API tools faq
paste
ring0x0

2018-05-01-Hancitor

ring0x0
May 1st, 2018
345
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.07 KB | None | 0 0
raw download clone embed print report
  1. Sender: usbank@stjamesmac.com
  2. Subjects: U.S. Bank Alert, U.S. Bank Notification, U.S. Bank Notice, U.S. Bank Message
  3.  
  4. #Doc Download Domains:
  5. actuneupca.com
  6. chiropracticlibrary.com
  7. clifmays.com
  8. expressairparcel.com
  9. gamification4you.com
  10. ifewholehomefans.com
  11. ifewholehousefan.com
  12. ifewholehousefan.net
  13. ifewholehousefans.com
  14. ifewholehousefans.info
  15. ifewholehousefans.net
  16. interfaithelectricandsolar.co
  17. interfaithelectricnsolar.co
  18. lmperfumes.com
  19. spinalrt.com
  20. superiorcomfortprohvac.com
  21. superiorhvacuniversity.com
  22. triadhangout.com
  23. triadpain.com
  24. triadpaingroup.com
  25.  
  26. #Hancitor C2s
  27. hxxp://supratparfa.com/4/forum.php
  28. hxxp://losupsofof.ru/4/forum.php
  29. hxxp://depeparand.ru/4/forum.php
  30.  
  31. #Hancitor payload links
  32. hxxp://kdprvirtual.com/wp-content/plugins/duplicate-post/1
  33. hxxp://animalhealthcenterinc.com/wp-content/plugins/post-expirator/1
  34. hxxp://rogersonenterprises.com/blog/wp-content/plugins/jetpack/1
  35. hxxp://militaryschools101.com/wp-content/plugins/nofollow-for-external-link/1
  36. hxxp://bestwptricks.com/wp-content/plugins/polldaddy/1
  37. hxxp://kdprvirtual.com/wp-content/plugins/duplicate-post/2
  38. hxxp://animalhealthcenterinc.com/wp-content/plugins/post-expirator/2
  39. hxxp://rogersonenterprises.com/blog/wp-content/plugins/jetpack/2
  40. hxxp://militaryschools101.com/wp-content/plugins/nofollow-for-external-link/2
  41. hxxp://bestwptricks.com/wp-content/plugins/polldaddy/2
  42. hxxp://kdprvirtual.com/wp-content/plugins/duplicate-post/3
  43. hxxp://animalhealthcenterinc.com/wp-content/plugins/post-expirator/3
  44. hxxp://rogersonenterprises.com/blog/wp-content/plugins/jetpack/3
  45. hxxp://militaryschools101.com/wp-content/plugins/nofollow-for-external-link/3
  46. hxxp://bestwptricks.com/wp-content/plugins/polldaddy/3
  47.  
  48. #Pony C2s
  49. hxxp://supratparfa.com/mlu/forum.php
  50. hxxp://losupsofof.ru/mlu/forum.php
  51. hxxp://depeparand.ru/mlu/forum.php
  52.  
  53. #Panda Config
  54. t": "2.6.8",
  55. "check_config": 327685,
  56. "send_report": 655370,
  57. "check_update": 1966110,
  58. "url_config": "hxxps://bithetbuter.ru/1afhecysoduunselisoig.dat",
  59. "url_webinjects": "hxxps://bithetbuter.ru/68webinjects.dat",
  60. "url_update": "hxxps://bithetbuter.ru/1afhecysoduunselisoig.exe",
  61. "url_plugin_webinject32": "hxxps://bithetbuter.ru/68webinject32.bin",
  62. "url_plugin_webinject64": "hxxps://bithetbuter.ru/68webinject64.bin",
  63. "remove_csp": 0,
  64. "inject_vnc": 0,
  65. "url_plugin_vnc32": "hxxps://bithetbuter.ru/68vnc32.bin",
  66. "url_plugin_vnc64": "hxxps://bithetbuter.ru/68vnc64.bin",
  67. "url_plugin_vnc_backserver": "Z2KvEWWIVjHCjeytKlg4Ls8=",
  68. "url_plugin_backsocks": "hxxps://bithetbuter.ru/68backsocks.bin",
  69. "url_plugin_backsocks_backserver": "Z2KvEWWIVjHCjeytKlg4Ls8=",
  70. "url_plugin_grabber": "hxxps://bithetbuter.ru/68grabber.bin",
  71. "grabber_pause": 2,
  72. "grab_softlist": 1,
  73. "grab_pass": 1,
  74. "grab_form": 1,
  75. "grab_cert": 1,
  76. "grab_cookie": 1,
  77. "grab_del_cookie": 0,
  78. "grab_del_cache": 0,
  79. "url_plugin_keylogger": "hxxps://bithetbuter.ru/68keylogger.bin",
  80. "keylog_process": "cHV0dHkuZXhlAAA=",
  81. "screen_process": "cHV0dHkuZXhlAAA=",
  82. "reserved": "EHWYzK2iP0NgfKxV26oNNeKpEAkvVm8bNJ1SS4imvpKRB25bHco/HcGjwZSyA+OKKL0gGIXEqmWsYkZo7WuMQbSohRkv3P9TCkMJKzx9NL4D9gUNY+VQCBUX01ZU+zZp5E5h"
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!