Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: HANCITOR
- SUBJECTS OBSERVED
- You got invoice from DocuSign Signature Service
- You got notification from DocuSign Electronic Service
- You received invoice from DocuSign Electronic Signature Service
- You received notification from DocuSign Electronic Signature Service
- You received notification from DocuSign Service
- SENDERS OBSERVED
- MALDOC LANDING PAGE URLS
- https://docs.google.com/document/d/e/2PACX-1vQ2_QVmL13WvuV9TNRBqBBaTPYsdyx-Nz2nLaM9EojKtNRjitS2nmk2bx_KbEaYOjcS085HxdnBj_zb/pub
- https://docs.google.com/document/d/e/2PACX-1vQhndfOxhPD3jQQ73J8KxppCdzOAKRo4ObwzsBiC8GfFjhPbEw_16_StST_5HZUPkC4kAttI%0D%0AbFPHJ8o/pub
- https://docs.google.com/document/d/e/2PACX-1vQhndfOxhPD3jQQ73J8KxppCdzOAKRo4ObwzsBiC8GfFjhPbEw_16_StST_5HZUPkC4kAttIbFPHJ8o/pub
- https://docs.google.com/document/d/e/2PACX-1vR4nGUu16IcLQooUvA0UiWDSGdFZr0w-FizWVaAC0hE5LLRMk7fvEGV0Rpk35LvWxF-9z5elns6G4nf/pub
- https://docs.google.com/document/d/e/2PACX-1vTXyLPCBwzVDJyFIjQq6tJyn2PKAfe261LdpiIaFjD1oMM3G893avJgxtqYeRSuBKNISaf0MO3GPQhu/pub
- MALDOC DISTRIBUTION URLS
- http://dieeulenklasse.com/pack.php
- http://owlmarketingexcellence.com/dismiss.php
- I couldn't retrieve the actual download url for the .xlsb file.
- 10_20_report.xlsb
- 28ab25f8f1addbd3c9a93d156e7407b1
- HANCITOR DOWNLOAD URLS
- http://marspetcarelawsuit.com/xls.png
- HANCITOR PAYLOAD FILE HASH
- xls.png
- 83ba2586ea176dfb069ec4bf49439d94
- HANCITOR C2
- http://stylefersan.com/7/forum.php
- SECONDARY PAYLOAD
- http://nepbag.com/f3.exe
- f3.exe
- c9917fd15fed108ad9d6ee548dd2e4c1
- UNKNOWN C2
- functionalrejh.com
- SUPPORTING EVIDENCE
- https://bazaar.abuse.ch/browse.php?search=83ba2586ea176dfb069ec4bf49439d94
- https://www.virustotal.com/gui/file/dc7f971af6d534662501decd86d0cb8d58392149a0cf06a236f6aec2490808aa/detection
- https://app.any.run/tasks/0df02d87-76ef-4bc1-813b-45d974b5b517/
Add Comment
Please, Sign In to add comment
