Hancitor
The MITRE Corporation
· Published 12/08/2020 21:32 · Modified 27/03/2026 01:07
Family
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 12/08/2020 21:32
- Modified
- 27/03/2026 01:07
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 38 attack patterns (mitre), 1 intrusion sets (apt), 6 sectors, 1 countries, 69 indicators, 2 vulnerabilities (cve)
Aliases
Chanitor
Description
[Hancitor](https://attack.mitre.org/software/S0499) is a downloader that has been used by [Pony](https://attack.mitre.org/software/S0453) and other information stealing malware.(Citation: Threatpost Hancitor)(Citation: FireEye Hancitor)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (38)
Intrusion sets (APT) (1)
-
RomCom usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (6)
-
Finance targets
-
Government targets
-
Healthcare targets
-
Defense ministries (including the military) targets
-
Information Technologies Consulting targets
-
Manufacturing targets
Countries (1)
-
United States of America targets
Indicators (69)
-
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
-
stix 100/100 Revoked
Win.Packed.Generickdz-9948392-0 SHA256 of eaced2fcfdcbf3dca4dd77333aaab055345f3ab4
· Valid until 05/06/2024 · Source: AlienVault -
stix 100/100 Revoked
SHA256 of 4c32ef0836a0af7025e97c6253054bca
· Valid until 05/06/2024 · Source: AlienVault -
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
-
stix 100/100 Revoked
stack_string
· Valid until 23/11/2024 · Source: AlienVault -
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 15/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
Vulnerabilities (CVE) (2)
5.5
Medium
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …
- Attack vector
- Local
- Published
- 03/11/2021
- Modified
- 27/05/2026
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 13/04/2022
- Modified
- 27/05/2026