API tools faq
paste
Advertisement
ring0x0

2018-05-08-Hancitor

ring0x0
May 8th, 2018
403
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.97 KB | None | 0 0
raw download clone embed print report
  1. #Sender
  2. docusign@steelecreeksouth.com
  3.  
  4. #Subjects
  5. You got invoice from DocuSign Service
  6. You got invoice from DocuSign Signature Service
  7. You received invoice from DocuSign Service
  8. You received %ROT:notification from DocuSign Signature Service
  9. You received invoice from DocuSign Electronic Signature Service
  10. You got invoice from DocuSign Electronic Service
  11. You received %ROT:notification from DocuSign Service
  12. You got %ROT:notification from DocuSign Electronic Service
  13.  
  14. #Doc downloader domains
  15. wingsfingers.com
  16. datacntrs.com
  17. myyobe.biz
  18. hnigrp.com
  19. hniltd.com
  20. thatsocute.us
  21. dickswingsgrill.com
  22. total-powers.com
  23. dcssi.com
  24. cparealtorinc.com
  25.  
  26. #Hancitor C2
  27. http://torsjogeca.com/4/forum.php
  28. http://dotorsfito.ru/4/forum.php
  29. http://hisbutterof.ru/4/forum.php
  30.  
  31. #Payloads
  32. http://orgasmosfemeninos.net/wp-content/plugins/post-types-order/include/1
  33. http://happyellaafter.com/wp-content/plugins/regenerate-thumbnails/includes/1
  34. http://lauragordonblog.com/wp-content/plugins/html404/1
  35. http://grehu.net/wp-content/plugins/easy-tables-vc/lib/1
  36. http://www.panageries.com/includes/1
  37.  
  38. http://orgasmosfemeninos.net/wp-content/plugins/post-types-order/include/2
  39. http://happyellaafter.com/wp-content/plugins/regenerate-thumbnails/includes/2
  40. http://lauragordonblog.com/wp-content/plugins/html404/2
  41. http://grehu.net/wp-content/plugins/easy-tables-vc/lib/2
  42. http://www.panageries.com/includes/2
  43.  
  44. http://orgasmosfemeninos.net/wp-content/plugins/post-types-order/include/3
  45. http://happyellaafter.com/wp-content/plugins/regenerate-thumbnails/includes/3
  46. http://lauragordonblog.com/wp-content/plugins/html404/3
  47. http://grehu.net/wp-content/plugins/easy-tables-vc/lib/3
  48. http://www.panageries.com/includes/3
  49.  
  50. #Panda Config
  51. t": "2.6.8",
  52. "check_config": 327685,
  53. "send_report": 655370,
  54. "check_update": 1966110,
  55. "url_config": "https://robwassotdint.ru/1kewoimzatybewoliowof.dat",
  56. "url_webinjects": "https://robwassotdint.ru/68webinjects.dat",
  57. "url_update": "https://robwassotdint.ru/1kewoimzatybewoliowof.exe",
  58. "url_plugin_webinject32": "https://robwassotdint.ru/68webinject32.bin",
  59. "url_plugin_webinject64": "https://robwassotdint.ru/68webinject64.bin",
  60. "remove_csp": 0,
  61. "inject_vnc": 0,
  62. "url_plugin_vnc32": "https://robwassotdint.ru/68vnc32.bin",
  63. "url_plugin_vnc64": "https://robwassotdint.ru/68vnc64.bin",
  64. "url_plugin_vnc_backserver": "Z2KvEWWIVjHCjeytKlg4Ls8=",
  65. "url_plugin_backsocks": "https://robwassotdint.ru/68backsocks.bin",
  66. "url_plugin_backsocks_backserver": "Z2KvEWWIVjHCjeytKlg4Ls8=",
  67. "url_plugin_grabber": "https://robwassotdint.ru/68grabber.bin",
  68. "grabber_pause": 2,
  69. "grab_softlist": 1,
  70. "grab_pass": 1,
  71. "grab_form": 1,
  72. "grab_cert": 1,
  73. "grab_cookie": 1,
  74. "grab_del_cookie": 0,
  75. "grab_del_cache": 0,
  76. "url_plugin_keylogger": "https://robwassotdint.ru/68keylogger.bin",
  77. "keylog_process": "cHV0dHkuZXhlAAA=",
  78. "screen_process": "cHV0dHkuZXhlAAA=",
  79. "reserved": "EHWYzK2iP0NudL9QxrsRIfKqEAkvVm8bPoNaVoe6sIaDCm5FCsU7HMa/0JKyA+OKKL0gGIXEqmWsckB+8m+LUK6ohAJv2qQOTBRVPiJ9P7sN8BMNbfRQFgMayV1dpjMm9C8V7gI="
  80. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!