2018-07-31 Hancitor Maldoc Distribution URLs

2018-07-31 Hancitor Maldoc Distribution URLs
IRS themed malspam delivering hancitor
sender: irs@aubodyshop.com

hxxp://cliptrips.com
hxxp://cliptrips.net
hxxp://cliptrips.org
hxxp://destinationvasectomy.info
hxxp://great-harvest.biz
hxxp://great-harvest.info
hxxp://great-harvest.us
hxxp://greatharvest.co
hxxp://greatharvest.info
hxxp://greatharvestbirmingham.com
hxxp://greatharvestbread.co
hxxp://greatharvestbread.info
hxxp://greatharvestbreadco.info
hxxp://greatharvestbreadco.net
hxxp://greatharvestfranchising.com
hxxp://marychurchphotography.info
hxxp://marychurchphotography.net
hxxp://racheldessinphotography.com
hxxp://racheldessinphotography.net
hxxp://racheldessinphotography.org
hxxp://richlandbrewingco.com

HANCITOR MALDOC FROM DISTRO URLs
MD5 2e7e8c35a842695a5d2b799af9b05578
SHA1 c84e1bf31d755f816779134f863e131e80f11fb9
SHA256 5ef79883fa78daaa2aeba3816f650e6fc5cf69a0f14138adf891b6dfd8999165

HANCITOR C2
hxxp://terabsedsand.ru/4/forum.php
hxxp://fortryhowpar.com/4/forum.php
hxxp://widingwilid.ru/4/forum.php

PONY / EVILPONY / PANDA BANKER PAYLOAD URLS
hxxp://uptowndermatologyandaesthetics.com/wp-content/plugins/header-footer/lib/easytabs/1
http://newswriting.com/wp-content/plugins/disable-comments/includes/1
http://powerplaygenerators.com/wp-content/plugins/et-shortcodes/1
hxxp://uptowndermatologyandaesthetics.com/wp-content/plugins/header-footer/lib/easytabs/2
http://newswriting.com/wp-content/plugins/disable-comments/includes/2
http://powerplaygenerators.com/wp-content/plugins/et-shortcodes/2
hxxp://uptowndermatologyandaesthetics.com/wp-content/plugins/header-footer/lib/easytabs/3
http://newswriting.com/wp-content/plugins/disable-comments/includes/3
http://powerplaygenerators.com/wp-content/plugins/et-shortcodes/3

PONY / EVILPONY C2
hxxp://fortryhowpar.com/mlu/forum.php
hxxp://fortryhowpar.com/d2/about.php

PANDA BANKER DOMAIN
nauseorofte.ru


additional payload URLS courtesy of @Techhelplist
https://pastebin.com/raw/f9J4wTA6