Hancitor IRS and SolarWinds Phishing IOCs Oct 5, 2017

1. Hancitor Oct 5, 2017 IRS and SolarWinds Phish IOCs
2. From: [email protected]
3. Subject: FW: IRS
4. From: [email protected]
5. Subject: Make Hacking Difficult
6.  
7. SolarWinds Downloaded document name: ebook_<6 digits >.doc
8. SolarWindows SHA256: 3ab1f686ce7355bd4405e66aacb148cea198ceb26cd1c0b15b9ddd7c3d68a682
9.  
10. IRS Downloaded document name: subpoena_<6 digits>.doc
11. IRS Document SHA256:3ab1f686ce7355bd4405e66aacb148cea198ceb26cd1c0b15b9ddd7c3d68a682
12.  
13. Phishing URLs
14. all4insurance.com/[email protected]
15. creatingmiracleswithmalas.com
16. creatingmiracleswithmalas.net
17. goal-link.com
18. integralund.com
19. prayersmalasandmiracle.com
20. prayersmalasandmiracles.com
21. prayersmalasandmiracles.net
22. satyainstitute.biz
23. satyainstitute.com
24. satyainstitute.info
25. satyainstitute.net
26. satyawholesale.com
27.  
28. C2 domains
29. http://talwilwasled.com/ls5/forum.php
30. http://wasidrinve.ru/ls5/forum.php
31. http://dapahedtsed.ru/ls5/forum.php
32.  
33. Malware Download URLs
34. http://timwaters.com.au/wp-includes/pomo/2
35. http://thijsfeuth.nl/plugins/files/2
36. http://lelukauppa.pro/wp-includes/pomo/3
37. http://timwaters.com.au/wp-includes/pomo/3
38. http://thijsfeuth.nl/plugins/files/3
39.  
40. File1 SHA256: b10ca7fcbce3fa534f7a53c366ee823817465a49b004998fd80e07e5c64e14d8
41. File2 SHA256: d85a58776e5230c18fd1e5cf8f3c7cc5efb4bac4efe741958a3118168ea5414b
42. File3 SHA256: 5ac18efce332a9bebcc46fbcb2c7944ae7ed382be3460b0bacb00aea8e1b14e0