API tools faq
paste
Advertisement
ExecuteMalware

2021-04-22 Hancitor IOCs

ExecuteMalware
Apr 22nd, 2021
12,440
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.25 KB | None | 0 0
raw download clone embed print report
  1. THREAT IDENTIFICATION: HANCITOR / COBALT STRIKE
  2.  
  3. HANCITOR BUILD NUMBER
  4. BUILD=2204_fesw09
  5.  
  6. SUBJECTS OBSERVED
  7. You got invoice from DocuSign Electronic Service
  8. You got invoice from DocuSign Electronic Signature Service
  9. You got invoice from DocuSign Service
  10. You got invoice from DocuSign Signature Service
  11. You got notification from DocuSign Electronic Service
  12. You got notification from DocuSign Electronic Signature Service
  13. You got notification from DocuSign Service
  14. You got notification from DocuSign Signature Service
  15. You received invoice from DocuSign Electronic Service
  16. You received invoice from DocuSign Electronic Signature Service
  17. You received invoice from DocuSign Service
  18. You received invoice from DocuSign Signature Service
  19. You received notification from DocuSign Electronic Service
  20. You received notification from DocuSign Electronic Signature Service
  21. You received notification from DocuSign Service
  22. You received notification from DocuSign Signature Service
  23.  
  24. SENDERS OBSERVED
  25. a@stellanavis.com
  26. aebwe@stellanavis.com
  27. aivya@stellanavis.com
  28. aosyhut@stellanavis.com
  29. b@stellanavis.com
  30. bagbvws@stellanavis.com
  31. btiyugi@stellanavis.com
  32. cviij@stellanavis.com
  33. cyhev@stellanavis.com
  34. dlfyytn@stellanavis.com
  35. do@stellanavis.com
  36. e@stellanavis.com
  37. eifrek@stellanavis.com
  38. elpomez@stellanavis.com
  39. embso@stellanavis.com
  40. emxap@stellanavis.com
  41. eqo@stellanavis.com
  42. faiio@stellanavis.com
  43. fhmwxeq@stellanavis.com
  44. fpavlvu@stellanavis.com
  45. fpavlvu@stellanavis.com
  46. fyvyoer@stellanavis.com
  47. fyz@stellanavis.com
  48. g@stellanavis.com
  49. gach@stellanavis.com
  50. gayrm@stellanavis.com
  51. gijagae@stellanavis.com
  52. gqqy@stellanavis.com
  53. gsnooiz@stellanavis.com
  54. gueaby@stellanavis.com
  55. gvejkva@stellanavis.com
  56. h@stellanavis.com
  57. hazutuv@stellanavis.com
  58. hioufew@stellanavis.com
  59. hojix@stellanavis.com
  60. hyoxovn@stellanavis.com
  61. iaygoci@stellanavis.com
  62. ifurwqi@stellanavis.com
  63. imoisoj@stellanavis.com
  64. ioazeps@stellanavis.com
  65. iycpo@stellanavis.com
  66. izwexef@stellanavis.com
  67. jaauzyt@stellanavis.com
  68. jegyhe@stellanavis.com
  69. jykios@stellanavis.com
  70. l@stellanavis.com
  71. la@stellanavis.com
  72. la@stellanavis.com
  73. lehyten@stellanavis.com
  74. lytiao@stellanavis.com
  75. meyramu@stellanavis.com
  76. nocrtij@stellanavis.com
  77. noigkar@stellanavis.com
  78. nzeuhe@stellanavis.com
  79. opjudmn@stellanavis.com
  80. or@stellanavis.com
  81. ow@stellanavis.com
  82. owalazj@stellanavis.com
  83. qfljaae@stellanavis.com
  84. qot@stellanavis.com
  85. r@stellanavis.com
  86. ru@stellanavis.com
  87. stglu@stellanavis.com
  88. terujea@stellanavis.com
  89. to@stellanavis.com
  90. uieiem@stellanavis.com
  91. ukex@stellanavis.com
  92. unqsklu@stellanavis.com
  93. uroujc@stellanavis.com
  94. vsoqy@stellanavis.com
  95. vzupoau@stellanavis.com
  96. w@stellanavis.com
  97. w@stellanavis.com
  98. wo@stellanavis.com
  99. wufawm@stellanavis.com
  100. x@stellanavis.com
  101. xbjafe@stellanavis.com
  102. xflaeh@stellanavis.com
  103. xiixyxq@stellanavis.com
  104. xnusuut@stellanavis.com
  105. xtun@stellanavis.com
  106. xy@stellanavis.com
  107. yiouaax@stellanavis.com
  108. yrgoe@stellanavis.com
  109. yxzonib@stellanavis.com
  110. z@stellanavis.com
  111. zfowufi@stellanavis.com
  112. zmeaeyl@stellanavis.com
  113. zxpmhus@stellanavis.com
  114.  
