Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT IDENTIFICATION: HANCITOR / COBALT STRIKE
- HANCITOR BUILD
- BUILD=0203_lisr93
- SUBJECTS OBSERVED
- You got invoice from DocuSign Service
- You got notification from DocuSign Electronic Service
- You got notification from DocuSign Electronic Signature Service
- You got notification from DocuSign Signature Service
- You received invoice from DocuSign Electronic Service
- You received invoice from DocuSign Electronic Signature Service
- You received notification from DocuSign Electronic Service
- You received notification from DocuSign Electronic Signature Service
- You received notification from DocuSign Service
- You received notification from DocuSign Signature Service
- SENDERS OBSERVED
- ao@metalplessparts.net
- cvhe@metalplessparts.net
- daarite@metalplessparts.net
- gfiosyi@metalplessparts.net
- icotega@metalplessparts.net
- jvay@metalplessparts.net
- niizaos@metalplessparts.net
- q@metalplessparts.net
- swy@metalplessparts.net
- tuwygo@metalplessparts.net
- xryytau@metalplessparts.net
- MALDOC LANDING PAGE URLS
- https://docs.google.com/document/d/e/2PACX-1vQ9ea3w-jrIr7q_1SMIRnv_qi1YcrS1RXwBz5izr2yTowUxWsgkhGqRGkSHrit5K0roYWSrxatNDgJe/pub
- https://docs.google.com/document/d/e/2PACX-1vQ9XOt7_W0zaSSG6EGEIiUQjT3_7yZyRp4eW5fQeVdTXt7swOqe5X1ARiFYozRPoarrN6jGOZXSzpyD/pub
- https://docs.google.com/document/d/e/2PACX-1vRJZIparKT4lr0HdswlbJHiP-0kB1Exws11NQoImIXsmJsCH1MRmQiAK5l1LjNNYRwrspZ83OogcyO8/pub
- https://docs.google.com/document/d/e/2PACX-1vS-cgld6-mV3sTJQKGZXGkd0r10wJNL2kVYg4Jub2_lkbOHaE3vIEVkaeOwuLdEw56-Ez6yEs-X3ufi/pub
- https://docs.google.com/document/d/e/2PACX-1vS3wUA43r0pddqG4QCewfNfWFd9nBZ4uODuM16hp18cKW2hIDBJ1adF82hL4eIYxKgL7aE51e_LF7sG/pub
- https://docs.google.com/document/d/e/2PACX-1vS6i-0uvkm_n8ehGqf5kyFI50WoBIc6wcy3jjjzLBiOBjkq7mDudaoPBQmA6nJI5QGlrdoTNlRpqAJj/pub
- https://docs.google.com/document/d/e/2PACX-1vS9AXIGXyVeF5YjXGRjRPtRtJN_WA3CzhlayGgUh3goPXaQpF8QK0xns9ewAlQQFWPCDypkFfJmIxR1/pub
- https://docs.google.com/document/d/e/2PACX-1vTAsXAyK9urP0DERz5lObpCHr0eveCX7GF93sj3O0cpsH9L5vhQpLiMlIGa2n2eK2z_naqpTypam4DM/pub
- https://docs.google.com/document/d/e/2PACX-1vTYGrwBlxmp2TafTAWHdkQn9GPhSebsBa9jZqBEk6D8-Jh0MrYmoFjBj1WH0w1Xghu-TJWGBZn0Njrt/pub
- MALDOC DISTRIBUTION URLS
- https://cluebazar.com/filament.php
- https://flexdrischool.com/unenlightened.php
- https://losgedeones.com/reasoning.php
- cluebazar.com
- flexdrischool.com
- losgedeones.com
- HANCITOR MALDOC FILE HASHES
- 0302_30869095085061.doc
- 75a5d4949432ff6c7088d9ff441c41c4
- 0302_23060333874781.doc
- e4d5b4a31066de195b0b6165f8037a34
- HANCITOR PAYLOAD FILE HASH
- Static.dll
- dbec2c28969ca8d88dec264c927d4eb3
- HANCITOR C2
- http://duchateman.ru/8/forum.php
- http://sonalsovele.ru/8/forum.php
- http://witakilateg.com/8/forum.php
- FICKER STEALER PAYLOAD URLS
- http://kilopaskal.ru/6jhfa478.exe
- FICKER STEALER FILE HASH
- 6jhfa478.exe
- 77be0dd6570301acac3634801676b5d7
- FICKER STEALER C2
- http://sweyblidian.com
- COBALT STRIKE PAYLOAD URLS
- http://kilopaskal.ru/0203.bin
- http://kilopaskal.ru/0203s.bin
- COBALT STRIKE FILE HASHES
- 0203s.bin
- b30b037edc549b3ddb8778fa79aa158b
- 0203.bin
- df945c171f889384fd9b8cc218fbbb91
- COBALT STRIKE TRAFFIC
- http://162.252.172.41/fNNZ
- http://162.252.172.41/push
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement