Hancitor
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[Hancitor](https://attack.mitre.org/software/S0499) is a downloader that has been used by [Pony](https://attack.mitre.org/software/S0453) and other information stealing malware.(Citation: Threatpost Hancitor)(Citation: FireEye Hancitor)
Associated Techniques (14)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1027 | Obfuscated Files or Information | - |
| T1027.015 | Compression | - |
| T1059.001 | PowerShell | - |
| T1070.004 | File Deletion | - |
| T1105 | Ingress Tool Transfer | - |
| T1106 | Native API | - |
| T1140 | Deobfuscate/Decode Files or Information | - |
| T1204.001 | Malicious Link | - |
| T1204.002 | Malicious File | - |
| T1218.012 | Verclsid | - |
| T1497 | Virtualization/Sandbox Evasion | - |
| T1547.001 | Registry Run Keys / Startup Folder | - |
| T1566.001 | Spearphishing Attachment | - |
| T1566.002 | Spearphishing Link | - |
Aliases (106)
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Chanitor
Metadata
| ID: | 649 |
| Created: | 13/01/2026 17:48 |
| Updated: | 07/03/2026 16:00 |