2021-01-20 Hancitor IOCs

1. THREAT ATTRIBUTION: HANCITOR
2.  
3. SUBJECTS OBSERVED
4. You got invoice from DocuSign Electronic Service
5. You got invoice from DocuSign Electronic Signature Service
6. You got invoice from DocuSign Signature Service
7. You got notification from DocuSign Electronic Service
8. You got notification from DocuSign Electronic Signature Service
9. You got notification from DocuSign Service
10. You got notification from DocuSign Signature Service
11. You received invoice from DocuSign Electronic Signature Service
12. You received invoice from DocuSign Service
13. You received notification from DocuSign Electronic Service
14. You received notification from DocuSign Electronic Signature Service
15. You received notification from DocuSign Service
16. You received notification from DocuSign Signature Service
17.  
18. SENDERS OBSERVED
19. aaayq@alumaice.fish
20. bkko@alumaice.fish
21. bnitc@alumaice.fish
22. ce@alumaice.fish
23. cyakvyi@alumaice.fish
24. defuop@alumaice.fish
25. dgahu@alumaice.fish
26. evo@alumaice.fish
27. hit@alumaice.fish
28. i@alumaice.fish
29. k@alumaice.fish
30. kivi@alumaice.fish
31. sawoeu@alumaice.fish
32. tijebuj@alumaice.fish
33. uueowra@alumaice.fish
34.  
35. MALDOC LANDING PAGE URLS
36. https://docs.google.com/document/d/e/2PACX-1vQbPb8b_cZDBT5pFOuEOkRV3ENtkI6fmPQb7EgkYuHrAbawXzx9wWMHE4SAXeNsd3pFMJxKlAx3ygy3/pub
37. https://docs.google.com/document/d/e/2PACX-1vQGioG7e53y2eWiidaPeN_xJqgBuDDEpJVgzNLrrEF1rAq7tUBfm9_2RiNJJ0LRYSV2LatXGwmqHxFm/pub
38. https://docs.google.com/document/d/e/2PACX-1vRqBsWfmhxsWRHp_NjmFnk7oD7rFYpO66k0MBvth_q-uO_4rnlcsKMWIdnwNNs5bPPQmXG7pRD8YF7m/pub
39. https://docs.google.com/document/d/e/2PACX-1vRxiLHOWOxtqJD5rEDymgLRx0wP8Hb6XN1HkyV1-FHn2MBQQ4yOq1S5P5gC9vGxbs-1NJcZi_xFs3xY/pub
40. https://docs.google.com/document/d/e/2PACX-1vS3kl2BjTPJQxUGKKWDsz1ixVXh5K0UpzD4Fr2WE8B2r2vw9GE8F9AJg8m1DgciMe-qAT9cPJKa_V0w/pub
41. https://docs.google.com/document/d/e/2PACX-1vS3Q3J1gnvrxgPe20t7Y6fkYf7pQIMraGf7BqAa-aILj11t6wRwx3fyo1OZhYjtI4d1CQPoOT8XMTHM/pub
42. https://docs.google.com/document/d/e/2PACX-1vT2-sHe-PyUXDKxKEXpJ8zzTc1dvoEg4dyg0uDXbOHo_pFqT6PxuHCsDSQQsBtm8AWZuHwsw_qsYfYT/pub
43. https://docs.google.com/document/d/e/2PACX-1vTcjkKxCdlbDyyHjJpEoPzBcgRS1i-cV-NkpjVduoowEVvgc1l1iZz-U9_qUpt_HEEvhQRQDR_IVTld/pub
44. https://docs.google.com/document/d/e/2PACX-1vThBNOltaZPbQuQY0my7j7FW06u8crhbo9VZGWdbtuoi1vkHMi-MNhqRhTWMTEVBzqp6P3sqryAGynd/pub
45. https://docs.google.com/document/d/e/2PACX-1vThQjpuYs7Mu54njNVCpAMJREQAmzhZde2d4BkMaK7QqbNL__7dJCxyg2fapJIilY2Zm1AjSW0yeOjF/pub
46. https://docs.google.com/document/d/e/2PACX-1vTKl0MZPnEMNkdpPGEEPHrYz56YZ6RqkdJJWlC4Z7e3Kzw31kqehHZxqfMGwUI_vbUoHFvB7MMb6NjG/pub
47. https://docs.google.com/document/d/e/2PACX-1vTNgMcjXoDq32bLVyJ-zlQzie1_yZstQDmIkqC8pBBRaqOpF_oeJqt478Cvpx6OudV1wVTOH8J3-Mv-/pub
48. https://docs.google.com/document/d/e/2PACX-1vTnlyTFc7alg3lTkrLQU1WrWtmQ367zMFLZnNi0Le5sDiLWSfE71uGVuDBq4Ncgazv2p8N30bWnu9MU/pub
49.  
50. MALDOC DISTRIBUTION URLS
51. http://buskrousa.com/wp-content/filial.php
52. http://www.nucala.inspia.net/PHPMailer/examples/images/leprosy.php
53. http://www.nucala.inspia.net/PHPMailer/examples/images/stealth.php
54. https://crfoil.com/share/primeval.php
55. https://crfoil.com/share/public.php
56. https://infaccocr.com/wpinfac/wp-includes/css/dist/block-directory/devulcanizing.php
57. https://infaccocr.com/wpinfac/wp-includes/css/dist/block-directory/helper.php
58. https://infaccocr.com/wpinfac/wp-includes/css/dist/block-directory/particularly.php
59. https://penetratinggaze.com/wp/wp-includes/js/tinymce/langs/enfolding.php
60. https://tomasiete.com/dieteticaynutricion.com.mx/wp-admin/css/colors/blue/prosperity.php
61. https://www.lennyzbarsky.com/sites/all/themes/vossen/js/plugins/glacial.php
62. https://www.lennyzbarsky.com/sites/all/themes/vossen/js/plugins/psychosexually.php
63.  
64. buskrousa.com
65. crfoil.com
66. infaccocr.com
67. inspia.net
68. lennyzbarsky.com
69. penetratinggaze.com
70. tomasiete.com