Hancitor distributed through coronavirus-themed malspam
released on 2020-03-12 @ 04:06:06 PM
"The criminal group behind Hancitor malware has been quiet during the past few weeks. For the past year or so, this group has stuck with DocuSign-themed malspam to distribute Hancitor (like this example from January 2020). However, today @mesa_matt reported a new wave of Hancitor malspam using a coronavirus theme. Today's diary reviews two quick infection runs using information from @mesa_matt's Twitter thread on Wednesday 2020-03-11."