  115. MALDOC LANDING PAGE URLS
  116. https://docs.google.com/document/d/e/2PACX-1vQ-zUQCjKIiMmJsODruKcCHjM6jPpgbF0vMS79_iirj4ySsU4y2Epb2OkkbwsZkOO44L6sXO76U7Hap/pub
  117. https://docs.google.com/document/d/e/2PACX-1vQ1-VWMu1oCTbir-SpkzoiMJwCjxbyUysooWtItB-o8ig7NmmLfeisJKySF865OY8nUfEa-ktUA0Fwq/pub
  118. https://docs.google.com/document/d/e/2PACX-1vQKaRQbeG_9NYNKZdUhRVo1ydpVt9tSw3uN8cIJSRrIPz4P0WTGoanyVSqxiOqHrjmi82JF2lKon6B7/pub
  119. https://docs.google.com/document/d/e/2PACX-1vQlbBdIjb5Nn75rj40ZrfU2Smzcdj5pKVYMQCV3EHr4sBl0xX8LMcdEae424hKaEggPREmoB0cz1B3O/pub
  120. https://docs.google.com/document/d/e/2PACX-1vQO5u3742hhCgKrMkUAtw5cN9qw3Gibe192ucOq4YnpM-Nf1VihfCzJTmnNIbf7Y_q3Mr0Fn1f_K0E3/pub
  121. https://docs.google.com/document/d/e/2PACX-1vQrXeH14pI2VozvGYF7z42FnXR5-z0Ak4FwEXpwvhz-ReoXrtbs6uDKxrBBXSwjl_zvHMxWb067Rpcx/pub
  122. https://docs.google.com/document/d/e/2PACX-1vQtrhFrTMPP8mJ7y-8_NXQckBNl_IjXld8mRz3d2eL35LA2--OooyQpt-HWq5MHGMLSg4_KAE_UeT4T/pub
  123. https://docs.google.com/document/d/e/2PACX-1vQvNwhJr6PYt1A5ml_h-XwcsG2m6KWDhcx5IbFJPUsdiK0r8Dh4JG-jGBfwUmE8RyQkOtEIfWprkELZ/pub
  124. https://docs.google.com/document/d/e/2PACX-1vQWc0AfrHjcKtUI37CyB8jpFIDXXFlTSZ8YLrPi3HC6fZHcv2AaTo06nqZMxNHXUxYhxBC1MvLtzZ5I/pub
  125. https://docs.google.com/document/d/e/2PACX-1vQY3B3ZmxlYJiGulfw6v1adU799ZO4BdYQVpbgIsMyuKuiPF5JgH2WDXKwLaOlC5HJaTH7uybNcdA3z/pub
  126. https://docs.google.com/document/d/e/2PACX-1vQZAwPqpQNV9JKtCU3itEqIDqrwRGu07OEnic5RJ8GUwmrCFUHpfNArhMlxqpCIi7YXlYOeyjVGk2Z-/pub
  127. https://docs.google.com/document/d/e/2PACX-1vQzPCN-mMHdCVbI8IXGZkBgccnXGIwVJ9qcyqm964ya-799ST3dRNynJJxZiXtHE7Te5vEam2DafQ2z/pub
  128. https://docs.google.com/document/d/e/2PACX-1vRA4CyaaysTjk-Q1gBxXB9s8TfuewiipZicV_vKUrga7ufW_u5FLGibVImlka3Y7MHaOxMOuuGSs4hv/pub
  129. https://docs.google.com/document/d/e/2PACX-1vREiuYBFznv_RF95AEmv0TInB4PN3GUp_eSO61dJdd-a4fV__KfgaFwsyDai7DwTE3Mo9YFfR8Jv44x/pub
