DarthInvader

Oct 3, 2017 Hancitor fake Ring Central phish IOCs

Oct 3rd, 2017
1,026
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Hancitor Oct 3, 2017 fake Ring Central fax
  2. From: ringcentral@servicemasterqr.com and ringcentral@cisonic.com
  3. Subject: New incoming fax from xxx-xxx-xxx
  4. Downloaded document name: fax_299407.doc
  5. Document SHA256: 435c0c15f9fde201c221cdd60c25843230b0be00c5e84c35a23b2482d95e4d78
  6.  
  7. Phishing URLs
  8. capstratconsulting.info
  9. capstratconsulting.net
  10. capstratconsulting.org
  11. capstratconsulting.us
  12. codepalpreplanviewer.info
  13. codepalpreplanviewer.net
  14. codepalpreplanviewer.org
  15. codepaltoolkitxa.com
  16. codepaltoolkitxa.info
  17. codepaltoolkitxa.net
  18. codepaltoolkitxa.org
  19. codepalxa.com
  20. codepalxa.info
  21. codepalxa.net
  22. codepalxa.us
  23. gcpumpparts.com
  24. gcpumpparts.net
  25. golfpumpparts.com
  26. golfpumpparts.net
  27. golfstationparts.com
  28. golfstationparts.net
  29. golfstationpumpparts.com
  30. waterbornepumps.net
  31.  
  32. C2 Domains
  33. http://idsurinle.com/ls5/forum.php
  34. http://higocoeveng.ru/ls5/forum.php
  35. http://gauldtigot.ru/ls5/forum.php
  36.  
  37. Malware Delivery links
  38. http://totalmss.co.za/wp-content/plugins/really-simple-captcha/3
  39. http://bodyco.ru/wp-content/plugins/category-seo-meta-tags/3
  40. http://christiangans.de/wp-content/plugins/simple-facebook-comments-for-wordpress/3
  41. http://odeonradio.nl/wp-content/plugins/sm-facebook-comments/3
  42. http://blog.thegemden.com.au/wp-content/plugins/wp-slimbox2/3
  43. http://marok.info/core/functions/3
  44.  
  45. File1 SHA256: c22a81ab297a5b1aff4bb7a7616726d4286a7aeee654de5ffd870a1760c297bc
  46. File2 SHA256: 161b534092bc58f9745e772e6ff59b84555af729d335bb98b9062c29fbdb407a
  47. File3 SHA256: 95597e97cb9ce10e99ae71a637d08e58c640628f759e07fde77f407b65d18245
RAW Paste Data