Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT IDENTIFICATION: HANCITOR
- HANCITOR BUILD
- BUILD=2203_78291
- SUBJECTS OBSERVED
- You got invoice from DocuSign Electronic Service
- You got invoice from DocuSign Electronic Signature Service
- You got invoice from DocuSign Signature Service
- You got notification from DocuSign Electronic Signature Service
- You got notification from DocuSign Service
- You got notification from DocuSign Signature Service
- You received invoice from DocuSign Electronic Service
- You received invoice from DocuSign Signature Service
- You received notification from DocuSign Electronic Service
- You received notification from DocuSign Electronic Signature Service
- You received notification from DocuSign Service
- SENDERS OBSERVED
- a@snowbustersllc.com
- apanazj@snowbustersllc.com
- buhujy@snowbustersllc.com
- cixfyli@snowbustersllc.com
- dneexae@snowbustersllc.com
- ee@snowbustersllc.com
- fiuqola@snowbustersllc.com
- fo@snowbustersllc.com
- hbyhj@snowbustersllc.com
- hsuly@snowbustersllc.com
- le@snowbustersllc.com
- mwuqsao@snowbustersllc.com
- p@snowbustersllc.com
- posikyn@snowbustersllc.com
- qa@snowbustersllc.com
- tbcye@snowbustersllc.com
- tcwapui@snowbustersllc.com
- uhoywe@snowbustersllc.com
- um@snowbustersllc.com
- umixy@snowbustersllc.com
- wado@snowbustersllc.com
- wgvkxed@snowbustersllc.com
- xh@snowbustersllc.com
- xy@snowbustersllc.com
- yvecdam@snowbustersllc.com
- MALDOC LANDING PAGES
- https://docs.google.com/document/d/e/2PACX-1vQ2QmKqpFfogMSVC5PaSsaG3aYVVrlpRk5ykUbi4euELKRWoMNEZIOQsqBXQ2iP0gaA9PyhSQP1dTJx/pub
- https://docs.google.com/document/d/e/2PACX-1vQ4zote8gEuHaMs_vq9T8da8zIiArW7owRrmCXq56oiiN_XtlqE9-QVf7mCKoH8GYYiFp2G_65s7bq1/pub
- https://docs.google.com/document/d/e/2PACX-1vQedoqW845ToRk9H2w8AuC9uYd37RUAWv33AlX_K_SVMdVPhKe71NT74Q7UWbuwIcxV5BndF7VpmO_3/pub
- https://docs.google.com/document/d/e/2PACX-1vQF_sUZFmDtOy6tIeFLHWGEbDS497ZKcFVMv013ITSf_kLqsrCxwwPmIvCkIg5gv-pT7rb-YZKfyOmI/pub
- https://docs.google.com/document/d/e/2PACX-1vR6wLZmg3E34qGmiQvsLA0jhwAOr5_V5cMXtum2FrGxR-rFMYbNFVoW32ItFaV2e4s8bceF5N6IOAhT/pub
- https://docs.google.com/document/d/e/2PACX-1vRA1hRnQ5LijEc6DLtlGdX4NOa1KTLETUI0WciyQXVZdpcMDho3ZKSMprljuCjQkoFx9FBHwpy0oQvQ/pub
- https://docs.google.com/document/d/e/2PACX-1vRAt8uzl1p62_2T6X-CDHb0iYDE_UZOAM5Y0NLbdZIbJ4XpI1t-Ist6HpnCusCSRjOSN0IsKWqr-4pe/pub
- https://docs.google.com/document/d/e/2PACX-1vRfQ2VQjCBTTRKsu1XfjG-2W_M6V0impjsV_-mjmUKxvzqImizIg4vmFHNLKWUXx3n_GbO9YgBB_uxl/pub
- https://docs.google.com/document/d/e/2PACX-1vRhgT8a4ZKzUbsxthYJXGHMuovSqml6q6cJAirtgygKRsE5Lq6aTpjKiOKdK19UfoywMflcaFgYuz1v/pub
- https://docs.google.com/document/d/e/2PACX-1vRNIG5voGdaWw6mofrJaA4L1T0KAoma-9H2fD1wFOgxxHZbII0O0FoqYaSdVFsTsBzJJFkhHpjjtgrk/pub
- https://docs.google.com/document/d/e/2PACX-1vRTr82FbM795Fniqq0Se-Ib9S2eu35C2EuoXBhSoje1gSozIXrdUZDEYmRupgmF3F5SOKEwB02dLZsb/pub
- https://docs.google.com/document/d/e/2PACX-1vRum3WLrjl61awoawdPXeS223ntq50ClQHWeCXXnwwLdMKMcuNmtWuVdYR_nUyo486PjEXH_9LmlQ3n/pub
- https://docs.google.com/document/d/e/2PACX-1vSDdQ-bJDFns_M8Z9xR_Qbc1BAXUmqZaSVbdCdH2CgAEEoeZwmspFu5VWSTIqBab64_CsdMZYPZQCR4/pub
