Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT IDENTIFICATION: HANCITOR / COBALT STRIKE
- HANCITOR BUILD
- BUILD=0403_nores34
- SUBJECTS OBSERVED
- You got invoice from DocuSign Electronic Service
- You got invoice from DocuSign Electronic Signature Service
- You got invoice from DocuSign Signature Service
- You got notification from DocuSign Electronic Signature Service
- You got notification from DocuSign Service
- You received invoice from DocuSign Electronic Service
- You received invoice from DocuSign Service
- You received notification from DocuSign Electronic Service
- You received notification from DocuSign Electronic Signature Service
- You received notification from DocuSign Service
- You received notification from DocuSign Signature Service
- SENDERS OBSERVED
- ajt@snowexonline.com
- aniveaj@snowexonline.com
- creadfw@snowexonline.com
- egeszeu@snowexonline.com
- equoagr@snowexonline.com
- esaluff@snowexonline.com
- fosoxne@snowexonline.com
- gopiznr@snowexonline.com
- hieyso@snowexonline.com
- lyhitaz@snowexonline.com
- nnoi@snowexonline.com
- oehnu@snowexonline.com
- oeywo@snowexonline.com
- xixuniv@snowexonline.com
- MALDOC LANDING PAGE URLS
- https://docs.google.com/document/d/e/2PACX-1vQkYvPU24UHJLynDjQ25iRce5x73XuBlY8psz1v6RLdaAK8JQt4mYm93_4RB9b13hZHg0vOHG85aqub/pub
- https://docs.google.com/document/d/e/2PACX-1vQOJN73n-i1JBQbqxEqgqKqMtLBUyXUD3MHJqcLOZyKpcsUvI1aAI8PA0Pa4jKFntZ3m8J8u55W-1ye/pub
- https://docs.google.com/document/d/e/2PACX-1vQoPLK79pc1M6JRgGKM3U6Zfub4EPSNepf0MhVOTezOBVcpd8eQk9sSQIJikBPvMUwSYfAL16GIH2gZ/pub
- https://docs.google.com/document/d/e/2PACX-1vRE1ybUAsRj-4TyUlfpeskJR9eVxIKwDScs9NEkakEmH1ZXyt_LxuyTe2yV0vy7Y3uLQRmgCyznzvn9/pub
- https://docs.google.com/document/d/e/2PACX-1vRyIiKdNjduDmviehJXbvGunz9zTyox1t9skocoKZ5n9Q_dyoHVxLba_S5OXU-X5Sn1mlwTq_T0tA0N/pub
- https://docs.google.com/document/d/e/2PACX-1vS8lwl_gAnJaWYujFM_zrJlSoThA1no4V5gqhAs5Q_Cbgjb1WKM3I0TExKYrDf7et9DnQEf1V8uR7fP/pub
- https://docs.google.com/document/d/e/2PACX-1vSqO9dMUxcFkCY1US1-ykUljKNSonW37UmZsE3pFFPQQ539Hz4eHhOdW8KccXeH64Uh0UeKei6Tulbw/pub
- https://docs.google.com/document/d/e/2PACX-1vSTnAraWhZFAWzAQv6xyf9sWk0oqUcjbzmYTaUZSG_edrfj_FAj8nC-SeFxJODwsVfqGNY6ErQ1qSi9/pub
- https://docs.google.com/document/d/e/2PACX-1vSyZawSqrd0CQcartqL8DkxWYCEWJ-l33lZkVa2hPUTopSN_2ZBLyCPwA3idJzCrCwbdRnfELRbbSU-/pub
- https://docs.google.com/document/d/e/2PACX-1vT87tY-Y4ToX4InBmkCbRyJD3hd2Q8QrKH8N1WA-CUzGuc7TuqssBxlsrurUIurcMOAbo3_GjzlHtwT/pub
- https://docs.google.com/document/d/e/2PACX-1vTeNivpzYo1Ck3u1Asa20p0_chu6UTFhQdpAj3Ewo1Kh2mjy47wwlobF8l6y1pvqP_KtsIfDOvDSbiZ/pub
- https://docs.google.com/document/d/e/2PACX-1vTHdHOtlDts6WnCYAmKaTA3r_wSVtIYttrAHajuyRgq_0rmJOjkb_KSQUFROmP0sqXVbP7yNpksfCYA/pub
- https://docs.google.com/document/d/e/2PACX-1vTjYkU9CfU5rjiwt1mVarAMLARzIfAYIICys7trq2i_-B7qa5QCkw-2AYV3gBrb5Xe_yR-Cdydm3odg/pub
- MALDOC DISTRIBUTION URLS
- https://m7a.rgstage.com/airworthy.php
- https://lemicapaper.com/maritime.php
- https://alaseeldates.com/respirator.php
- http://rxquickpay.com/replacing.php
- HANCITOR MALDOC FILE HASHES
- 7ba91fe733a2b27af2c602525151305d
- d778b79cc5390c3811725cd5139d9979
- df25295ccde09b82d7bc0ae808566738
- HANCITOR PAYLOAD FILE HASH
- Static.dll
- b6675ddf8a99e0103b4c18655ead94fd
- HANCITOR C2
- http://throsesspeotte.com/8/forum.php
- http://imilifeesinci.ru/8/forum.php
- http://publearysuc.ru/8/forum.php
- FICKER STEALER PAYLOAD URLS
- http://baadababada.ru/6jhfa478.exe
- FICKER STEALER FILE HASH
- 6jhfa478.exe
- 77be0dd6570301acac3634801676b5d7
- FICKER STEALER C2
- http://sweyblidian.com
- COBALT STRIKE PAYLOAD URLS
- http://baadababada.ru/0303.bin
- http://baadababada.ru/0303s.bin
- COBALT STRIKE FILE HASHES
- 0303s.bin
- a46e64f8667a0c1dc2810c92c8453f91
- 0303.bin
- d7c42ce4f084c429185b994bbdd2fb68
- COBALT STRIKE TRAFFIC
- http://51.81.142.72/uNPI
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement