2020-11-04 Hancitor IOCs

1. THREAT ATTRIBUTION: HANCITOR
2.  
3. SUBJECTS OBSERVED
4. Here is your invoice.
5. Invoice documents
6. Invoice documents.
7. Please, check your invoice
8. Please, check your invoice.
9. Unpaid invoice
10. Unpaid invoice.
11. We are waiting for your payment
12. We are waiting for your payment.
13. We are waiting for your purchase
14. We are waiting for your purchase.
15. Your invoice
16. Your invoice.
17.  
18. SENDERS OBSERVED
19. wta@ithelpinc.us
20. zacemsn@ithelpinc.us
21. oarezh@ithelpinc.us
22. i@ithelpinc.us
23. fjemyit@ithelpinc.us
24. depau@ithelpinc.us
25. buxthwc@ithelpinc.us
26. vbym@ithelpinc.us
27. oob@ithelpinc.us
28. up@ithelpinc.us
29. x@ithelpinc.us
30. ehijoib@ithelpinc.us
31. npwgyzy@ithelpinc.us
32. dae@ithelpinc.us
33. fokofyf@ithelpinc.us
34. rnimyct@ithelpinc.us
35. qijuihd@ithelpinc.us
36. erbe@ithelpinc.us
37. dpaxtj@ithelpinc.us
38. ikeeca@ithelpinc.us
39. osoym@ithelpinc.us
40. bja@ithelpinc.us
41. givgyq@ithelpinc.us
42. epizu@ithelpinc.us
43. fandeia@ithelpinc.us
44. dyqogab@ithelpinc.us
45. teileg@ithelpinc.us
46. vog@ithelpinc.us
47. esi@ithelpinc.us
48. gah@ithelpinc.us
49. iodawod@ithelpinc.us
50. hocmlas@ithelpinc.us
51. dyqogab@ithelpinc.us
52. warjaab@ithelpinc.us
53. pyjeik@ithelpinc.us
54. teileg@ithelpinc.us
55. ofyyise@ithelpinc.us
56. niqmiy@ithelpinc.us
57. vvvasy@ithelpinc.us
58. teileg@ithelpinc.us
59. cfaufg@ithelpinc.us
60. ig@ithelpinc.us
61. jutsybe@ithelpinc.us
62.  
63. MALDOC LANDING PAGE URLS
64. https://docs.google.com/document/d/e/2PACX-1vQc0u1PrU653Zprkhhlpe3dlLwd8JFCrhXiC1KeJDR39X5qQBDc4FZjFdBbEYhLElfl5fzKbbIjnZxx/pub
65. https://docs.google.com/document/d/e/2PACX-1vQFxPZaToVUH3ABH1AsTKMoCgIi6opskOrpGtMs6yQQt2fnjaBAUKC9-3Qtuu0z6NnpVg%0D%0A2aZQIU1d25/pub
66. https://docs.google.com/document/d/e/2PACX-1vQFxPZaToVUH3ABH1AsTKMoCgIi6opskOrpGtMs6yQQt2fnjaBAUKC9-3Qtuu0z6NnpVg2aZQIU1d25/pub
67. https://docs.google.com/document/d/e/2PACX-1vQGrEX1e97JNKV7uO2LXADQ_Hag4sPTxIGMfRjziCCTuvxBxtujuD-GnE-0JawrGdajFBRdUiUl39Yh/pub
68. https://docs.google.com/document/d/e/2PACX-1vQILYaVRfQypZs8wZGjSqHGx6ZGKadSB6B45DWWhz4cbakq4NyaEEw_uJlJT9n8yjkr_FFx5TrUzm7k/pub
69. https://docs.google.com/document/d/e/2PACX-1vQlzu8PBsmWUnYCC6ZFgRKKciybQf7ug_yIAIUGXSU7rVLEO0IGQr6okthToqYW_TGGvkb6aHfbbVEV/pub
70. https://docs.google.com/document/d/e/2PACX-1vQoHZhjcdM3ZdsY7KfvV687Ch9U-tpsya_2-iLR__TNMseLWgR4sW5lCtLR80tkom8h07R2RgqvY8aQ/pub
71. https://docs.google.com/document/d/e/2PACX-1vQOwTQ7SKqYLgeqUr50PgAN2zaA3279fqdvUXiF7Dxxj9a7fOFbMJ18OnFJsMCbFu5ZYCxbJ40Df3Rm/pub
72. https://docs.google.com/document/d/e/2PACX-1vQPGMUa-xboeYVZRPlu2CbsHq56e0ZISRcWvvQ9nRio3d-7nYfAdeupnajN7lI__92u2QuMxug1ESdx/pub
73. https://docs.google.com/document/d/e/2PACX-1vQt84HWdfrsIRBfGoo1iDr0ScB3X2abFfibjMrlIzqbjThvLjQp8Tn5eyAfTPvSVvmIyrI0cWv6KOt6/pub
74. https://docs.google.com/document/d/e/2PACX-1vQTu01Z0B6Kfj6LJvFmdrHULhdYI8Hhi2REXbORPU-nKvfnZQkF2sajWR0lqwJ5PceqOmGx1VPKvZpt/pub
75. https://docs.google.com/document/d/e/2PACX-1vQwpGo6La4yDtHQyZQcPn7VXKiYA8Vvg22a0CBjbuRnrwZIPvCQvNpTYgoBfpdc-8pYbMueTNGu1Jky/pub
76. https://docs.google.com/document/d/e/2PACX-1vQXqfaupmVoujghnGn9RAQmtyXRGR5yhQ50GKMYtinAIdG5ANZ6MZdXrxYhBGOozlC2VkJFweihFcyX/pub
77. https://docs.google.com/document/d/e/2PACX-1vR6x-kiDXpFnlMgUYe9KEm56pugQPejuT3aYkp86JnXWpqlp6xWuPUSjOO3ilr_8nBZ88BxphzGjsys/pub
78. https://docs.google.com/document/d/e/2PACX-1vR7LBPRT-pIZE_tz_NCT-rNUAeYpr-lbD3OhwCEbUgjv3-U20i3yeCsQpsDotAhuxmTASxpZjoZeSlN/pub
79. https://docs.google.com/document/d/e/2PACX-1vR9dXZD5pIvBH5cgN0N6KP1eM5iDKVB4504PKDcP6TdQ3cQHRG0AtwRKyd4oHNh8wfReOcV5T7Z4c6y/pub
80. https://docs.google.com/document/d/e/2PACX-1vRDkUSoURr8jpVgHc1bWwbgVm5x-HLjBGV5OqtDnFWwZaWi7zuVtZTKrDuEzRYzHS9NpflIZjInfdxy/pub
81. https://docs.google.com/document/d/e/2PACX-1vRlEUU7av-UdGt4TPuNvp3lPWYAQpqrhV3zxqO5kthDlOoJ0KCoc_7_jvYZbyHCfEci14%0D%0AignyC-Zowu/pub
82. https://docs.google.com/document/d/e/2PACX-1vRlEUU7av-UdGt4TPuNvp3lPWYAQpqrhV3zxqO5kthDlOoJ0KCoc_7_jvYZbyHCfEci14ignyC-Zowu/pub
83. https://docs.google.com/document/d/e/2PACX-1vRWBxK6L25PY8TO5_-g95MivZYouZUkhlfmuyIo7wVGjS4-zbL-F-TA5MTYWQ2HSLErYMepgmBr2muM/pub
84. https://docs.google.com/document/d/e/2PACX-1vS6S5XWRgh0jgZNbXztTgdHwIK2c-ilCU7NdT13o8aPd-_dR9yEKAHcEZQjSkO42PQUjIMJ_rynOo7P/pub
85. https://docs.google.com/document/d/e/2PACX-1vSbOu7eSsmnKvmKxlwLnTLKhWc_ChwDdBQJ0hLLZBFabSrjYDjm7oqBGw8fZ5dMOHdxTpsipw6CigqL/pub
86. https://docs.google.com/document/d/e/2PACX-1vSDPV0X8IARtxQ8kArd3XZcbHNJ-UUZXQizVlENuoUj-SLvh-XgsMrxrv8i2HJUgpgai2a8PJ76VEx0/pub
87. https://docs.google.com/document/d/e/2PACX-1vSgIDyEMdjPb7D7Kgm4jvu7z8FhssoQVpcWxgYObqIAzMh2NrLKYgdIyI3MLH5__6d46w_DjR7TGNOQ/pub
88. https://docs.google.com/document/d/e/2PACX-1vSUeNjGHy_0aw_n5tmDydh_BCnuZpegYgRgT--Z8E13oOMegfTTecQLej6fvgMr0gbvWpG3AUzJBhFb/pub
89. https://docs.google.com/document/d/e/2PACX-1vSWIXNA5ARq00S1tbiHHRjJfsVgSmZx7AmTrYjOFaLkkgjROnUn--aCntolJm1vVcPtmGw4wh1CrR81/pub
90. https://docs.google.com/document/d/e/2PACX-1vSZ6eQE_8EWa5R-Rce4Ts719mSuZGcNh0gM18FzjNJ9cneNwpGE6sdfDe9ys0watPSlIMT6yh_lPVgL/pub
91. https://docs.google.com/document/d/e/2PACX-1vT7qDo_cZv-yVLEu4E95TGHpOiSHnlt5JxxWIRgmKqgwdLWSJ2Ps03WM0ZYq_U86l0j8e4ygJyf37Hp/pub
92. https://docs.google.com/document/d/e/2PACX-1vT9CxDNWh72EfGOYBi0GnbvMBEs0AhOMpdeQbK-u-LjzdS7JpvNsS8-H7KVGed_QNc8JGUi5zFNkAxs/pub
93. https://docs.google.com/document/d/e/2PACX-1vTf6uceQwl0AcY09p57r64a1GmHfFoi5c-absPrSHw3u6BjrhCVneR039l9zvveQr34aXQt4TwWM-0E/pub
94. https://docs.google.com/document/d/e/2PACX-1vTmvyHtkrWt1Fz3J29PrzWEjuUyHibzP05iJ2NnwRyr_cWbPT4p6SFsTqFkgydRWgbpt3wFaA8eg3mR/pub
95. https://docs.google.com/document/d/e/2PACX-1vTMyCgJPVXw3yUK_mRn5UKwQRqRGPHc_7tuGUqg_s5vDHNNAM8ZDqNjWoDzg1Une6Y80M09IyCreAzk/pub
96. https://docs.google.com/document/d/e/2PACX-1vTsf_SrKGboX-Hoavcx7Kf4nyabDO-WwdPMw8zjPB7H3F_YD7Ep3o8joEYwaKKo10VSjV2WocQUDlW6/pub
97. https://docs.google.com/document/d/e/2PACX-1vTVuMEy-WgYR1QCwXWD-r04msJyIqqWgKNhqP00uJqWsn_NubiOT8QAODWONvK2Ltp1KJnNfyfxkGfZ/pub
98. https://docs.google.com/document/d/e/2PACX-1vTyzR0l1btYtMP0q4DCGnAsLm4-_jB-_Ma3sVMjcqZzvF2NO12oRZA6amfiKErUA30RGCDEmws3tq0N/pub
99.  
100. HANCITOR DOWNLOAD URLS
101. https://sagacasc.com/indicate.php
102. https://sagessedivine-ci.com/loss.php
103. https://sagacasc.com/wonder.php
104. https://solosalong.ee/impress.php
105. https://blog.naturespersonnalise.com.br/move.php
106. https://atomyumspace.com/produce.php
107. https://testleadershipcongress-ny.com/charge.php
108. https://www.76618.cn/believe.php
109. https://www.76618.cn/deal.php
110. https://logitransport.com.ec/reserve.php
111. https://sharifulhoque.com/request.php
112. https://webseriesaudition.xyz/charge.php
113. https://sagacasc.com/train.php
114. https://webseriesaudition.xyz/quote.php
115. https://marketrodas.com/happen.php
116. https://www.mhshy.de/clarify.php
117. https://testleadershipcongress-ny.com/refund.php
118. https://asoukala.com/owe.php
119. https://solosalong.ee/recognise.php
120. https://sedgefuneralplan.com/notify.php
121. https://teknologisaya.com/implement.php
122.  
123. MALDOC FILE HASHES
124. 1104_83924.xlsb
125. 6ffb46347dea6d4d021daeaf48afef79
126.  
127. HANCITOR PAYLOAD DOWNLOAD URLS
128. http://taylorgolob.com/m.png
129.  
130. HANCITOR PAYLOAD FILE HASHES
131. m.png
132. 6b70a0ca3e7d80568109ab304c7b0fb0
133.  
134. HANCITOR C2
135. http://dirtroadpestle.com/7/forum.php
136. 193.47.35.27