  130. https://docs.google.com/document/d/e/2PACX-1vRi8wqz29qk6pK7adwwxFlu-YsaliqTNwL-6WHWgsNr9Ni72K7uir1iceGyeVsewiCpVAjOuRIapQdc/pub
  131. https://docs.google.com/document/d/e/2PACX-1vRiQ91kHCCDHcxXILk0_5ybQyVKOUb6h6hIUh6Jx5zOzia55ED47Frlb2ke4WRDYuYBAPfwy1yMf0VX/pub
  132. https://docs.google.com/document/d/e/2PACX-1vRK5CH1AB6EoANDNhLmhz-Ue1vqk_mvTWTccaLpetB7wW1z-q2jBBbg__Ly3zw7q9Zxt8g72n5wYa61/pub
  133. https://docs.google.com/document/d/e/2PACX-1vRNWJRazxR8nyP7ymPZPOz0MQ6D0fmqdvaZQd07fKLUVJOVZuAuLAdSfucva3u0JJYl5663zBW8z_Tx/pub
  134. https://docs.google.com/document/d/e/2PACX-1vRp0W-L1dNAJHrUzU50PmPkUSr5bcAZr7DBMyDSyrdguOCL5XZ-eQDD6YYkbCji-x3jFme3-XkkK-7m/pub
  135. https://docs.google.com/document/d/e/2PACX-1vRZANJQB0c7eDFntWBD5HqeSSBGVUn5TWeI_fsH0dnW-7CrBbfWoaTYRjme0AgR-YGCFiIGXYeDX-EE/pub
  136. https://docs.google.com/document/d/e/2PACX-1vSDRN5owfw1j5UI_lFL5XNs6iRfU-Hxau7UxZ5sf9QVLj09UIrFgs-oXmTexAJxRDjPYt24vzFi6HAV/pub
  137. https://docs.google.com/document/d/e/2PACX-1vSGodexHWSRGXtVYISsRzAHiw2AjRT2iRhYT_kE9Y34-HHy5TTLZjh10cY66yNEZFg67-cl7vgC_QdE/pub
  138. https://docs.google.com/document/d/e/2PACX-1vSIDFEuY1Gc6kNe0PZUn3DCvjVPRCZL8dIT8UL_R0XyQPCs6zRp5GEjE3F_HwKMKq_vmq-5HCP8aRcy/pub
  139. https://docs.google.com/document/d/e/2PACX-1vSMC4PqtQMcvqs_lcohllIz9Zlx4u_G4A2NNQ9nSXAPAsqnzEa5_azG_egY9lf1HGjPSJdXIilugFMB/pub
  140. https://docs.google.com/document/d/e/2PACX-1vSNF3MJkPzhcfTWUpmGrOtJhhGDd0s1YL56W4SJPD_2t24xgCCKKftUJceP0LdHt8hhM2xKBSAf625h/pub
  141. https://docs.google.com/document/d/e/2PACX-1vSp737wxQYkJzHFqdQn5AVmslymuHeP2VFzgZiD3ouuXwRac2hrJhvx7EApd_uNUewarMTvlx1zGLpD/pub
  142. https://docs.google.com/document/d/e/2PACX-1vSQH_YYvlVcXstGuvukXXxPBjnR-v2f-fICBEf8mjMFwMdWXSsEtjKfg4GM0lovvq93PwIZXcQq1zrp/pub
  143. https://docs.google.com/document/d/e/2PACX-1vSrT2ACCUqwcdDAR-stALpFLS0wHYMbgnVOQHnmViviEoCyNeJPBQqpXvfMVEZJKCiwpu_csU6QGnks/pub
