Hancitor fake FedEx Delivery Invoice Phish IOC Oct 2, 2017

1. Hancitor fake FedEx Delivery Notice Invoice Oct 2, 2017
2. From: FedEx Shipments <[email protected]>
3. Subject: Delivery complete for parcel # <8 Digits>
4. Downloaded document name: invoice_<6 digits>.doc
5. Document SHA256: 76e21c186f3d673aeb836740a3db31fd51fb08c98b78d8d7a8cfecab71d9ec5a
6.  
7. Phishing URLs
8. cleanairexperts.com
9. gonegreensupply.com
10. http://palmbeachautomotive.com/f.php?hgb=
11. palmbeachautomotives.com
12. palmbeachmarinecontractor.com
13. palmbeachstrykers.com
14. southfloridamarinecontractor.com
15. southfloridasupply.com
16.  
17. C2 Domains
18. http://kedmolorop.com/ls5/forum.php
19. http://veledguse.ru/ls5/forum.php
20. http://etidhimand.ru/ls5/forum.php
21. pahattitbut.com
22. sehiscefo.com
23.  
24. Malware Delivery links
25. http://edgemarcenter.org/wp-content/plugins/link-to-url-post/2
26. http://fatpetesbbq.com/wp-content/plugins/advanced-custom-fields/2
27. http://priyonodr.com/wp-content/plugins/display-categories-widget/2
28. http://ufep.org/wp-content/plugins/events-manager/2
29. http://tttconstruction.co.za/wp-content/plugins/google-sitemap-generator/3
30. http://icarusplays.com/3
31. File1 SHA256: 5dd5b207e7238a51e8ae20e2f6c5b732e5110e3cbe99bf5cf3f9d9a174577687
32. File2 SHA256: c9ad51ae4fd981fc736ff0aac0a158e9973f4225be8c0fb2274ca4f86021bc2e
33. File3 SHA256: 33f205475f32ee45fc764e54441704c4e8bdb90a8aef881b77b7c4e25754517c
34.  
35. zloader rc4 key Thanks to James in the Box
36. TyweJ848wWb7o0JfQMfY6pyd6YEp0pI2