Hancitor
The MITRE Corporation
· Published 12/08/2020 21:32 · Modified 27/03/2026 01:07
Family
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 12/08/2020 21:32
- Modified
- 27/03/2026 01:07
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 38 attack patterns (mitre), 1 intrusion sets (apt), 6 sectors, 1 countries, 69 indicators, 2 vulnerabilities (cve)
Aliases
Chanitor
Description
[Hancitor](https://attack.mitre.org/software/S0499) is a downloader that has been used by [Pony](https://attack.mitre.org/software/S0453) and other information stealing malware.(Citation: Threatpost Hancitor)(Citation: FireEye Hancitor)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (38)
Intrusion sets (APT) (1)
-
RomCom usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (6)
-
Finance targets
-
Government targets
-
Healthcare targets
-
Defense ministries (including the military) targets
-
Information Technologies Consulting targets
-
Manufacturing targets
Countries (1)
-
United States of America targets
Indicators (69)
-
stix 100/100 Revoked· Valid until 15/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 15/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 15/06/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 05/06/2024 · Source: AlienVault
Vulnerabilities (CVE) (2)
5.5
Medium
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …
- Attack vector
- Local
- Published
- 03/11/2021
- Modified
- 27/05/2026
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 13/04/2022
- Modified
- 27/05/2026