Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT IDENTIFICATION: HANCITOR
- HANCITOR BUILD
- BUILD=2502_ser3402
- SUBJECTS OBSERVED
- You got invoice from DocuSign Electronic Service
- You got invoice from DocuSign Service
- You got notification from DocuSign Service
- You got notification from DocuSign Signature Service
- You received invoice from DocuSign Electronic Signature Service
- SENDERS OBSERVED
- cilegsi@alumalodge.fish
- eky@alumalodge.fish
- gbjb@alumalodge.fish
- o@alumalodge.fish
- omeuao@alumalodge.fish
- pdeugau@alumalodge.fish
- udiuwig@alumalodge.fish
- uvpi@alumalodge.fish
- xxwsxex@alumalodge.fish
- MALDOC LANDING PAGE URLS
- https://docs.google.com/document/d/e/2PACX-1vQ_iB254FLZwex_SMtN1bYyqc9cAwxV51Az9MCiJh0yrgprVjrxalbkw4mEgagakJfve6XTSf3fyP-m/pub
- https://docs.google.com/document/d/e/2PACX-1vQ_UEesgTo9XOh6sV3jReYaUKNkrZOcPsd5-jloT40W2EMSMjF1fa0mSt34KjOHD9SbIYdYmPpzDX0H/pub
- https://docs.google.com/document/d/e/2PACX-1vQeZKhFLekudqH3SSwsm2cc_X4AMMZb7KSrHqL5EZ0I3JHODeQKm7ap34GwWRRUzraQShIhiwPBCbIJ/pub
- https://docs.google.com/document/d/e/2PACX-1vRbBTctItvpIsRVS1B6G7eS6WHFcJZvk2jWAwdZ0OV-uAoHOfqR_he9BAIF_rI5uDC891PzpnOLSdMm/pub
- https://docs.google.com/document/d/e/2PACX-1vRiZWs38eBJl6meJPSFY2n8C25-FdvSRAhpBf-cUDDYHbCGCHhKdJYJY235mwYdsBLzJHJZlYZgLciM/pub
- https://docs.google.com/document/d/e/2PACX-1vS2xXZgf6hNt6zT8z90MneOAAb1um1Er7Cwe6nnlWbyfVDzomOWwNCB32YJmvfELTrP0eE7lZo0iYYu/pub
- https://docs.google.com/document/d/e/2PACX-1vT03x_9-U0Q7CUikEnNeebwSj6e8ZSmcaOdDoAMlfueLiWEL9pKY67j14KD-CyzP_n20bvpCg0ZZgyr/pub
- https://docs.google.com/document/d/e/2PACX-1vTghdcY921fCwuju7Y7Htf52IvtbdCo1uxKs5JBQErhrIO84GMbYDK7ScCw8zTr4emwvpiglNd_MiHa/pub
- https://docs.google.com/document/d/e/2PACX-1vTudh0fa8ddJIUHwzvFNFCeIAHQ4GSRi1l07Rf0PcaNlNi2afpbp4GhC23HvbH3mrKg8_TifpPrhLGz/pub
- MALDOC DISTRIBUTION URLS
- https://4spoiltboyz.co.za/magnet.php
- https://4spoiltboyz.co.za/rebus.php
- https://buahpinggang.my/driftage.php
- https://cocam.com.br/app/webroot/imagens/chamadas/recalcitrant.php
- https://wp.webmavens.com/wp-content/awhirl.php
- 4spoiltboyz.co.za
- buahpinggang.my
- cocam.com.br
- webmavens.com
- HANCITOR MALDOC FILE NAMES
- 0225_6931906569242.doc
- fc95d6794c9551d41ca64699dba7831e
- 0225_45868432836132.doc
- e675dc56b3a2044fcdac9f36fd48ad0e
- 0225_4384219621562.doc
- 7903732249da4ff1cfb1c05a39570d2e
- HANCITOR MALDOC FILE HASHES
- 7903732249da4ff1cfb1c05a39570d2e
- e675dc56b3a2044fcdac9f36fd48ad0e
- fc95d6794c9551d41ca64699dba7831e
- HANCITOR PAYLOAD FILE HASH
- Static.dll
- 1272d3d1b2e63bf3a7111200957f4fe6
- HANCITOR C2
- http://speritentz.com/8/forum.php
- http://afternearde.ru/8/forum.php
- http://counivicop.ru/8/forum.php
- FICKER STEALER PAYLOAD URLS
- http://wouatiareves.ru/6hy67438ue.exe
- FICKER STEALER FILE HASH
- 6hy67438ue.exe
- 77be0dd6570301acac3634801676b5d7
- FICKER STEALER C2
- http://sweyblidian.com
- COBALT STRIKE PAYLOAD URLS
- http://wouatiareves.ru/2502.bin
- http://wouatiareves.ru/2502s.bin
- COBALT STRIKE FILE HASHES
- 2502.bin
- a62f0f63412325dbdf7827847c00b94f
- 2502s.bin
- 639c23bc846ab4ed33d036be7119f336
- COBALT STRIKE TRAFFIC
- http://64.52.168.229:8080/7ySY
- http://64.52.168.229:8080/ptj
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement