2021-01-25 Hancitor IOCs

1. THREAT ATTRIBUTION: HANCITOR
2.  
3. SUBJECTS OBSERVED
4. You got invoice from DocuSign Electronic Service
5. You got invoice from DocuSign Electronic Signature Service
6. You got invoice from DocuSign Service
7. You got invoice from DocuSign Signature Service
8. You got notification from DocuSign Electronic Service
9. You got notification from DocuSign Electronic Signature Service
10. You got notification from DocuSign Service
11. You got notification from DocuSign Signature Service
12. You received invoice from DocuSign Electronic Service
13. You received invoice from DocuSign Electronic Signature Service
14. You received invoice from DocuSign Service
15. You received invoice from DocuSign Signature Service
16. You received notification from DocuSign Electronic Service
17. You received notification from DocuSign Electronic Signature Service
18. You received notification from DocuSign Service
19. You received notification from DocuSign Signature Service
20.  
21. SENDERS OBSERVED
22. alelyu@alumaicehouses.com
23. be@alumaicehouses.com
24. bo@alumaicehouses.com
25. cluaqup@alumaicehouses.com
26. cpu@alumaicehouses.com
27. cyzya@alumaicehouses.com
28. dutwo@alumaicehouses.com
29. eirylyx@alumaicehouses.com
30. ekkgynu@alumaicehouses.com
31. eyadky@alumaicehouses.com
32. ezjez@alumaicehouses.com
33. fj@alumaicehouses.com
34. goanot@alumaicehouses.com
35. h@alumaicehouses.com
36. hizd@alumaicehouses.com
37. htbki@alumaicehouses.com
38. iyl@alumaicehouses.com
39. jesagju@alumaicehouses.com
40. jiadepa@alumaicehouses.com
41. jpam@alumaicehouses.com
42. kjiwuyy@alumaicehouses.com
43. kuaazob@alumaicehouses.com
44. lbaua@alumaicehouses.com
45. lhab@alumaicehouses.com
46. m@alumaicehouses.com
47. noofciv@alumaicehouses.com
48. ntaan@alumaicehouses.com
49. o@alumaicehouses.com
50. oiewu@alumaicehouses.com
51. osaafi@alumaicehouses.com
52. osofaf@alumaicehouses.com
53. ovahce@alumaicehouses.com
54. oy@alumaicehouses.com
55. pap@alumaicehouses.com
56. peenu@alumaicehouses.com
57. qaraj@alumaicehouses.com
58. qikiy@alumaicehouses.com
59. qyh@alumaicehouses.com
60. rmuvydc@alumaicehouses.com
61. sabadfa@alumaicehouses.com
62. tam@alumaicehouses.com
63. tiocodm@alumaicehouses.com
64. ufyafrw@alumaicehouses.com
65. unucid@alumaicehouses.com
66. usiyy@alumaicehouses.com
67. vyhoou@alumaicehouses.com
68. wzyqsoq@alumaicehouses.com
69. xajoqyw@alumaicehouses.com
70. xif@alumaicehouses.com
71. xmivaix@alumaicehouses.com
72. ywajiko@alumaicehouses.com
73. yxyamap@alumaicehouses.com
74. yzar@alumaicehouses.com
75. zouiru@alumaicehouses.com
76.  
77. MALDOC LANDING PAGES
78. https://docs.google.com/document/d/e/2PACX-1vQ1_Je7uI90myPQ4KNWfj1nIsp7jgHe643y_Vzd1ebPE6SN-nEgxJ84Npyrf36-aoc9p7aueMxxbGhe/pub
79. https://docs.google.com/document/d/e/2PACX-1vQKdaxX4lFB9g8wSRxyHqvgTjCUFux43yHk-qk4k9ifSwARL8GWMU06iQ5GdrlfeaeZBpfjpGjGrVwg/pub
80. https://docs.google.com/document/d/e/2PACX-1vQN9cjsrIt1Ylcv88iindn-KV4neqhgLOZLuL-IvUs9wfvmfUsq1f7eb-lVQCN5bT6C6wL1bln41LWH/pub
81. https://docs.google.com/document/d/e/2PACX-1vQnwcnIak0LcBYqmUi8lkc1wFTOvgu5FLF9Je2QLi8CtmXGWLT5015P6L-RDFxoagSqJonlQi-5TVFy/pub
82. https://docs.google.com/document/d/e/2PACX-1vQoICZ-dldzms_l0YBI7oRsj7m6dI4KKjmswjbS_4mJMJ7_tHtBP_jXKYyI7VgrER0IxTHm2lIoeu55/pub
83. https://docs.google.com/document/d/e/2PACX-1vQqwBScZ3grvDnxn0lsMnDyVoeBDxPsmpmE7Sw-53CRk_iSc-PNZh-fo62wL8qri5yIJ5BN1pvnwz82/pub
84. https://docs.google.com/document/d/e/2PACX-1vQS4NWbjkmTsypsnrqCHTtPq-Gg0gTjcAXICRGyxKYYh1YfgiI0FFRnw-Zo8IcFEQGx6CcinSP61J5t/pub
85. https://docs.google.com/document/d/e/2PACX-1vQU0xRUDcJx-OzrTXaUAeQNJzjITcmLWRzWWH64kWn9oxDuu6X7NxzLj0Rwk-gdRkOBdKCxJ8VQdrK9/pub
86. https://docs.google.com/document/d/e/2PACX-1vQUEpEGlg42rzpSfXIZxdq2K58sNTSWZ9ID9Ewyx9gEXPdUtkSponKs3rcDaIfzJ6kdMhjBO7O-o5ej/pub
87. https://docs.google.com/document/d/e/2PACX-1vQWli4NcaqMkkpjaxU5lYXtudG6cNAY5Iy-x3tY3mZRoDsidBZQ6M83VPsF9aBeGa8SPd2UbDBh9unO/pub
88. https://docs.google.com/document/d/e/2PACX-1vQZyf2g964LfMFE2wnGaC55hxbsvoONxoIoeGJxPdVlp8M6BW5ogHWwWmS01gF9fxTuEKFGwv9Qj5xG/pub
89. https://docs.google.com/document/d/e/2PACX-1vR3vb7Gz1nJsj0NRvzHFl3qn3sOgodPcNiDUkD0yGp4ZD8sXdxel64E2V64l5LfEXchf5GT68Np3XzQ/pub
90. https://docs.google.com/document/d/e/2PACX-1vR7ZSTSp4QEqrfflR_RHvqCH7r_d1jrGI5nRXTrswixTBiCOV7gVmH7tt7kenp3ws7JH4do4KlzvWzm/pub
91. https://docs.google.com/document/d/e/2PACX-1vREk4RwmF7VarHjml1BL0FOoRDiDG3_3k0Ubeklg4Qt7RMUEeT_dSWFVNBHvBXD19tUHnOj7-NahzwN/pub
92. https://docs.google.com/document/d/e/2PACX-1vRKU10gjZOGw-U-lUknfwObWnemecD62wYq8Wh-GbNZ981qePIl2HL8C1M20JY859CThNIhZ45rAmOt/pub
93. https://docs.google.com/document/d/e/2PACX-1vRRLUwM_0xUF0xH2oQIqg4wJtUq4FE1PHqjt4CMKzCGvYE5pxdGlBakNDXvkwTJkTVhMQiTr2RtMlpb/pub
94. https://docs.google.com/document/d/e/2PACX-1vRRX7i4Tfv59WqceKeQyO9HLYBqjQLFz2gTWtusxV03k8WIF62qTNQP8jbk23-SwPp37vx9NB5-sQHd/pub
95. https://docs.google.com/document/d/e/2PACX-1vRubirlEIs7wE60QTRH0N7EAMe1PVxRzDBKQWeD3TfrrFv3EvFsdJ2eookPg5W3o_X0itK6NHpfgbZ5/pub
96. https://docs.google.com/document/d/e/2PACX-1vRzSG4C9BOIaum5-FaBdokmSllPczqI8iDBy7sbJ-v4e9NeTlnPkUq7LLX1idtVr74OGX2uzsTnUCBC/pub
97. https://docs.google.com/document/d/e/2PACX-1vS5_Za0c9KgrF1YjgqSriqhPPyGxRpgz1bfa-bqc65VLGRQm_qZhAnjfF2noRpxgaYxy_LCCqQ_Q_qo/pub
98. https://docs.google.com/document/d/e/2PACX-1vSdHj4yGRn5kgVovM0cfKDo2DKbzVuhwyXShAIiu-SN5stqNCUw-E9oNDSGFde4DlNiQa2u-690u38E/pub
99. https://docs.google.com/document/d/e/2PACX-1vSknFfgPzYg_LuuNaDYe1RUUGDUvu-o1dcX1Q60zpzFzTzx_etjH6bMo4I7T3MkpJVFhNc_sIiLGwaL/pub
100. https://docs.google.com/document/d/e/2PACX-1vSKtZdbWvCFxI-vBPUBdeWqgHt8xYOSf051iO71ZtgUVk4LOoZ3Yby4aMql6KJaEJ9kEJZ-Ek4mbdNe/pub
101. https://docs.google.com/document/d/e/2PACX-1vSmWMM6Zm798ccD7aeoskT6yJSyVZKI3Q_93ou7UTwawetR5OqIPYARFOBIKXKBKMMSWaVwfRcX1Nes/pub
102. https://docs.google.com/document/d/e/2PACX-1vSnbLObjVXPZQ3WKig0e2-Be-OZRDyt_nnJ4rkDlyouIVOOIZm6zJOv3DsqrRYdZb7ljLf6nP4_DW8p/pub
103. https://docs.google.com/document/d/e/2PACX-1vSUpUZP-dJKdL0WS36A5AFwfWXrKj0-GIjAb6cSoYrhqVpYC_z2dZAuhY8RFk4kmlHz_hSajvPF3VfU/pub
104. https://docs.google.com/document/d/e/2PACX-1vSxCXnslYmOr5vzP9dvI1mvVEpTiyE_72OL4AFAGqqM0UPnLZhWaTHX716yGRzq3qgV9QL1eFHNAruk/pub
105. https://docs.google.com/document/d/e/2PACX-1vSyACtGeMlkEdRiHTte6XZirhNTiv-oazX-qKpFaZMYtB3-Fa3dhrEKl0bJSmVDhSPno3hjU9OUSFPo/pub
106. https://docs.google.com/document/d/e/2PACX-1vSZYqHcz9bZk3qNSKQlsZdao75XfJffVin97CSQoUXz-eaVW7jacFPLLi-PDg4QP5TQhN3rXuK6IpRm/pub
107. https://docs.google.com/document/d/e/2PACX-1vT5AE8NBxnsdEne0gaCIYs-ZaHk_B2cVd04stDXO1Xf9e7Rj4odrd4Y4Ab-coI3Lpi9qo7KdPpNu6Bg/pub
108. https://docs.google.com/document/d/e/2PACX-1vTDJKq9NpsrXolNfRg7_GCf6qmbr8iHpGyMwDBMYhdMpx485Sez17rDOJ6YXNdzWDUq8OmM6bn-1F81/pub
109. https://docs.google.com/document/d/e/2PACX-1vTGsMDJz3aqIlu9YtW6ldiXQJ8ILhGhQqGQvqzYkaq1iwgbZDMVppNXKYFHRFXVPtGsej8H1O0UpBLh/pub
110. https://docs.google.com/document/d/e/2PACX-1vTHbjjO8oTG_iTw7GSPFlY922YHP5ze1BJR_524irRm_Y2UpklmIg0dYypdBQh_YJlfiZnxgnB4Iro7/pub
111. https://docs.google.com/document/d/e/2PACX-1vTSmcPBtqdfvQfWxskNDWesrsLf4oHxcF3vVW-sAxDiLtrGj7dS-RZAPu9Y5Qac41vuKRlvC9ZLswo-/pub
112. https://docs.google.com/document/d/e/2PACX-1vTxi9jX1UcV4AuF4LOXVENYoMsPlARgPNSmoInOkZ4SlbUQ9SLRZcaG0vTvdYFbzYAsSG6u5gLOn5AV/pub
113.  
114. MALDOC DOWNLOAD URLS
115. http://buskrousa.com/budapest.php
116. http://buskrousa.com/mimicry.php
117. http://buskrousa.com/toner.php
118. http://vuecli.thetpainghtut.com/amperage.php
119. http://vuecli.thetpainghtut.com/seeing.php
120. http://vuecli.thetpainghtut.com/servitor.php
121. http://www.nucala.inspia.net/colombia.php
122. http://www.nucala.inspia.net/stabile.php
123. https://almi7bara.rouasyoussef.website/merry.php
124. https://almi7bara.rouasyoussef.website/unfortunate.php
125. https://electro-vest.com/clamber.php
126. https://electro-vest.com/mike.php
127. https://electro-vest.com/sixtieths.php
128. https://learnit.thetpainghtut.com/inadvertently.php
129. https://penetratinggaze.com/alleviator.php
130. https://penetratinggaze.com/murder.php
131. https://penetratinggaze.com/rebut.php
132. https://penetratinggaze.com/simplify.php
133. https://revision.dperrachidia.com/animosities.php
134. https://revision.dperrachidia.com/temporize.php
135. https://revision.dperrachidia.com/thunderburst.php
136. https://supper.videoinfolive.com/aquiline.php
137. https://supper.videoinfolive.com/connivance.php
138. https://supper.videoinfolive.com/entree.php
139. https://supper.videoinfolive.com/scampi.php
140. https://supper.videoinfolive.com/spectrometric.php
141. https://ubialergenos.es/kayak.php
142. https://wealthclubco.com/annuitant.php
143. https://wealthclubco.com/bouncer.php
144. https://wealthclubco.com/lapp.php
145.  
146. buskrousa.com
147. dperrachidia.com
148. electro-vest.com
149. inspia.net
150. penetratinggaze.com
151. rouasyoussef.website
152. thetpainghtut.com
153. ubialergenos.es
154. videoinfolive.com
155. wealthclubco.com
156.  
157. MALDOC FILE HASHES
158. 084a15bb8ae2b852f211af00310f5e6e
159. 1e56560c92077a53817d84df69636369
160. 20d16877e362e67d451c962a84b5ce5a
161. 27596520b5d6d3d2a7347cfbe7ab21e8
162. 42ef738c1096415f8f2b62e7811678a0
163. 4cd6c98117a464ca33aaab2b3d1ccea7
164. 7d114c9f162d9eed18401cfa3cd83b2e
165. 8c3570b01820a1153003b1ce90ca9250
166. 8e9dde98d52149bc5993e9d29554e81a
167. a0e72e2c42729b6f4ef6ecdca07e0c9d
168. aba9cb13893ec599ce7cec5b4c72211d
169. ba9229e506337e0432f379f77d8f523a
170. ca68992bd0ae28e507e1799ab5203d01
171. cf5795f8478309c9914f2ef78883547c
172. e1b5cb80241bd7d3921061f3745c0e22
173. e352f1bd4f4a02b8a9a9f886ac0ecb80
174. fd569e6fdfebda07ac0e756a6ffd29ed
175.  
176. HANCITOR PAYLOAD FILE HASHES
177. W0rd.dll
178. 32073c01f88d18d6c480dcd01edcc3f1
179.  
180. HANCITOR C2
181. http://anatereplage.com/8/forum.php
182.