Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: HANCITOR
- SUBJECTS OBSERVED
- You got invoice from DocuSign Electronic Service
- You got invoice from DocuSign Service
- You got invoice from DocuSign Signature Service
- You got notification from DocuSign Electronic Service
- You got notification from DocuSign Electronic Signature Service
- You got notification from DocuSign Service
- You got notification from DocuSign Signature Service
- You received invoice from DocuSign Electronic Service
- You received invoice from DocuSign Electronic Signature Service
- You received invoice from DocuSign Service
- You received invoice from DocuSign Signature Service
- You received notification from DocuSign Electronic Service
- You received notification from DocuSign Electronic Signature Service
- You received notification from DocuSign Service
- You received notification from DocuSign Signature Service
- SENDERS OBSERVED
- a@backupez.com
- airdu@backupez.com
- bofgisu@backupez.com
- dmedure@backupez.com
- doqu@backupez.com
- e@backupez.com
- exiviai@backupez.com
- fogaqi@backupez.com
- hcayz@backupez.com
- ji@backupez.com
- kxdotkw@backupez.com
- leixjma@backupez.com
- lfeqfo@backupez.com
- msa@backupez.com
- otim@backupez.com
- pavzaoy@backupez.com
- qauado@backupez.com
- qedakef@backupez.com
- qtzkkc@backupez.com
- rbaqweb@backupez.com
- sjiqif@backupez.com
- vuiua@backupez.com
- wagu@backupez.com
- wiyg@backupez.com
- wizuucw@backupez.com
- wizuucw@backupez.com
- wizuucw@backupez.com
- wizuucw@backupez.com
- wizuucw@backupez.com
- xeohoyh@backupez.com
- ywg@backupez.com
- MALDOC LANDING PAGE URLS
- https://docs.google.com/document/d/e/2PACX-1vQ86S5QjJHqDYxFtUfBNqR09jJLbegSo_SzGf7W7KKJChotrbb5Ozvz1vrFnGllGdMkAZjBwhN-N9Nq/pub
- https://docs.google.com/document/d/e/2PACX-1vQcuCU0Pwen4WlzLd8WlM3Rokuj3TFLxug8QWmb3lYw2y6WK8nL6SqQfBAbMxemqvYynj7ckeZinNR7/pub
- https://docs.google.com/document/d/e/2PACX-1vQiqmw1rvPhUy0DGbCJ44AonMJ-L3YODp9yZz4iIkzyqk-6T53H0Bn80RW3N054GUnpclhX9edPwTRy/pub
- https://docs.google.com/document/d/e/2PACX-1vQN6DoIIl2HD8a47Kr-aNwQAAffbCOINyupzBji5H9paWbkdCQeh6yBq8QpTIA-Ed0OmRwdmb2IZTIQ/pub
- https://docs.google.com/document/d/e/2PACX-1vQNtoEYbqkEhaJBHnKzcJk1Vv7oyUyxxVIK8qtSWe3dblawUvQUDe-jg7cH-JpiBOL5P2ufF2Qtx_ab/pub
- https://docs.google.com/document/d/e/2PACX-1vQRKW3pqNP2CBz1qE6Hm9Wp48LPZkXkeShjOA0jLCLhVvKH03IlKJP7wtukSlrgJ_3e0qQpS6NUuxX5/pub
- https://docs.google.com/document/d/e/2PACX-1vQTDxLPDawThda8G6Hp20mf6_3k3zHVfjUnsQX09dI5ld-TmTHHrQqDUhxUcBskiEvkuqmj9buS1VHz/pub
- https://docs.google.com/document/d/e/2PACX-1vQwC2hXwh4xsnVqIorvo32mHvE4avehcMnH0iVDX1VOUMczyyyH9Pv4M4o8yb6pVxAcNv7FsS1OvVq4/pub
- https://docs.google.com/document/d/e/2PACX-1vRMu-G1A1CyqvXDMno4pxoRkQkDoorRGwty4ilRl5UNxT6uvM_QsmgAssHd19Qg00pFa2xkdc5YqFLZ/pub
