Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT IDENTIFICATION: HANCITOR/COBALT STRIKE
- HANCITOR BUILD
- BUILD=2202_pro23
- SUBJECTS OBSERVED
- You got invoice from DocuSign Electronic Service
- You got invoice from DocuSign Electronic Signature Service
- You got invoice from DocuSign Service
- You got notification from DocuSign Electronic Service
- You got notification from DocuSign Electronic Signature Service
- You received invoice from DocuSign Electronic Service
- You received invoice from DocuSign Electronic Signature Service
- You received invoice from DocuSign Service
- You received invoice from DocuSign Signature Service
- You received notification from DocuSign Electronic Service
- You received notification from DocuSign Electronic Signature Service
- You received notification from DocuSign Service
- You received notification from DocuSign Signature Service
- SENDERS OBSERVED
- aewiy@alumaicelodges.fish
- b@alumaicelodges.fish
- bodogov@alumaicelodges.fish
- bojia@alumaicelodges.fish
- eu@alumaicelodges.fish
- ev@alumaicelodges.fish
- fuge@alumaicelodges.fish
- gpu@alumaicelodges.fish
- iuy@alumaicelodges.fish
- keroin@alumaicelodges.fish
- ko@alumaicelodges.fish
- mdeoia@alumaicelodges.fish
- ncwof@alumaicelodges.fish
- ocava@alumaicelodges.fish
- oiobelp@alumaicelodges.fish
- pargo@alumaicelodges.fish
- petukw@alumaicelodges.fish
- ricuqha@alumaicelodges.fish
- sipap@alumaicelodges.fish
- ssoetpu@alumaicelodges.fish
- wyvuluu@alumaicelodges.fish
- x@alumaicelodges.fish
- xuh@alumaicelodges.fish
- y@alumaicelodges.fish
- yfeugaa@alumaicelodges.fish
- MALDOC LANDING PAGE URLS
- https://docs.google.com/document/d/e/2PACX-1vQ-kB0pTgXW9aDcoXDm73pnXJW12BXlXmzDbH16Bh02J-D8MhY1t1gjUHDWJgeDQzeXpK2ir%0D%0AVfWgQwS/pub
- https://docs.google.com/document/d/e/2PACX-1vQ-kB0pTgXW9aDcoXDm73pnXJW12BXlXmzDbH16Bh02J-D8MhY1t1gjUHDWJgeDQzeXpK2irVfWgQwS/pub
- https://docs.google.com/document/d/e/2PACX-1vQhk2dTUsn1I41OFP8QPTIYcmflDlKErIOp96UDEm0tDTT3qZTw3Q_B8PvM5Z3H-2GUWiERedP4VlqU/pub
- https://docs.google.com/document/d/e/2PACX-1vQJlu5STJtCFkssoYeMckSsWBXVhnW_sbzIPaJfmdjiOI0B1LZaBAwLZr2tU1kCFVXCryNVrSpX4Oew/pub
- https://docs.google.com/document/d/e/2PACX-1vQn1DfgT8rTmSaaNetjbjU505TgGl7akc1Mt0EQ_J70HYk5QDLGF2nMkUIP1OrtgfgDJgosFNbS1b71/pub
- https://docs.google.com/document/d/e/2PACX-1vQndzD1pKK3mH1C9LShtNfTodGyj4_aQPsimMZ6EWYv9nf6IYV7u9CfcIDvqWMrzn425TJ4vqYN5fIQ/pub
- https://docs.google.com/document/d/e/2PACX-1vQoO0GQS_2ltzFw2DXfiPyCHOWjBirGjXckDzf5lLXaTRgYcAKItRD4ZqeL_goC961Uftgg4O_se6Jw/pub
- https://docs.google.com/document/d/e/2PACX-1vQvVyzerCm9gPrZ8tTNIxzijTjoi5MmwOxH-6TxpaQ-EB3qj3FZHnGPkycQxkXTUdmIOZ0XIKL6XZ27/pub
- https://docs.google.com/document/d/e/2PACX-1vQxc-pnE2--2ciDgpxLiochx8oUne6Hur1nOVfSM3YsynjZfjGiz438RKIAB8KL5WHdsWB3iCuTXO_a/pub
- https://docs.google.com/document/d/e/2PACX-1vQxKwvwSAWhAkvnQzMABCq9kH-MFU8V47stOB17jeH656npDb6kHE1GnkYGvClFHWkFxjDThdPSJ-1Y/pub
- https://docs.google.com/document/d/e/2PACX-1vR-GAhXP_ci-XbcR4a_Lmdv7LvLB9pZrBuHPTn0YegUP_vXEy6vTui0252HZszzt34prdA4Rq3AizcO/pub
- https://docs.google.com/document/d/e/2PACX-1vRkGh57W7XLlVmpS9oYu2xtCbNU98PZjpychf-S0Dxj-1GwD2zXBZ2zGf0pKHcebbVIJcqjlIKS9QwQ/pub
- https://docs.google.com/document/d/e/2PACX-1vRl80zy0A3aL_iaFggZBnvm3KNJTPN3cbWotijrsLtTGC-7J1A5vLGaQYxNlfz24mMN28OQrwNpA1sf/pub
- https://docs.google.com/document/d/e/2PACX-1vRWjbhZLf6oGbMmllL7IHZtPW0ZWoS7Mcqbq9hbyl3qJtjWQ5SNuXJBlHWuJBRIVeRbI10XIhqIvKUf/pub
- https://docs.google.com/document/d/e/2PACX-1vS2Qk-2EEEfPUJmoOy8C334NmhI7Tkh04qE__0P6dS9NAOrbqxHthbWozvRFmCG5OhlU-ijh%0D%0AUTlLDyD/pub
- https://docs.google.com/document/d/e/2PACX-1vS2Qk-2EEEfPUJmoOy8C334NmhI7Tkh04qE__0P6dS9NAOrbqxHthbWozvRFmCG5OhlU-ijhUTlLDyD/pub
- https://docs.google.com/document/d/e/2PACX-1vSJL-ReLTfXaDAuI_qWvs3KZgma5yFEOyaG5Xk9e5r979b6UrUz65qTof9nCjAjo4Xi6Cjl3hnFZ6tV/pub
- https://docs.google.com/document/d/e/2PACX-1vSnG1JefaqYebfMBE8HqaI7nSON9e4DIWgbPTYpqLQjgAtPOrK17vGObrX8p_uw61LkCvmtGCkbeP_6/pub
- https://docs.google.com/document/d/e/2PACX-1vSq-o4asEvEMoAZjxGcOjlRpYcK2gNtWhQxrVusiEiDcErWiRiFft24Mb-j5Ava_kGN4RlqobiUhoNY/pub
- https://docs.google.com/document/d/e/2PACX-1vSVoDn0Yp6ntsSJiTp8xTCiNTTQqd8cPcpi6sN1HUBW1vzyyB1OluEARsyUu7BI5BdwZDFQCnlYIhOm/pub
- https://docs.google.com/document/d/e/2PACX-1vTfZE4VnQh0Ey67V8BIqD45WJLIn9BVccYNLsoh1Q9AU4Vxhb971lH0A0j5TprNsRHbEv9uVVJYWIS-/pub
- https://docs.google.com/document/d/e/2PACX-1vTOBi7axXJdNhUUkkhu9S5a6kzb5fEl4ANiixpL5f_GxuhI7bnCZs5eKCfs24SdxUJWSU9wlH4vXXyR/pub
- https://docs.google.com/document/d/e/2PACX-1vTwA01MsfMYDOXyDL6YFq5x6Nx_YhEFt71woCUOjnbc0zG_kJ1aX3rWUSuRHzYMXXz-AiySPvjxVhQu/pub
- HANCITOR MALDOC FILE HASHES
- 0f9d6b4a97ee723a947975a9e4622387
- 1fabc8013d27b1362e630565ddb409a7
- 2713b4cb39db07ed5348dc08948ab793
- 35603615b1fa809f232d5689c73ab1e8
- 5f0a01249f5ba11cf851277102072bf2
- 814a568251f8505ec9a4aa07d8ac978c
- 8d87baec7970c1712247049ce27b3908
- 954f05ca1c4aff1e99d6971382d4cd2c
- 978da89000abd1dccabac234cb6d7033
- a6229985bf46c42ccac6f6000c98ea89
- b6ede47bc6f6d0585ae4f49b05a1bcbd
- MALDOC DISTRIBUTION URLS
- https://4spoiltboyz.co.za/overdid.php
- https://4spoiltboyz.co.za/southwestward.php
- https://hortodovalqueire.com.br/boric.php
- https://hortodovalqueire.com.br/fanfold.php
- https://jayins.com/configuration.php
- https://maxusglobalsolutions.com/alkyl.php
- https://maxusglobalsolutions.com/siderurgy.php
- https://maxusglobalsolutions.com/unsolder.php
- https://platinumherring.com/projects/TowerDefense/images/listing.php
- https://platinumherring.com/projects/TowerDefense/images/unfamiliarly.php
- https://registration.realestatehours.com/assets/plugins/jquery-file-upload/server/php/files/demilitarization.php
- https://social.powerpc.in/redefinition.php
- https://ubialergenos.es/timbering.php
- 4spoiltboyz.co.za
- hortodovalqueire.com.br
- jayins.com
- maxusglobalsolutions.com
- platinumherring.com
- registration.realestatehours.com
- social.powerpc.in
- ubialergenos.es
- Redirect phishing page
- https://xn--xpss53-cib19nl66k.com/
- HANCITOR PAYLOAD FILE HASH
- Static.dll
- 2b9c1cd4be01ed10b60b65a03c0be683
- HANCITOR C2
- http://aftereand.com/8/forum.php
- http://nevemicies.ru/8/forum.php
- http://froplivernat.ru/8/forum.php
- FICKER STEALER PAYLOAD URLS
- http://sromecorlduce.ru/6sfsgfsgqwert.exe
- FICKER STEALER FILE HASH
- 6sfsgfsgqwert.exe
- 77be0dd6570301acac3634801676b5d7
- FICKER STEALER C2
- http://sweyblidian.com
- COBALT STRIKE PAYLOAD URLS
- http://sromecorlduce.ru/2402s.bin
- http://sromecorlduce.ru/2402.bin
- COBALT STRIKE FILE HASHES
- 2402s.bin
- dc57675fab5881647a04df79f0b44046
- 2402.bin
- 70521e49ebd77ab3667f03dafcaa34c8
- COBALT STRIKE TRAFFIC
- http://193.160.32.60/5bLy
- http://193.160.32.60/fwlink
- http://193.160.32.60/submit.php?id=1006340648
- https://193.160.32.60
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement