API tools faq
paste
ExecuteMalware

2021-04-22 Hancitor IOCs

ExecuteMalware
Apr 22nd, 2021
16,381
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.25 KB | None | 0 0
raw download clone embed print report
  1. THREAT IDENTIFICATION: HANCITOR / COBALT STRIKE
  2.  
  3. HANCITOR BUILD NUMBER
  4. BUILD=2204_fesw09
  5.  
  6. SUBJECTS OBSERVED
  7. You got invoice from DocuSign Electronic Service
  8. You got invoice from DocuSign Electronic Signature Service
  9. You got invoice from DocuSign Service
  10. You got invoice from DocuSign Signature Service
  11. You got notification from DocuSign Electronic Service
  12. You got notification from DocuSign Electronic Signature Service
  13. You got notification from DocuSign Service
  14. You got notification from DocuSign Signature Service
  15. You received invoice from DocuSign Electronic Service
  16. You received invoice from DocuSign Electronic Signature Service
  17. You received invoice from DocuSign Service
  18. You received invoice from DocuSign Signature Service
  19. You received notification from DocuSign Electronic Service
  20. You received notification from DocuSign Electronic Signature Service
  21. You received notification from DocuSign Service
  22. You received notification from DocuSign Signature Service
  23.  
  24. SENDERS OBSERVED
  25. [email protected]
  26. [email protected]
  27. [email protected]
  28. [email protected]
  29. [email protected]
  30. [email protected]
  31. [email protected]
  32. [email protected]
  33. [email protected]
  34. [email protected]
  35. [email protected]
  36. [email protected]
  37. [email protected]
  38. [email protected]
  39. [email protected]
  40. [email protected]
  41. [email protected]
  42. [email protected]
  43. [email protected]
  44. [email protected]
  45. [email protected]
  46. [email protected]
  47. [email protected]
  48. [email protected]
  49. [email protected]
  50. [email protected]
  51. [email protected]
  52. [email protected]
  53. [email protected]
  54. [email protected]
  55. [email protected]
  56. [email protected]
  57. [email protected]
  58. [email protected]
  59. [email protected]
  60. [email protected]
  61. [email protected]
  62. [email protected]
  63. [email protected]
  64. [email protected]
  65. [email protected]
  66. [email protected]
  67. [email protected]
  68. [email protected]
  69. [email protected]
  70. [email protected]
  71. [email protected]
  72. [email protected]
  73. [email protected]
  74. [email protected]
  75. [email protected]
  76. [email protected]
  77. [email protected]
  78. [email protected]
  79. [email protected]
  80. [email protected]
  81. [email protected]
  82. [email protected]
  83. [email protected]
  84. [email protected]
  85. [email protected]
  86. [email protected]
  87. [email protected]
  88. [email protected]
  89. [email protected]
  90. [email protected]
  91. [email protected]
  92. [email protected]
  93. [email protected]
  94. [email protected]
  95. [email protected]
  96. [email protected]
  97. [email protected]
  98. [email protected]
  99. [email protected]
  100. [email protected]
  101. [email protected]
  102. [email protected]
  103. [email protected]
  104. [email protected]
  105. [email protected]
  106. [email protected]
  107. [email protected]
  108. [email protected]
  109. [email protected]
  110. [email protected]
  111. [email protected]
  112. [email protected]
  113. [email protected]
  114.  
  115. MALDOC LANDING PAGE URLS
  116. https://docs.google.com/document/d/e/2PACX-1vQ-zUQCjKIiMmJsODruKcCHjM6jPpgbF0vMS79_iirj4ySsU4y2Epb2OkkbwsZkOO44L6sXO76U7Hap/pub
  117. https://docs.google.com/document/d/e/2PACX-1vQ1-VWMu1oCTbir-SpkzoiMJwCjxbyUysooWtItB-o8ig7NmmLfeisJKySF865OY8nUfEa-ktUA0Fwq/pub
  118. https://docs.google.com/document/d/e/2PACX-1vQKaRQbeG_9NYNKZdUhRVo1ydpVt9tSw3uN8cIJSRrIPz4P0WTGoanyVSqxiOqHrjmi82JF2lKon6B7/pub
  119. https://docs.google.com/document/d/e/2PACX-1vQlbBdIjb5Nn75rj40ZrfU2Smzcdj5pKVYMQCV3EHr4sBl0xX8LMcdEae424hKaEggPREmoB0cz1B3O/pub
  120. https://docs.google.com/document/d/e/2PACX-1vQO5u3742hhCgKrMkUAtw5cN9qw3Gibe192ucOq4YnpM-Nf1VihfCzJTmnNIbf7Y_q3Mr0Fn1f_K0E3/pub
  121. https://docs.google.com/document/d/e/2PACX-1vQrXeH14pI2VozvGYF7z42FnXR5-z0Ak4FwEXpwvhz-ReoXrtbs6uDKxrBBXSwjl_zvHMxWb067Rpcx/pub
  122. https://docs.google.com/document/d/e/2PACX-1vQtrhFrTMPP8mJ7y-8_NXQckBNl_IjXld8mRz3d2eL35LA2--OooyQpt-HWq5MHGMLSg4_KAE_UeT4T/pub
  123. https://docs.google.com/document/d/e/2PACX-1vQvNwhJr6PYt1A5ml_h-XwcsG2m6KWDhcx5IbFJPUsdiK0r8Dh4JG-jGBfwUmE8RyQkOtEIfWprkELZ/pub
  124. https://docs.google.com/document/d/e/2PACX-1vQWc0AfrHjcKtUI37CyB8jpFIDXXFlTSZ8YLrPi3HC6fZHcv2AaTo06nqZMxNHXUxYhxBC1MvLtzZ5I/pub
  125. https://docs.google.com/document/d/e/2PACX-1vQY3B3ZmxlYJiGulfw6v1adU799ZO4BdYQVpbgIsMyuKuiPF5JgH2WDXKwLaOlC5HJaTH7uybNcdA3z/pub
  126. https://docs.google.com/document/d/e/2PACX-1vQZAwPqpQNV9JKtCU3itEqIDqrwRGu07OEnic5RJ8GUwmrCFUHpfNArhMlxqpCIi7YXlYOeyjVGk2Z-/pub
  127. https://docs.google.com/document/d/e/2PACX-1vQzPCN-mMHdCVbI8IXGZkBgccnXGIwVJ9qcyqm964ya-799ST3dRNynJJxZiXtHE7Te5vEam2DafQ2z/pub
  128. https://docs.google.com/document/d/e/2PACX-1vRA4CyaaysTjk-Q1gBxXB9s8TfuewiipZicV_vKUrga7ufW_u5FLGibVImlka3Y7MHaOxMOuuGSs4hv/pub
  129. https://docs.google.com/document/d/e/2PACX-1vREiuYBFznv_RF95AEmv0TInB4PN3GUp_eSO61dJdd-a4fV__KfgaFwsyDai7DwTE3Mo9YFfR8Jv44x/pub
  130. https://docs.google.com/document/d/e/2PACX-1vRi8wqz29qk6pK7adwwxFlu-YsaliqTNwL-6WHWgsNr9Ni72K7uir1iceGyeVsewiCpVAjOuRIapQdc/pub
  131. https://docs.google.com/document/d/e/2PACX-1vRiQ91kHCCDHcxXILk0_5ybQyVKOUb6h6hIUh6Jx5zOzia55ED47Frlb2ke4WRDYuYBAPfwy1yMf0VX/pub
  132. https://docs.google.com/document/d/e/2PACX-1vRK5CH1AB6EoANDNhLmhz-Ue1vqk_mvTWTccaLpetB7wW1z-q2jBBbg__Ly3zw7q9Zxt8g72n5wYa61/pub
  133. https://docs.google.com/document/d/e/2PACX-1vRNWJRazxR8nyP7ymPZPOz0MQ6D0fmqdvaZQd07fKLUVJOVZuAuLAdSfucva3u0JJYl5663zBW8z_Tx/pub
  134. https://docs.google.com/document/d/e/2PACX-1vRp0W-L1dNAJHrUzU50PmPkUSr5bcAZr7DBMyDSyrdguOCL5XZ-eQDD6YYkbCji-x3jFme3-XkkK-7m/pub
  135. https://docs.google.com/document/d/e/2PACX-1vRZANJQB0c7eDFntWBD5HqeSSBGVUn5TWeI_fsH0dnW-7CrBbfWoaTYRjme0AgR-YGCFiIGXYeDX-EE/pub
  136. https://docs.google.com/document/d/e/2PACX-1vSDRN5owfw1j5UI_lFL5XNs6iRfU-Hxau7UxZ5sf9QVLj09UIrFgs-oXmTexAJxRDjPYt24vzFi6HAV/pub