  144. https://docs.google.com/document/d/e/2PACX-1vSTx3ZceyU4C_I5WntZ2L0H0oX9jTd5JkzH-ktQ15rbKedtD-FDBeu_9kZoaeS9srwGBnK5A65lxn2-/pub
  145. https://docs.google.com/document/d/e/2PACX-1vT3Jq25rP1SpSoU-EPRHIuQ0DtFF4QBkozia0cK7ng00Z3S5PhSFuDPKAuhJaRW8QNNe59jGeou9l3Z/pub
  146. https://docs.google.com/document/d/e/2PACX-1vT_l8qngGPlyTB5XBFUpUyOdONTCo-7kBpkhlhkyEESNXJFeuOQUdgEkp7F6nZOxJ9S1qUNt5LkPLnB/pub
  147. https://docs.google.com/document/d/e/2PACX-1vTAawwFuibDA47TEh9aSxvIJGlGKBEUK0-drVm_ZxpQcrXC7ubvGPQ6298D-GdXddw-si9F7mNOiqDb/pub
  148. https://docs.google.com/document/d/e/2PACX-1vTer7Hsk4P-XiiePqxW72ksxTVvIo1AFFtuhp97cePAxmZBIEIQnNkcGT6Jxax-VpZkzzuAQqZgeb1v/pub
  149. https://docs.google.com/document/d/e/2PACX-1vTfiXZGSu2S_2uaL8SNBf3bUYV5SAp9dRABBH2DmuzWeYR1zdVit2gcha97LUbgmuJx654hLK_Dge21/pub
  150. https://docs.google.com/document/d/e/2PACX-1vTFWQqRiUTpMNuK5QrJCXGZklImxKtTxfJCgPs5HONCEaHxAdY_zeVe2tYtuAMusCQnv6IkctL5zwiE/pub
  151. https://docs.google.com/document/d/e/2PACX-1vTHFgZsOLIKzBkilGs_5cXb_zGPdpsd93Pyp8boyRat6L7vik9Fq4QSmB7HAo8j0vd2WB3H3iZkhMnR/pub
  152. https://docs.google.com/document/d/e/2PACX-1vThLfoQz3qD9NQQK4C1-uu05Cls-gOTpUUymSxivVp3mK709qAq7zwAU01qGRm78P9U1Yw5hQrWB_NC/pub
  153. https://docs.google.com/document/d/e/2PACX-1vTmX-nLoGWOhpbaYFetMucQY9E_UbqbO1evsUjuFcI4TkPhDCUcvphqhKQKt8L9uM9zseJijWHl-iU3/pub
  154. https://docs.google.com/document/d/e/2PACX-1vTNnrYo_bZWZ3m25LwhWeZgs5-ue8Q4Vp70mSXpLHS-kAhOEjFN2dgNcfJLaIqGuuOxQJD1FVEhKbJM/pub
  155. https://docs.google.com/document/d/e/2PACX-1vTSleXhSYloZ-hEhcJ2WIM4jDYHNoh2UbkMXYB4hugNlrUaAUw991jqZDhPD5eyZFxVZ-bEimuOo9vO/pub
  156. https://docs.google.com/document/d/e/2PACX-1vTtcrN9KSpuSkvwUSCqHswiYkd6Ah7vdtnzO9aSKOcV0YIiUuI_Zu3BVSWywXClib62M8i_pphPQ8TI/pub
  157. https://docs.google.com/document/d/e/2PACX-1vTZuOdqIaZWisgRZsED4XFvNpTsUxGln6dCV9yaW3PJXe4oamp0n0-48F6ZGp1tlCNQoGjMRZHs33JT/pub
  158.  
