2020-12-14 Hancitor IOCs

1. THREAT ATTRIBUTION: HANCITOR
2.  
3. SUBJECTS OBSERVED
4. You got invoice from DocuSign Electronic Service
5. You got invoice from DocuSign Electronic Signature Service
6. You got invoice from DocuSign Service
7. You got invoice from DocuSign Signature Service
8. You got notification from DocuSign Electronic Service
9. You got notification from DocuSign Electronic Signature Service
10. You got notification from DocuSign Service
11. You got notification from DocuSign Signature Service
12. You received invoice from DocuSign Electronic Service
13. You received invoice from DocuSign Electronic Signature Service
14. You received invoice from DocuSign Service
15. You received invoice from DocuSign Signature Service
16. You received notification from DocuSign Electronic Service
17. You received notification from DocuSign Electronic Signature Service
18. You received notification from DocuSign Service
19. You received notification from DocuSign Signature Service
20.  
21. SENDERS OBSERVED
22. [email protected]
23. [email protected]
24. [email protected]
25. [email protected]
26. [email protected]
27. [email protected]
28. [email protected]
29. [email protected]
30. [email protected]
31. [email protected]
32. [email protected]
33. [email protected]
34. [email protected]
35. [email protected]
36. [email protected]
37. [email protected]
38. [email protected]
39. [email protected]
40. [email protected]
41. [email protected]
42. [email protected]
43. [email protected]
44. [email protected]
45. [email protected]
46. [email protected]
47. [email protected]
48. [email protected]
49. [email protected]
50. [email protected]
51. [email protected]
52. [email protected]
53. [email protected]
54. [email protected]
55. [email protected]
56. [email protected]
57. [email protected]
58. [email protected]
59. [email protected]
60. [email protected]
61. [email protected]
62. [email protected]
63.  
64. MALDOC LANDING PAGE URLS
65. https://docs.google.com/document/d/e/2PACX-1vQgBn-XsOGbUzUYbkLWlo8gKfkT9o0o7Ev69OjKle576X6MwV3EuuyG3e-xaVd5t-YQCwQemhNAqZuk/pub
66. https://docs.google.com/document/d/e/2PACX-1vQgniYLo2h8XyPvRTf7TESPutnUo4EViqPYeLRqqTyx8AEZSynkEm_rwqoQhXBvIBE1V5VsZyH_2JJq/pub
67. https://docs.google.com/document/d/e/2PACX-1vQLuR8E9nPFtw8vidmgs6Ay6-cxZKGTRY8csOchWxoByBdT2BIrzzap6V1bO0D42g_5y9v30sjxW-mn/pub
68. https://docs.google.com/document/d/e/2PACX-1vQrHDk9ORW-YVts7ph89IVefA-LZnU5COVUX99SllbramDYhGLoAWBmykf0xDkyhMQ5e2MnSWRjaPvO/pub
69. https://docs.google.com/document/d/e/2PACX-1vQrJCGJvX-jsaFFhJg2r0SEGs07AABCfcqxym_25QPlSg7icNfDqSRG5EqNLAxuvKh5WgZEKIiqXYE3/pub
70. https://docs.google.com/document/d/e/2PACX-1vR7WMtTOK0JJclqCJvtC6BXwrZ_Jxw1eJS3R2iDVB_52UB4aTU_55J0EBpM568KSEjrhacjR7u_Vyao/pub
71. https://docs.google.com/document/d/e/2PACX-1vR8RffNg5ZlmctGsP_umTJACWzmuLSpr2F_xz0Ib1VYckTmJp2rZtirR3Qlc1zozfLF8B08vxUJ4DZt/pub
72. https://docs.google.com/document/d/e/2PACX-1vRAVNRXFAQYLta05OWWr_bMdt9J10iGd9GtbKauVsjliXfu421I7c6VV2ZzjxNFFdXpFhljIyuwAOTY/pub
73. https://docs.google.com/document/d/e/2PACX-1vRpqp8nqoAGkRU3ZFDRCaw0wIva_wixUXsvKnubncNYKFH0N7JK0lLrUevkBzuxCcK37FIu04HC56Xb/pub
74. https://docs.google.com/document/d/e/2PACX-1vRQGXPxMGNs7io43NOZGYvOB_7iaaJtVPhXsNibHihcP4IMFNDDEkkCtzENJvdSa2DruuS8PypiJK-7/pub
75. https://docs.google.com/document/d/e/2PACX-1vRr9CTrQMVK0IiPiVa2_ND0rVzamTNbnyFZr6xtQbxvz0z2fDwXn1cioodL2aew5bS6cqVRHbyxhDw5/pub
76. https://docs.google.com/document/d/e/2PACX-1vRUlHjE7PnZ5QCuIsGUWvMk3W4RSBY3FPCdzAu9yeS8jYVXAiTqYaCWdfAh5qWAjHE_6NbOWk4KCzM5/pub
77. https://docs.google.com/document/d/e/2PACX-1vRyOEo6kyvwbu4O1re2DKzwD-eVIOCTquH2C9cRgOuz6OK_cZrV2QCROzJe9cCmrtb1MmHw7VIok7QD/pub
78. https://docs.google.com/document/d/e/2PACX-1vS1LjQamV-jq_mUaH4OVzWeuqFax4dPYgVQBkRTjY5GLd_dCFmAgKZZ5LrLoRxsdfxPSMcw9yZb6fQr/pub
79. https://docs.google.com/document/d/e/2PACX-1vS5xQKRz_vxJWApV9agHEiACNu6v-xWMdZdN9qyR2dG6XoS5gpYm395oy1-fFKQzrzBrIgm2401BNBT/pub
80. https://docs.google.com/document/d/e/2PACX-1vSdycPumzrDyarBd8GvPNFMQGmZRKyfZJXe6z55yfLIiWgZ1lZZ-vazBkbaL0FLUYRuvvYXg5Y_Eue_/pub
81. https://docs.google.com/document/d/e/2PACX-1vSFxeHFZKA-yGDfIvOaOqhGwkRERtdOSxpyc5Hcm5xFLf1aGFke_PaPA1UFhSYeC36GWz5RvYlKiX92/pub
82. https://docs.google.com/document/d/e/2PACX-1vSgW1rXeeaIlD6NdmI1hSRQx0rWs48MZ4Lu0f7hYkSo5TMjWyLs9IBxDezX6YSReTYhtl2PzTfjXB6p/pub
83. https://docs.google.com/document/d/e/2PACX-1vSIxteQn4VMWo7YIL2CcwQNUmxp8aTGfBAMCLweVy8lh_Gqx619TluHMdMOhH78MlUu-tbt-zmy40TD/pub
84. https://docs.google.com/document/d/e/2PACX-1vSKdY6r64XWzVZM0LBJk7inRfPSQTILRjad-icdRDKk2oSMM7PUi1wYqHsv5U1g6iM2Jqfv4GWOqfUh/pub
85. https://docs.google.com/document/d/e/2PACX-1vSN8yjeKESWD3QT3hXT5ZoWGEz0jM0ZsmFsHgVqB1TWlNqtk-X5Ku--iCRYhY7ezvGMMvfdrLVdw2fm/pub
86. https://docs.google.com/document/d/e/2PACX-1vSVjM9s9CThnlu-J6Gx9ayCsk7n3UWqPleEuC38C-XlycMuvQyLiC5XYPW3wH3WOdZG9MVAm1e9xv4V/pub
87. https://docs.google.com/document/d/e/2PACX-1vSzVahhfy4wVkwL3YNSrYUIV-udUbdlC3Uw11NVcVa_h5Vyzgdvyk-NIQgENBz8IjUGf_IVbZSYPyK0/pub
88. https://docs.google.com/document/d/e/2PACX-1vT5r5OvafdiQNL30CVmB9EzGAwZqx8Y2G_dS5DbNln30qmwkVTZxRyZNljO_FpuuGh5X9OX_M_FfPmu/pub
89. https://docs.google.com/document/d/e/2PACX-1vT85r-affhtqu6fTii4dh9DhnMrDywLOp7027bzgIwk8JXZilV1kIAGu78OO__2iys3Aux582KCQjBN/pub
90. https://docs.google.com/document/d/e/2PACX-1vTHf6tzn471dAx05R3JmIcbUyN1Phn0NJIMTzQGR-LBD5w0ugnVopPCFLUODZYX9X6GbzUUX83N1F03/pub
91. https://docs.google.com/document/d/e/2PACX-1vTO299w3BtWnOD29mGoOS-vQKJNiocaXb0sdIsa5FEZwcNJrSBpOJPFRJh6ZvTvcmaTFE-NSvEwzEU8/pub
92. https://docs.google.com/document/d/e/2PACX-1vToy5kLdp9E7JfJIfR9hF5dVcZvUTVnJfVG9j4YJ9L6tqFdrW3ZhvDdwfzNGhgwptzNYEJbhrqKgFbB/pub
93. https://docs.google.com/document/d/e/2PACX-1vTUlTws4vSrUYRkSD8OXL41I2hPxoxwb9B6G7jVrpiXXx6PYPFhLQKzBeOFjgg-WMHQH0T8GJX1j-rD/pub
94. https://docs.google.com/document/d/e/2PACX-1vTvvu72IhdsSsfX1sXdSg_vsk9XiJs0ksc7VVixfXqnK0W2hcjqztqbAIeQNDy0kFPE5jdvYzsAwfP2/pub
95. https://docs.google.com/document/d/e/2PACX-1vTXK7yzJ07VWz0GHxVMAMgh0-Er_aHgsn1lrSTwzXk0TM6arQIs6sOoVPf1ZVmPuNf2Ko3mmCj_9pI9/pub
96. https://docs.google.com/document/d/e/2PACX-1vTyhmloJp3DSaqwvlKR3sHkTzmEGNmRcPD8RiWz3_F8ooQKRqkn8Q5amCRE_HSE2NbwAPeYZ_voNNAP/pub
97.  
98. MALDOC DISTRIBUTION URLS
99. http://alnafidevelopers.com/quartos.php
100. http://cares.com.mx/distinctive.php
101. http://iptv.yoinicio.com/alimentary.php
102. http://iptv.yoinicio.com/antinomian.php
103. http://iptv.yoinicio.com/bled.php
104. http://iptv.yoinicio.com/plumb.php
105. https://baru.bethanyperthchurch.org.au/ammo.php
106. https://baru.bethanyperthchurch.org.au/seller.php
107. https://baru.bethanyperthchurch.org.au/uncase.php
108. https://baru.bethanyperthchurch.org.au/validly.php
109. https://cartagourmet.com/hypodermic.php
110. https://cartagourmet.com/luxuriate.php
111. https://cartagourmet.com/superscribed.php
112. https://josetyres.co.ke/ambidexterity.php
113. https://josetyres.co.ke/waterskier.php
114. https://okmms.com/obsequious.php
115. https://okmms.com/shimmer.php
116. https://okmms.com/weeper.php
117. https://roromap.com/connate.php
118. https://roromap.com/neutralized.php
119. https://roromap.com/sexily.php
120. https://roromap.com/spilt.php
121. https://roromap.com/trivia.php
122. https://sulamericacontabil.com.br/highborn.php
123. https://todolaptops.com/strangling.php
124.  
125. alnafidevelopers.com
126. bethanyperthchurch.org.au
127. cares.com.mx
128. cartagourmet.com
129. josetyres.co.ke
130. okmms.com
131. roromap.com
132. sulamericacontabil.com.br
133. todolaptops.com
134. yoinicio.com
135.  
136. MALDOC FILE HASHES
137. 1214_56873981.doc
138. 98128d32362c564c4f82d4ceef5b0aa0
139.  
140. HANCITOR PAYLOAD FILE HASHES
141. W0rd.dll
142. 9d9c0905193720761ef52b8a8b045451
143.  
144. HANCITOR C2
145. http://ductivery.com/8/forum.php
146. http://horyinwheorm.ru/8/forum.php
147. http://strucervach.ru/8/forum.php
148.