Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hancitor DocuSign phishing IOCs September 27, 2017
- From:<Various names> via DocuSign <[email protected]> or [email protected]
- Subject: Your Invoice <8 digits> for accounting@<YOUR DOMAIN> Document is Ready for Signature
- Downloaded Document Name: invoice_<6 digits>.doc
- Document SHA256: 42e3fcad33e3d94b416578c86446be7762136c7707d6da08adc8075c3bd3ce61
- Phishing URLs
- ds.php?XXX= where XXX is random
- hopphome.com/[email protected]
- hoppnews.com
- ifeelgreatnow.com
- maycompanyapartments.com
- maycompanybuilding.com
- perrypaynecondo.com
- perrypaynecondo.net
- publicsquareapartments.com
- ifeelgreatvideo.com
- maycoapts.com
- thomasguyton.com
- C2 domains
- http://oneonreugh.com/ls5/forum.php
- http://sotyterny.ru/ls5/forum.php
- http://recsihedri.ru/ls5/forum.php
- Malware Delivery URLs
- http://markimicrowave.com/blog/wp-content/themes/twentyfourteen/1
- http://markimicrowave.com/blog/wp-content/plugins/google-sitemap-generator/1
- http://taste.divino.bg/wp-content/plugins/contact-form-7/1
- http://www.schreckeneder.net/wp-includes/1
- http://www.polbest.pl/wp-includes/1
- http://format-format.ru/wp-admin/1
- File1 SHA256: d14f5ec7f7843a5ca5c7e6900e297565946e8314c99ecd89d4e583a874a0d354
- File2 SHA256: 1aae22b5ed8cda013cfef67a3dd24380017f7df0d9f638df7bd6941ecd0f9ac8
- File3 SHA256: c8c6f89a44d629cd5a5280f7182ace9d75bd106d862dc70a1ea439bfb8bdaebe
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