  159. MALDOC DISTRIBUTION URLS
  160. http://dev.springbreaklife.com/tour/content/021815_redneck_twerk_contest_D021815/deify.php
  161. http://dev.springbreaklife.com/tour/content/021815_redneck_twerk_contest_D021815/greatest.php
  162. http://ecofiltroform.triciclogo.com/photoimpact.php
  163. http://e-learning.iskandariah.perubatan.org/pharisaical.php
  164. http://folstop.com/improperly.php
  165. http://gurshanlogistics.com/decorator.php
  166. http://ingenier.co.cr/nether.php
  167. http://ingenier.co.cr/rareness.php
  168. http://kensingtonglobalservices.co.uk/acidification.php
  169. https://3g-electronic.net/bidirectional.php
  170. https://hinchcliff.net/chauffeur.php
  171. https://impactmarketingservice.in/complain.php
  172. https://manufacturing.wyloutgroup.com/pettishly.php
  173. https://masterize.com.br/synthesist.php
  174. https://merinocraft.ro/teaching.php
  175. https://natural-healing-central.com/fixative.php
  176. https://socialpromotion.store/premode.php
  177. https://starreachersng.com/paleogene.php
  178. https://trio.ae/sceptron.php
  179. https://tsbo.company/carbide.php
  180. https://viveroscamila.cl/butylene.php
  181. https://viveroscamila.cl/scottish.php
  182. https://wingscart.in/volumetric.php
  183. http://swsgroup.sws-group.net/faro.php
  184. https://www.upperkillaycc.org.uk/susurrus.php
  185. http://tissl.lk/temporary.php
  186. http://tissl.lk/transiently.php
  187. http://www.e-voks.dk/dais.php
  188. http://www.e-voks.dk/pageant.php
  189. http://www.gemitek.com.tw/mechanized.php
  190. http://www.gemitek.com.tw/popover.php
  191. http://www.korean.britishwebsite.co.uk/disney.php
  192.  
  193. 3g-electronic.net
  194. britishwebsite.co.uk
  195. e-voks.dk
  196. folstop.com
  197. gemitek.com.tw
  198. gurshanlogistics.com
  199. hinchcliff.net
  200. impactmarketingservice.in
  201. ingenier.co.cr
  202. kensingtonglobalservices.co.uk
  203. masterize.com.br
  204. merinocraft.ro
  205. natural-healing-central.com
  206. perubatan.org
  207. socialpromotion.store
  208. springbreaklife.com
  209. starreachersng.com
  210. sws-group.net
  211. tissl.lk
  212. triciclogo.com
  213. trio.ae
  214. tsbo.company
  215. upperkillaycc.org.uk
  216. viveroscamila.cl
  217. wingscart.in
  218. wyloutgroup.com
  219.  
  220. HANCITOR MALDOC FILE HASHES
  221. 18fbb1386ba21748c307411b339e6144
  222. 4a8db898d29e568422cc9a7d0fdc98cb
  223. 4f91dbfa01c2d17f54a381285417d4a8
  224. 64bd289781298000004e25b41b54155d
  225. 677874afbdf99c7f00aa9e2ae029c511
  226. 76501ea6cf150612fe7451192759faeb
  227. 9e6790705286d936e87b44504c8c7f6c
  228. b2afa0beb08559f0b8585825c0a441b2
  229. c312ae8d89b0aa3b2b09b562c1affaf3
  230. caedba3369251d72398172d6c54c6621
  231. d5b38824de26324623c92c6b74abf506
  232. f8e74f0a605033d10a672e1f29bad281
  233. fb448443452dd1b4e74b130da9c5d2c3
  234.  
  235. HANCITOR PAYLOAD FILE HASH
  236. hurpus.dll
  237. 2ed4835cef8ac661a2f69967b087f3b3
  238.  
  239. HANCITOR C2
  240. http://adrouterigh.com/8/forum.php
  241. http://fronversimai.ru/8/forum.php
  242. http://sintiellonn.ru/8/forum.php
  243.  
  244. COBALT STRIKE STAGER DOWNLOAD URLS
  245. http://man70.ru/2204.bin
  246. http://man70.ru/2204s.bin
  247.  
  248. COBALT STRIKE STAGER FILE HASHES
  249. 2204.bin
  250. 709884bf5f5bae01f19fb06dd5569400
  251.  
  252. 2204s.bin
  253. 3c6029441b564f28d901b60376440be9
  254.  
  255. COBALT STRIKE BEACON DOWNLOAD URL
  256. http://45.136.113.10/fk5V
  257.  
  258. COBALT STRIKE BEACON FILE HASH
  259. fk5V
  260. 4c8246c8f0295012b1c1ea842c056c1d
  261.  
  262. COBALT STRIKE C2
  263. http://45.136.113.10/ptj
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!