Skip to content
  • Reports
  • Analysts
  • Services
    • Threat Intelligence
    • Detection Rules
    • Case Artifacts
    • Mentoring & Coaching Program
      • Book A Session
      • Meet The Team
  • Merchandise
  • Subscribe
  • Contact Us
  • Threat Intelligence
  • Detection Rules
  • Case Artifacts
  • Mentoring & Coaching Program
    • Book A Session
    • Meet The Team

The DFIR Report

Real Intrusions by Real Attackers, The Truth Behind the Intrusion

  • Reports
  • Analysts
  • Services
    • Threat Intelligence
    • Detection Rules
    • Case Artifacts
    • Mentoring & Coaching Program
      • Book A Session
      • Meet The Team
  • Merchandise
  • Subscribe
  • Contact Us
Sunday, September 24, 2023
  • Threat Intelligence
  • Detection Rules
  • Case Artifacts
  • Mentoring & Coaching Program
    • Book A Session
    • Meet The Team

Category: hancitor

From Zero to Domain Admin
cobaltstrike exploit hancitor

From Zero to Domain Admin

November 1, 2021

Intro This report will go through an intrusion from July that began with an email, which included a link to Google’s Feed Proxy service that was used to download a … Read More

Hancitor Continues to Push Cobalt Strike
cobaltstrike hancitor

Hancitor Continues to Push Cobalt Strike

June 28, 2021

First observed in 2014, Hancitor (also known as Chanitor and Tordal) is a downloader trojan that has been used to deliver multiple different malware such as Pony, Vawtrak, and DELoader. … Read More

Reports

Threat Intelligence

Detection Rules

Case Artifacts

Mentoring and Coaching

Copyright 2023 | The DFIR Report | All Rights Reserved