- https://docs.google.com/document/d/e/2PACX-1vRtzy_GdhlhOKUIvMonUBCXLdL4gFH2EvSGw8eR9RfAqKbjtYwb2FSxTDQ5QB_9_54zP6v1gi72wPJs/pub
- https://docs.google.com/document/d/e/2PACX-1vRyQdvLDtYVYDLxNVgTiZMEaY5qBPPyoRytWXUBnugyOn41bPGBFVek_nXhs0VfhRZmVkyFb3hYvkgm/pub
- https://docs.google.com/document/d/e/2PACX-1vS-tv4XVR9elECzZTBDkKBdonfPfQT2Ri04ernx76sm-WA8oY8o-nvFR5olOCc3FSEQLoAlpqtifjbX/pub
- https://docs.google.com/document/d/e/2PACX-1vSIxu5qRkq3yJoZo-1HhvDMonaaLeJjoG2pgbXDa1tMwjU-lZbsu_K0RoMHc5FULVqiN-gbDclUkpRt/pub
- https://docs.google.com/document/d/e/2PACX-1vT-YPxd5B8TgygoPtqGILx9nCOP2JgPEvjBQ_u8psbMgOp4-WAoc_L0CIHUrkWgZ69Lx4GQhmLVza_v/pub
- https://docs.google.com/document/d/e/2PACX-1vT3oZVcjt6w0aLkOXAPX1DOUsRfy4pf2jEt9Iwnb08GL0fCLs-doiRm3BnNorAXo_2H4ynC_pichPg6/pub
- https://docs.google.com/document/d/e/2PACX-1vTBY7ju44LenxOGCmF94Z8XMmvKxOwxhQnqwdRJFBSkkTPdEsCIQVkWMdgbKyTZvZ-FAKs6XSA1qIv9/pub
- https://docs.google.com/document/d/e/2PACX-1vTKhvcSoWxzy3EQf2g-YbWDtQUTk7nxkUThk83XcQMKduWaHcCrwoutw3qHssT3yR0d-WrcKfnBLqmn/pub
- https://docs.google.com/document/d/e/2PACX-1vTNj3Jzrzu6cLz5wwtJEbnBzmRju6tS2wxOwC9cV22xr-fAQieNsqKqDdwKXatnmZGC9NRKj6O1X5lr/pub
- https://docs.google.com/document/d/e/2PACX-1vToW-xuL6mwRu470qU1DmVdS8-SsRrGW2qravIxNDasfg8SyP5jkvUN_164owQ7djD7JHHdn4KoReD5/pub
- https://docs.google.com/document/d/e/2PACX-1vTWk08Ayfim-wCkzt1t8fKyd3U8mJi4xV4vcTzIzoibNnm3Um0YfiDDqPqlRrdO5GAsvX3Pp11LFL_I/pub
- MALDOC DISTRIBUTION URLS
- http://cares.com.mx/ankylosis.php
- http://cares.com.mx/sensibleness.php
- http://iptv.yoinicio.com/ankylosis.php
- https://baru.bethanyperthchurch.org.au/linchpin.php
- https://cartagourmet.com/cranium.php
- https://cartagourmet.com/tar.php
- https://okmms.com/elderly.php
- https://okmms.com/wickiup.php
- https://roromap.com/hipping.php
- https://sulamericacontabil.com.br/hazy.php
- https://todolaptops.com/reconfiguration.php
- bethanyperthchurch.org.au
- cares.com.mx
- cartagourmet.com
- okmms.com
- roromap.com
- sulamericacontabil.com.br
- todolaptops.com
- yoinicio.com
- MALDOC FILE HASHES
- 1215_8447229.doc
- 9117e3ccfe098f8bcda4da7907a4843c
- HANCITOR PAYLOAD DOWNLOAD URLS
- http://gade4senate.com/m.dll
- HANCITOR PAYLOAD FILE HASHES
- m.dll
- 58c9f038b75b77656b7da5ec791ec9b8
- HANCITOR C2
- http://novearecoms.ru/8/forum.php
- http://otsoebabe.com/8/forum.php
- http://purclughtz.com/8/forum.php
- FICKER STEALER PAYLOAD DOWNLOAD URLS
- http://gade4senate.com/dfgg45g.exe
- FICKER STEALER FILE HASHES
- dfgg45g.exe
- 107f4a58dc56c803088abb23d29b279c
- SUPPORTING EVIDENCE
- I downloaded and opened the malicious Word document in my lab and collected the IOCs.
- Also:
- https://urlhaus.abuse.ch/url/918649/
- https://app.any.run/tasks/45c6e754-a28e-4ad5-b8c7-ea814bfaa8b8/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement