API tools faq
paste
Advertisement
ExecuteMalware

2021-01-12 Hancitor IOCs

ExecuteMalware
Jan 12th, 2021
3,991
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.74 KB | None | 0 0
raw download clone embed print report
  1. THREAT ATTRIBUTION: HANCITOR
  2.  
  3. SUBJECTS OBSERVED
  4. You got invoice from DocuSign Electronic Service
  5. You got invoice from DocuSign Electronic Signature Service
  6. You got invoice from DocuSign Signature Service
  7. You got notification from DocuSign Electronic Service
  8. You got notification from DocuSign Service
  9. You got notification from DocuSign Signature Service
  10. You received invoice from DocuSign Electronic Service
  11. You received invoice from DocuSign Electronic Signature Service
  12. You received invoice from DocuSign Service
  13. You received invoice from DocuSign Signature Service
  14. You received notification from DocuSign Electronic Service
  15. You received notification from DocuSign Service
  16.  
  17. SENDERS OBSERVED
  18. atodn@digital-negative.com
  19. bojo@digital-negative.com
  20. gixinop@digital-negative.com
  21. iy@digital-negative.com
  22. khyto@digital-negative.com
  23. lyuoinf@digital-negative.com
  24. oliyxrc@digital-negative.com
  25. oukycot@digital-negative.com
  26. pyceu@digital-negative.com
  27. qux@digital-negative.com
  28. qyo@digital-negative.com
  29. tayfadz@digital-negative.com
  30. tuyhay@digital-negative.com
  31. u@digital-negative.com
  32. viqofix@digital-negative.com
  33. wluiopu@digital-negative.com
  34. xboboze@digital-negative.com
  35. xieaupf@digital-negative.com
  36. xoxihqu@digital-negative.com
  37. yj@digital-negative.com
  38. yki@digital-negative.com
  39. ymakspa@digital-negative.com
  40. zu@digital-negative.com
  41.  
  42. MALDOC LANDING PAGE URLS
  43. https://docs.google.com/document/d/e/2PACX-1vQ0Ex0Jw1liHdLF1UXL0nUGe-ZM_-2CzDb_bptkII1v9Ylnrke6YqEYanx8kI2IUggq5dol8LbYfij4/pub
  44. https://docs.google.com/document/d/e/2PACX-1vQgYON0ZqbynIRhybfOxzkN8jUzIa-DkiYp-KOTxKzhFaDt2miDJBp14XJw8lMPHtU1tkIXDcwquIr-/pub
  45. https://docs.google.com/document/d/e/2PACX-1vQHmPi7vJgaq5wQRmEIdWErO7nlS3pe8BIhnju3ritcBSOa5Wijh-VZZVMq0k2BBWCEc6ofDwi-udpa/pub
  46. https://docs.google.com/document/d/e/2PACX-1vQttNC93HobRpJWEDwy6-hgPB2cs-LcObI2AHvi48t2wddOIesfrekt0giylDJCAayos8PcU7RvEDYY/pub
  47. https://docs.google.com/document/d/e/2PACX-1vQxNhq-9BAtBUZGifCLKec0fOGtXNJOeVJ4gPrm96pgNOj_GdLs4U4G3uE-VfvTqhV8laREUS6SnteV/pub
  48. https://docs.google.com/document/d/e/2PACX-1vR_qyHhJ_5Noa7zYUFx6yAvRdYpz4P7R0rGdNzBTFOciGNYrWKcZe_xFiEFRr1PCCo151E6_fkR_e7c/pub
  49. https://docs.google.com/document/d/e/2PACX-1vREU1bHYftLqheYOzwVVDZmUqRbCVcUIV6c14pucDv9QuPsFCvCJTf8KZ5SHF0T4mmojdmqW8T_at14/pub
