Basic (VB) macro dropper and the accompanying shellcode. In the last post, we left off with having successfully identified where the shellcode carved out and decoded a binary

VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick

The Hancitor downloader has been relatively quiet since a major campaign back in June 2016. But over the past week, while performing research using Palo Alto Networks AutoFocus, we noticed a large uptick in the delivery of the Hancitor malware family as they shifted away from H1N1 to distribute Pony and Vawtrak executables. In parallel,