  137. https://docs.google.com/document/d/e/2PACX-1vSGodexHWSRGXtVYISsRzAHiw2AjRT2iRhYT_kE9Y34-HHy5TTLZjh10cY66yNEZFg67-cl7vgC_QdE/pub
  138. https://docs.google.com/document/d/e/2PACX-1vSIDFEuY1Gc6kNe0PZUn3DCvjVPRCZL8dIT8UL_R0XyQPCs6zRp5GEjE3F_HwKMKq_vmq-5HCP8aRcy/pub
  139. https://docs.google.com/document/d/e/2PACX-1vSMC4PqtQMcvqs_lcohllIz9Zlx4u_G4A2NNQ9nSXAPAsqnzEa5_azG_egY9lf1HGjPSJdXIilugFMB/pub
  140. https://docs.google.com/document/d/e/2PACX-1vSNF3MJkPzhcfTWUpmGrOtJhhGDd0s1YL56W4SJPD_2t24xgCCKKftUJceP0LdHt8hhM2xKBSAf625h/pub
  141. https://docs.google.com/document/d/e/2PACX-1vSp737wxQYkJzHFqdQn5AVmslymuHeP2VFzgZiD3ouuXwRac2hrJhvx7EApd_uNUewarMTvlx1zGLpD/pub
  142. https://docs.google.com/document/d/e/2PACX-1vSQH_YYvlVcXstGuvukXXxPBjnR-v2f-fICBEf8mjMFwMdWXSsEtjKfg4GM0lovvq93PwIZXcQq1zrp/pub
  143. https://docs.google.com/document/d/e/2PACX-1vSrT2ACCUqwcdDAR-stALpFLS0wHYMbgnVOQHnmViviEoCyNeJPBQqpXvfMVEZJKCiwpu_csU6QGnks/pub
  144. https://docs.google.com/document/d/e/2PACX-1vSTx3ZceyU4C_I5WntZ2L0H0oX9jTd5JkzH-ktQ15rbKedtD-FDBeu_9kZoaeS9srwGBnK5A65lxn2-/pub
  145. https://docs.google.com/document/d/e/2PACX-1vT3Jq25rP1SpSoU-EPRHIuQ0DtFF4QBkozia0cK7ng00Z3S5PhSFuDPKAuhJaRW8QNNe59jGeou9l3Z/pub
  146. https://docs.google.com/document/d/e/2PACX-1vT_l8qngGPlyTB5XBFUpUyOdONTCo-7kBpkhlhkyEESNXJFeuOQUdgEkp7F6nZOxJ9S1qUNt5LkPLnB/pub
  147. https://docs.google.com/document/d/e/2PACX-1vTAawwFuibDA47TEh9aSxvIJGlGKBEUK0-drVm_ZxpQcrXC7ubvGPQ6298D-GdXddw-si9F7mNOiqDb/pub
  148. https://docs.google.com/document/d/e/2PACX-1vTer7Hsk4P-XiiePqxW72ksxTVvIo1AFFtuhp97cePAxmZBIEIQnNkcGT6Jxax-VpZkzzuAQqZgeb1v/pub
  149. https://docs.google.com/document/d/e/2PACX-1vTfiXZGSu2S_2uaL8SNBf3bUYV5SAp9dRABBH2DmuzWeYR1zdVit2gcha97LUbgmuJx654hLK_Dge21/pub
  150. https://docs.google.com/document/d/e/2PACX-1vTFWQqRiUTpMNuK5QrJCXGZklImxKtTxfJCgPs5HONCEaHxAdY_zeVe2tYtuAMusCQnv6IkctL5zwiE/pub
  151. https://docs.google.com/document/d/e/2PACX-1vTHFgZsOLIKzBkilGs_5cXb_zGPdpsd93Pyp8boyRat6L7vik9Fq4QSmB7HAo8j0vd2WB3H3iZkhMnR/pub
  152. https://docs.google.com/document/d/e/2PACX-1vThLfoQz3qD9NQQK4C1-uu05Cls-gOTpUUymSxivVp3mK709qAq7zwAU01qGRm78P9U1Yw5hQrWB_NC/pub
  153. https://docs.google.com/document/d/e/2PACX-1vTmX-nLoGWOhpbaYFetMucQY9E_UbqbO1evsUjuFcI4TkPhDCUcvphqhKQKt8L9uM9zseJijWHl-iU3/pub
  154. https://docs.google.com/document/d/e/2PACX-1vTNnrYo_bZWZ3m25LwhWeZgs5-ue8Q4Vp70mSXpLHS-kAhOEjFN2dgNcfJLaIqGuuOxQJD1FVEhKbJM/pub
  155. https://docs.google.com/document/d/e/2PACX-1vTSleXhSYloZ-hEhcJ2WIM4jDYHNoh2UbkMXYB4hugNlrUaAUw991jqZDhPD5eyZFxVZ-bEimuOo9vO/pub
  156. https://docs.google.com/document/d/e/2PACX-1vTtcrN9KSpuSkvwUSCqHswiYkd6Ah7vdtnzO9aSKOcV0YIiUuI_Zu3BVSWywXClib62M8i_pphPQ8TI/pub
  157. https://docs.google.com/document/d/e/2PACX-1vTZuOdqIaZWisgRZsED4XFvNpTsUxGln6dCV9yaW3PJXe4oamp0n0-48F6ZGp1tlCNQoGjMRZHs33JT/pub
  158.  
