API tools faq
paste
Advertisement
ExecuteMalware

2021-03-02 Hancitor IOCs

ExecuteMalware
Mar 2nd, 2021
3,937
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.15 KB | None | 0 0
raw download clone embed print report
  1. THREAT IDENTIFICATION: HANCITOR / COBALT STRIKE
  2.  
  3. HANCITOR BUILD
  4. BUILD=0203_lisr93
  5.  
  6. SUBJECTS OBSERVED
  7. You got invoice from DocuSign Service
  8. You got notification from DocuSign Electronic Service
  9. You got notification from DocuSign Electronic Signature Service
  10. You got notification from DocuSign Signature Service
  11. You received invoice from DocuSign Electronic Service
  12. You received invoice from DocuSign Electronic Signature Service
  13. You received notification from DocuSign Electronic Service
  14. You received notification from DocuSign Electronic Signature Service
  15. You received notification from DocuSign Service
  16. You received notification from DocuSign Signature Service
  17.  
  18. SENDERS OBSERVED
  19. ao@metalplessparts.net
  20. cvhe@metalplessparts.net
  21. daarite@metalplessparts.net
  22. gfiosyi@metalplessparts.net
  23. icotega@metalplessparts.net
  24. jvay@metalplessparts.net
  25. niizaos@metalplessparts.net
  26. q@metalplessparts.net
  27. swy@metalplessparts.net
  28. tuwygo@metalplessparts.net
  29. xryytau@metalplessparts.net
  30.  
  31. MALDOC LANDING PAGE URLS
  32. https://docs.google.com/document/d/e/2PACX-1vQ9ea3w-jrIr7q_1SMIRnv_qi1YcrS1RXwBz5izr2yTowUxWsgkhGqRGkSHrit5K0roYWSrxatNDgJe/pub
  33. https://docs.google.com/document/d/e/2PACX-1vQ9XOt7_W0zaSSG6EGEIiUQjT3_7yZyRp4eW5fQeVdTXt7swOqe5X1ARiFYozRPoarrN6jGOZXSzpyD/pub
  34. https://docs.google.com/document/d/e/2PACX-1vRJZIparKT4lr0HdswlbJHiP-0kB1Exws11NQoImIXsmJsCH1MRmQiAK5l1LjNNYRwrspZ83OogcyO8/pub
  35. https://docs.google.com/document/d/e/2PACX-1vS-cgld6-mV3sTJQKGZXGkd0r10wJNL2kVYg4Jub2_lkbOHaE3vIEVkaeOwuLdEw56-Ez6yEs-X3ufi/pub
  36. https://docs.google.com/document/d/e/2PACX-1vS3wUA43r0pddqG4QCewfNfWFd9nBZ4uODuM16hp18cKW2hIDBJ1adF82hL4eIYxKgL7aE51e_LF7sG/pub
  37. https://docs.google.com/document/d/e/2PACX-1vS6i-0uvkm_n8ehGqf5kyFI50WoBIc6wcy3jjjzLBiOBjkq7mDudaoPBQmA6nJI5QGlrdoTNlRpqAJj/pub
  38. https://docs.google.com/document/d/e/2PACX-1vS9AXIGXyVeF5YjXGRjRPtRtJN_WA3CzhlayGgUh3goPXaQpF8QK0xns9ewAlQQFWPCDypkFfJmIxR1/pub
  39. https://docs.google.com/document/d/e/2PACX-1vTAsXAyK9urP0DERz5lObpCHr0eveCX7GF93sj3O0cpsH9L5vhQpLiMlIGa2n2eK2z_naqpTypam4DM/pub
  40. https://docs.google.com/document/d/e/2PACX-1vTYGrwBlxmp2TafTAWHdkQn9GPhSebsBa9jZqBEk6D8-Jh0MrYmoFjBj1WH0w1Xghu-TJWGBZn0Njrt/pub
  41.  
  42. MALDOC DISTRIBUTION URLS
  43. https://cluebazar.com/filament.php
  44. https://flexdrischool.com/unenlightened.php
  45. https://losgedeones.com/reasoning.php
  46.  
  47. cluebazar.com
  48. flexdrischool.com
  49. losgedeones.com
  50.  
  51. HANCITOR MALDOC FILE HASHES
  52. 0302_30869095085061.doc
  53. 75a5d4949432ff6c7088d9ff441c41c4
  54.  
  55. 0302_23060333874781.doc
  56. e4d5b4a31066de195b0b6165f8037a34
  57.  
  58. HANCITOR PAYLOAD FILE HASH
  59. Static.dll
  60. dbec2c28969ca8d88dec264c927d4eb3
  61.  
  62. HANCITOR C2
  63. http://duchateman.ru/8/forum.php
  64. http://sonalsovele.ru/8/forum.php
  65. http://witakilateg.com/8/forum.php
  66.  
  67. FICKER STEALER PAYLOAD URLS
  68. http://kilopaskal.ru/6jhfa478.exe
  69.  
  70. FICKER STEALER FILE HASH
  71. 6jhfa478.exe
  72. 77be0dd6570301acac3634801676b5d7
  73.  
  74. FICKER STEALER C2
  75. http://sweyblidian.com
  76.  
  77. COBALT STRIKE PAYLOAD URLS
  78. http://kilopaskal.ru/0203.bin
  79. http://kilopaskal.ru/0203s.bin
  80.  
  81. COBALT STRIKE FILE HASHES
  82. 0203s.bin
  83. b30b037edc549b3ddb8778fa79aa158b
  84.  
  85. 0203.bin
  86. df945c171f889384fd9b8cc218fbbb91
  87.  
  88. COBALT STRIKE TRAFFIC
  89. http://162.252.172.41/fNNZ
  90. http://162.252.172.41/push
  91.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!