Hackers target employees of banks and financial services

1. Indicators of Compromise
2.  
3. Target Industry
4. Finance & Banking
5.  
6. Locations Targeted
7. U.S., UK
8.  
9. Email Subject Lines Used
10. Re-Confirm Details
11. SWIFT COPY
12. Transaction slip
13. Confirmation
14. TRANSFR
15. bank transfer
16. bank slip
17.  
18. Hashes
19. 739110ba3a95568803a48c2ac21c860058cd82f7512605103e79fdb8e0ceb8e2
20. Ea6dd952f98a8445b9fe7bfe4a903cffe9f3dc1f20c3e63970048b5423d7378f
21. Ade9a6e8995a58b71c55e2116ad3956a6e7cafce9a5fee50e9d8506f1cfa5a9a
22. B3b2988f8bf4881d7a7774a52a06a49e9a942e8587b8e2b1ec4754a3eb157bb1
23. 56b51220f1a41f316f26f0312590d3b4222185e407a1256766b6cb1c5de98635
24. 1a3dd0fc8a4725048776c596a2a77f5d9dc5b62e3d99cb60617f3ed5182b2f5b
25. 589ea2ae48ba41c11eca1bad367b333a91ec7298ca9a38135ae0e4263ccd0392
26. Fcc9ffdc225e6ac608a4a498fcce4290b2089a026cb57f0ee82a616fcd735140
27. C958d28cecc1cdba9e0a9e6caf9d194f17989905d1677d90e11c4647a88b42bf
28. 828482782171fe0c3980ec9454887806757c2bf6d6d0c35ea408e9b65e2ec581
29.  
30. Malicious URLs Sent via Email
31. https://storage.googleapis.com/officexel/Remittance%20invoice.zip
32. https://storage.googleapis.com/officexel/TT%20COPY.zip
33. https://storage.googleapis.com/officexel/new%20slip.zip
34. https://storage.googleapis.com/officexel/Transfer%20invoice.zip
35. https://storage.googleapis.com/officexel/transfer.gz
36. https://storage.googleapis.com/officexel/Swift%20Invoice.zip
37. https://storage.googleapis.com/officexel/payment%20slip.zip
38. https://storage.googleapis.com/officexel/bank%20slip.zip
39.  
40. Second-Stage Downloader URLs
41. http://rccgovercomersabuja.org/jre.zip
42.  
43. CnC Domain
44. pm2bitcoin.com
45. fud.fudcrypt.com