  159. MALDOC DISTRIBUTION URLS
  160. http://dev.springbreaklife.com/tour/content/021815_redneck_twerk_contest_D021815/deify.php
  161. http://dev.springbreaklife.com/tour/content/021815_redneck_twerk_contest_D021815/greatest.php
  162. http://ecofiltroform.triciclogo.com/photoimpact.php
  163. http://e-learning.iskandariah.perubatan.org/pharisaical.php
  164. http://folstop.com/improperly.php
  165. http://gurshanlogistics.com/decorator.php
  166. http://ingenier.co.cr/nether.php
  167. http://ingenier.co.cr/rareness.php
  168. http://kensingtonglobalservices.co.uk/acidification.php
  169. https://3g-electronic.net/bidirectional.php
  170. https://hinchcliff.net/chauffeur.php
  171. https://impactmarketingservice.in/complain.php
  172. https://manufacturing.wyloutgroup.com/pettishly.php
  173. https://masterize.com.br/synthesist.php
  174. https://merinocraft.ro/teaching.php
  175. https://natural-healing-central.com/fixative.php
  176. https://socialpromotion.store/premode.php
  177. https://starreachersng.com/paleogene.php
  178. https://trio.ae/sceptron.php
  179. https://tsbo.company/carbide.php
  180. https://viveroscamila.cl/butylene.php
  181. https://viveroscamila.cl/scottish.php
  182. https://wingscart.in/volumetric.php
  183. http://swsgroup.sws-group.net/faro.php
  184. https://www.upperkillaycc.org.uk/susurrus.php
  185. http://tissl.lk/temporary.php
  186. http://tissl.lk/transiently.php
  187. http://www.e-voks.dk/dais.php
  188. http://www.e-voks.dk/pageant.php
  189. http://www.gemitek.com.tw/mechanized.php
  190. http://www.gemitek.com.tw/popover.php
  191. http://www.korean.britishwebsite.co.uk/disney.php
  192.  
  193. 3g-electronic.net
  194. britishwebsite.co.uk
  195. e-voks.dk
  196. folstop.com
  197. gemitek.com.tw
  198. gurshanlogistics.com
  199. hinchcliff.net
  200. impactmarketingservice.in
  201. ingenier.co.cr
  202. kensingtonglobalservices.co.uk
  203. masterize.com.br
  204. merinocraft.ro
  205. natural-healing-central.com
  206. perubatan.org
  207. socialpromotion.store
  208. springbreaklife.com
  209. starreachersng.com
  210. sws-group.net
  211. tissl.lk
  212. triciclogo.com
  213. trio.ae
  214. tsbo.company
  215. upperkillaycc.org.uk
  216. viveroscamila.cl
  217. wingscart.in
  218. wyloutgroup.com
  219.  
  220. HANCITOR MALDOC FILE HASHES
  221. 18fbb1386ba21748c307411b339e6144
  222. 4a8db898d29e568422cc9a7d0fdc98cb
  223. 4f91dbfa01c2d17f54a381285417d4a8
  224. 64bd289781298000004e25b41b54155d
  225. 677874afbdf99c7f00aa9e2ae029c511
  226. 76501ea6cf150612fe7451192759faeb
  227. 9e6790705286d936e87b44504c8c7f6c
  228. b2afa0beb08559f0b8585825c0a441b2
  229. c312ae8d89b0aa3b2b09b562c1affaf3
  230. caedba3369251d72398172d6c54c6621
  231. d5b38824de26324623c92c6b74abf506
  232. f8e74f0a605033d10a672e1f29bad281
  233. fb448443452dd1b4e74b130da9c5d2c3
  234.  
  235. HANCITOR PAYLOAD FILE HASH
  236. hurpus.dll
  237. 2ed4835cef8ac661a2f69967b087f3b3
  238.  
  239. HANCITOR C2
  240. http://adrouterigh.com/8/forum.php
  241. http://fronversimai.ru/8/forum.php
  242. http://sintiellonn.ru/8/forum.php
  243.  
  244. COBALT STRIKE STAGER DOWNLOAD URLS
  245. http://man70.ru/2204.bin
  246. http://man70.ru/2204s.bin
  247.  
  248. COBALT STRIKE STAGER FILE HASHES
  249. 2204.bin
  250. 709884bf5f5bae01f19fb06dd5569400
  251.  
  252. 2204s.bin
  253. 3c6029441b564f28d901b60376440be9
  254.  
  255. COBALT STRIKE BEACON DOWNLOAD URL
  256. http://45.136.113.10/fk5V
  257.  
  258. COBALT STRIKE BEACON FILE HASH
  259. fk5V
  260. 4c8246c8f0295012b1c1ea842c056c1d
  261.  
  262. COBALT STRIKE C2
  263. http://45.136.113.10/ptj
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!