  50. https://docs.google.com/document/d/e/2PACX-1vRL7SxjKPCQ-jFEOcyJh2setdsXTf66Kb8fn_oAYqeY1UD_yic6-6amVZTwv7NHnXiVBuX6EwMWubcp/pub
  51. https://docs.google.com/document/d/e/2PACX-1vRYB5Bt0Y8yUjm5IjcO-6pUiBR79D_PZPBX_-NCd8kxuRZU4jR2-2imudAZdMYwRaxfqyN8S5ESD-b1/pub
  52. https://docs.google.com/document/d/e/2PACX-1vS_cmyWP1MFvPcWE3qwrKSTzyYRN68-2OQJYEEYwu_SrDKtwY1POZMnNCc2A4mx46H6QmTyQqXxwJnA/pub
  53. https://docs.google.com/document/d/e/2PACX-1vShuUk4DvIVthVxqc8UIUgZ7hOQzBQ1Dop8sXP73qBfS-JrlSrdIaZslExSyrr459kvaMmWbOAUkYii/pub
  54. https://docs.google.com/document/d/e/2PACX-1vSI9I1I-qOz0msX_NdnT-pfsaiL1hy1L98FthFEqcAd73qKVFX4rwGDBCXo-u8DZut33LbqaKshSzdt/pub
  55. https://docs.google.com/document/d/e/2PACX-1vSiCGmHJAtmwjOYh4v2tEc5ub9GXGHA6-y4cU_w5a_E7x6__vQtSZ058dRKbeyCJptdfsFE2PZATAns/pub
  56. https://docs.google.com/document/d/e/2PACX-1vSyQkwxvXDidlYYIm9aeWXT9us8nqq2FvkVQzNWvnQ8PniK74FhFk1fZ3TkMNxCf3ZPaG1N5GAPLS4A/pub
  57. https://docs.google.com/document/d/e/2PACX-1vT6b8z4r7JOCH2G2o9uKtuEG-fELMibPLoCLbVuZ96ushpyhorlQyb5bO1lUwFZf7xcnEo4_q2tfkLj/pub
  58. https://docs.google.com/document/d/e/2PACX-1vTgQpfkOKheH7LYmseXma-_uI8vxD1agP-j8WoXUMcoZC-tAtcLGVoHW04pzWrLA480jGa1x6s8nq6k/pub
  59. https://docs.google.com/document/d/e/2PACX-1vTgZp3ehVbeAJNHXWq0AUci22-8ADx1Jcf0LbrE0c3H6cT1qwNFeQiCIcpr5hcsD2nKRFxHeFlPqkT1/pub
  60. https://docs.google.com/document/d/e/2PACX-1vTHn8pdGhvFTftG4x5PXWxpX7f7Rbe7rrNSvWSTrcEx1HNg53lQID-O6uYjBkcoUtFXZK1WWJRixrNU/pub
  61. https://docs.google.com/document/d/e/2PACX-1vTiMxxKYdtOy98JFAiBaNe1W-VVdRGcZOZurDYA1jhcat-mcbcA8Uw7m_v4BvJ-H3o9m7ML_TtRNPQP/pub
  62.  
  63. MALDOC DISTRIBUTION URLS
  64. http://3.133.244.105/attributive.php
  65. http://3.133.244.105/count.php
  66. http://3.133.244.105/irs.php
  67. http://savortrading.com/sacrifice.php
  68. https://anazakschools.sc.tz/assume.php
  69. https://anazakschools.sc.tz/croup.php
  70. https://anazakschools.sc.tz/socketing.php
  71. https://dev.brees.com.au/didactic.php
  72. https://expertcircles.co.uk/assotiation.php
  73. https://libifield.co.za/figs.php
  74. https://villaspaseodelsol.com/sunnily.php
  75.  
  76. anazakschools.sc.tz
  77. brees.com.au
  78. expertcircles.co.uk
  79. libifield.co.za
  80. savortrading.com
  81. villaspaseodelsol.com
  82.  
  83. HANCITOR MALDOC FILE HASHES
  84. 8d2c0fb462817feffd1c35c45d2a72b1
  85. 90bc76c00a54ec40a5c02680c4ac0adc
  86. a5dc5a492c6556b9664e6f48c981065b
  87. a7605e52ca6d54e03fe4c39594fcac20
  88. c72d6815d9d98f3f23cf3cadd269e674
  89. d6ad7ad05727b8be4331adfeae9bdc21
  90. fd6d667d0f199549d545bb3c99d6a4b9
  91.  
  92. HANCITOR PAYLOAD FILE HASHES
  93. W0rd.dll
  94. 557424cc69f1869eb2b54397cbd23faa
  95.  
  96. HANCITOR DOWNLOAD URLS
  97. None - embedded
  98.  
  99. HANCITOR C2
  100. http://fruciand.com/8/forum.php
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!