- https://docs.google.com/document/d/e/2PACX-1vSe94VNCk9NYSFlc0VpxT9XsONIYaQgJbK0xoxjufn49REZr_LcpIb3tjaq6_jwvA1X3FsL5CzZGOv6/pub
- https://docs.google.com/document/d/e/2PACX-1vSjdtqS08PUs_hXHi39N5mF8nCj3lI5f2ZWrmghJ9blZbyOahGolAEY02u45IWTqwGRLBJVMW9oB9Ah/pub
- https://docs.google.com/document/d/e/2PACX-1vSq4Yn3nN3UfNO7z65n9rMwZ1oQrHM27QSe-6Hp6hS6s-aSm5eDbrV_SJpWwhRf-7HT6C-Qz4SRGJvC/pub
- https://docs.google.com/document/d/e/2PACX-1vSQmg3YFKWCexKvJSUEPUIpYZlm3xH08Oc3PCGtscIo99TLRpQX186XHiLa0NCRzWskXGeho6XErspY/pub
- https://docs.google.com/document/d/e/2PACX-1vSurUbKdti2dNpxYp4yUU4N810uy-6j6yPeDQAGi-hrmK-zbXoWfM-ZI5cZBGz7hFHSF5shMy70bf1L/pub
- https://docs.google.com/document/d/e/2PACX-1vSW8VQwi4g97jnGUEBzPRoIgBnWLGbJYoJ5NuaqSAgUQmnZR3Gk-aX2JREu3xQDpXiuqMLIDuxgPDRK/pub
- https://docs.google.com/document/d/e/2PACX-1vSzzBabP5pDKOaS0IhroC7BT_ngOy3gbIBif9qTJ0hh0Q6SIzo8QtRqEWdHdwy770L44lrdGrz6URZM/pub
- https://docs.google.com/document/d/e/2PACX-1vTatBAQkEH4gtEbsE7k0eD_n9hvFCBLgjZlLm3x615XorlugjVlJnup0q9BR0stQlE3Y87qcAYIHVhA/pub
- https://docs.google.com/document/d/e/2PACX-1vTedYR0WfOe7OPtEEBkrsHiCvzyVrfZBKtKQhPXc3lAIUPpyhSXuU_rToHgyHDGippy1wbBv97iQLp3/pub
- https://docs.google.com/document/d/e/2PACX-1vTsjpTTQl8I0UNQHiqIu29gRqWsGTS7hkKPUKrHkLWlV976zSGINvz0QIwn8LzDx7GSmtCWANdrkIWC/pub
- https://docs.google.com/document/d/e/2PACX-1vTYhYPSVBUhft26DKSFpf7EAQlS0BjzRmQIazKc3rLPEJmP08Ev7AF7ZLLLYCzod-Oh38YmMF8HZ8Y7/pub
- MALDOC DISTRIBUTION URLS
- https://cluebazar.com/atrocious.php
- https://cluebazar.com/reassembly.php
- https://erp.focusgroupbd.com/preparatory.php
- https://livenetworks.com.br/lift.php
- https://locequipamentosbh.com.br/bowlegged.php
- https://softwareride.com/public/template/plugins/datatables-fixedcolumns/css/astonishes.php
- https://uniquewebservice.com/peonage.php
- https://webworks.nepila.com/analgesic.php
- https://www.oacts.com/stevedoring.php
- https://www.razwerks.com/empiric.php
- https://www.razwerks.com/plural.php
- https://www.razwerks.com/rah.php
- cluebazar.com
- focusgroupbd.com
- livenetworks.com.br
- locequipamentosbh.com.br
- nepila.com
- oacts.com
- razwerks.com
- softwareride.com
- uniquewebservice.com
- HANCITOR MALDOC FILE HASHES
- e960bb72d2fde613916fec3938903f73
- a2502fa1b2f7c3ee10ba464ea105c74c
- eff9684639bef068eb2973f6e3cc4ac4
- 38fb95d9e5aebb9de5337a877b348417
- 4aad8d4b96002e1f0ec67c5738a97ff9
- 9b41f55a0aaf7a3027dc9a81cba9c904
- 1ceb6115bb50ba5e401af7993cf5b2a7
- 0f88577f54d19eb2503a44830aee29ce
- HANCITOR PAYLOAD FILE HASH
- Static.dll
- 5eaea1f20e237257dadfd96e597d8ef4
- HANCITOR C2
- http://tricilidiany.com/8/forum.php
- http://intaticducalso.ru/8/forum.php
- http://gloporiente.ru/8/forum.php
- FICKER STEALER PAYLOAD URLS
- http://g1smurt.ru/6jiuu8934u.exe
- FICKER STEALER FILE HASH
- 6jiuu8934u.exe
- 77be0dd6570301acac3634801676b5d7
- FICKER STEALER C2
- http://sweyblidian.com
- COBALT STRIKE DOWNLOAD URLS
- http://g1smurt.ru/2303.bin
- http://g1smurt.ru/2303s.bin
- COBALT STRIKE FILE HASHES
- 2303.bin
- 07a39d514646abe8efc39e930dbf74b1
- 2303s.bin
- 461353de6e2edda219692b64d08a55e7
- COBALT STRIKE TRAFFIC
- http://74.50.60.96/9Wic
- http://74.50.60.96/visit.js
- 9Wic
- 72326b9238c305a45cf387ce2141d659
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement