2020-12-03 Hancitor IOCs

1. THREAT ATTRIBUTION: HANCITOR
2.  
3. SUBJECTS OBSERVED
4. You got invoice from DocuSign Service
5. You got invoice from DocuSign Signature Service
6. You got notification from DocuSign Electronic Service
7. You got notification from DocuSign Electronic Signature Service
8. You got notification from DocuSign Signature Service
9. You received invoice from DocuSign Electronic Signature Service
10. You received notification from DocuSign Electronic Service
11. You received notification from DocuSign Electronic Signature Service
12.  
13. SENDERS OBSERVED
14. beeteaz@freitasforcongress.com
15. h@freitasforcongress.com
16. iaqemcq@freitasforcongress.com
17. kibgul@freitasforcongress.com
18. pi@freitasforcongress.com
19. qati@freitasforcongress.com
20. tubduyl@freitasforcongress.com
21. uwia@freitasforcongress.com
22. uy@freitasforcongress.com
23. xajr@freitasforcongress.com
24. xkqiiqc@freitasforcongress.com
25. ydasamc@freitasforcongress.com
26. yqame@freitasforcongress.com
27.  
28. MALDOC LANDING PAGE URLS
29. https://docs.google.com/document/d/e/2PACX-1vQ_p_O0RnyCPT59fi9hZ4vKTv4L3ptFx7NgyBi5tIQl_4qCc6nGK_YQZlBiEmn0oFLNGorvV3wWymK9/pub
30. https://docs.google.com/document/d/e/2PACX-1vQbjuiEhFqZN2Pm-7LjKTTCi0IzWLYaE3cpGVbuDX7c-pSyz-PcmiPspV7Ap43yhw0n4hQqby4P5ZpL/pub
31. https://docs.google.com/document/d/e/2PACX-1vRdxuSu2d_SWPaeKgcy-Y5Vf71wvOmnwk-ucelWOcAcm0IeJ6ujIXeBcBcG8ds9BPZgNmtZWGgI_D2u/pub
32. https://docs.google.com/document/d/e/2PACX-1vS74Vmn8bOlqeZ4djsdTXxlxrbz0-Mk2TcPAV0MzTaaEn9xoPK_R7XL5UJsExICkJxKZd4AtdJOUuj-/pub
33. https://docs.google.com/document/d/e/2PACX-1vS7HeaYEk8iCFGeuQmF4rM-IPEFVycH_b1gniVeUmBuz9Fs6tCOfmSNnNMMH_zx188XnVCpch8q0YnG/pub
34. https://docs.google.com/document/d/e/2PACX-1vT_goUdSxos1NVwl21bsAlIOf7RNbRXllzQ3IByzCLGbZxv2F6qVS2TjlhgkEDppXn0YwKIj7GGcprX/pub
35. https://docs.google.com/document/d/e/2PACX-1vTDiAadKKpBIvA3kZZYS-KBeuJYTkNHqCeY3AuRhP_Rn0jfPAjUOj6ePFVgLV2HhFI7uzYw3Mv1jTte/pub
36. https://docs.google.com/document/d/e/2PACX-1vTTWwi3qSavmIOKf6cbXi12x_wDqKlElTe2TLaPNwvF-YHSTvGibhhxtf9Uy_IwuSdgxbpaQs-pcyXY/pub
37. https://docs.google.com/document/d/e/2PACX-1vTYATcCb9YHqdPp984sOHXWh7iml6MZs4U_1aBQ3U5YLqfpfl9yOJMCj7B-Oyvde6UpOBbt0rkduWb8/pub
38.  
39. HANCITOR MALDOC DOWNLOAD URLS
40. http://actorwebsitereview.com/aflame.php
41. http://actorwebsitereview.com/motley.php
42. https://addcomunicaciones.cl/notepaper.php
43. https://licambala.in/unison.php
44. https://rumahsyariahmks.com/drainpipe.php
45. https://rumahsyariahmks.com/laytime.php
46. https://rumahsyariahmks.com/laytime.php
47.  
48. actorwebsitereview.com
49. addcomunicaciones.cl
50. licambala.in
51. rumahsyariahmks.com
52.  
53. HANCITOR MALDOC FILE HASHES
54. 1203_286068331.doc
55. 2708faf8ee132d347f20bfb8b3b30318
56.  
57. HANCITOR PAYLOAD FILE HASHES
58. W0rd.dll
59. 9caa0469ae2ebbb5ff528c7711e7e489
60.  
61. HANCITOR C2
62. http://bandieve.com/8/forum.php
63. http://decturnearrips.ru/8/forum.php
64. http://looduchavens.ru/8/forum.php
65.