2020-10-28 Hancitor IOCs

1. SUBJECTS OBSERVED
2. You got invoice from DocuSign Signature Service
3. You got notification from DocuSign Electronic Service
4. You got notification from DocuSign Signature Service
5. You received invoice from DocuSign Electronic Service
6. You received invoice from DocuSign Service
7. You received notification from DocuSign Electronic Service
8.  
9. SENDERS OBSERVED
10. ayeq@officedepot-lawsuit.com
11. mucorua@officedepot-lawsuit.com
12. nieaxo@officedepot-lawsuit.com
13. oxeaaru@officedepot-lawsuit.com
14. rjefevu@officedepot-lawsuit.com
15. rwbenid@officedepot-lawsuit.com
16. ue@officedepot-lawsuit.com
17.  
18. HANCITOR LANDING PAGES
19. https://docs.google.com/document/d/e/2PACX-1vQ5aBluVssnPyujaTjTgMVWa2pYKeEoT8QyPFQzZtV_DVJTb8qM8nY9pyS2kjmwuVD3BeCYJs81cuKp/pub
20. https://docs.google.com/document/d/e/2PACX-1vQ9pgNEcCxv8mUYooeBkGiIF2D6U_TP9F1vDHLAo1eRB2tjaaJlPuAItcTF9Cq-XR9HK7Fj64tyNN-O/pub
21. https://docs.google.com/document/d/e/2PACX-1vQjaunQlKD2tS0YdjmA3d3wjDMzNBxRoZx7zfEDOZCY_qyrxoI6zQdvNN7JpMMhpdvwXV1hoippLHK5/pub
22. https://docs.google.com/document/d/e/2PACX-1vQPo2_X3BfUnZX9WcQinC2Q3LZpBLnXrqkeBNAwelLzQb7ETX0iiS8X2_swqaYo8bUOHfRsUrCsluSK/pub
23. https://docs.google.com/document/d/e/2PACX-1vQu5rnWSogJfftwSDpmVUkMZrMoUNbAHUeWA2WzMO4GNbhrTK1Acvm7Vx-kkeh65X4cdI5qR%0D%0AByxwACr/pub
24. https://docs.google.com/document/d/e/2PACX-1vQu5rnWSogJfftwSDpmVUkMZrMoUNbAHUeWA2WzMO4GNbhrTK1Acvm7Vx-kkeh65X4cdI5qRByxwACr/pub
25. https://docs.google.com/document/d/e/2PACX-1vQZRRmFVn45crqXcyGDuBh87VChUHwBWmX9vG0rg1fhORii30jPl4LuCdUn8HCbTbZUCNC947U8FLbQ/pub
26. https://docs.google.com/document/d/e/2PACX-1vRAjdZVDBhnI7ErgdpacrM4ZFjvCOn_WoFFt2R0zwVzdh6mV8p64CmGaIIXLashks-jngilmHwU0C-X/pub
27. https://docs.google.com/document/d/e/2PACX-1vRg2NBSQ3RmTlsjPsZQ7LehdEXcPApF2nhdul1aOS8ss5SdRJrb-3kN5Pc0Kv0xTqsJ6jpqYGZsOzI7/pub
28. https://docs.google.com/document/d/e/2PACX-1vRMviWF-ViE0WmeyiDo8Y-qUZXRKo0F66vaPfJL58iT1g34wqVc3f6UTjkh-PWAWUQogfDabP872GOr/pub
29. https://docs.google.com/document/d/e/2PACX-1vSGJPQMuHQoQ6ZGPinr2FeQuBF0owAEOAp64gPVdTbJwL5upvYm-VQlO2kWznXWlvmShpnOj%0D%0AE37UsVl/pub
30. https://docs.google.com/document/d/e/2PACX-1vSGJPQMuHQoQ6ZGPinr2FeQuBF0owAEOAp64gPVdTbJwL5upvYm-VQlO2kWznXWlvmShpnOjE37UsVl/pub
31. https://docs.google.com/document/d/e/2PACX-1vSo46wouozVsKMFokdEPf-Twgpi1_uBZ8ws8SRIe5_B2yHVs2eOIIBYhPD6XbkC6optPiyH2TMChY9Y/pub
32. https://docs.google.com/document/d/e/2PACX-1vTbslOMerHLp9dYXrJN3Nf2C0eh8RKxCAChy1CVGUOLa7PUeX-S2z0nDOY_Wtrbsa9cVkWhfuvQgXBj/pub
33. https://docs.google.com/document/d/e/2PACX-1vTLekgyCzutzmo9I9dswUZAyyYGh6IO32DvuBJrv7_fq7pe4RQCXv7kynLiS3xcUifuGcWUtRjXyEWI/pub
34.  
35. HANCITOR MALDOC DOWNLOAD URLS
36. http://activityvoucher.co.uk/pursue.php
37. http://chaingenieros.com/market.php
38. http://czyszczeniesrebra.pl/live.php
39. http://czyszczeniesrebra.pl/speak.php
40. http://kgi.shakiltrade.com/realize.php
41. http://schrijfdrift.nl/refer.php
42. http://schrijfdrift.nl/refer.php
43. https://hrm.nxsinfotech.com/review.php
44. https://kaibophil.com/signature.php
45. https://kaibophil.com/signature.php
46. https://plasma-lcd-television.co.uk/qualify.php
47. https://sewfactory.ru/mistake.php
48. https://www.brafa.com.br/support.php
49.  
50. HANCITOR MALDOC FIE HASHES
51. office_lic_8753.xlsb
52. 32e00cba442103567906212a93977ee4
53.  
54. HANCITOR PAYLOAD DOWNLOAD URLS
55. http://breakingladd.com/k.png
56.  
57. HANCITOR PAYLOAD FILE HASHES
58. k.png
59. 28e9316fb298d2e7a3d9fd71c662b3ec
60.  
61. HANCITOR C2s
62. http://epperhaptem.com/7/forum.php
63.  
64. SECONDARY PAYLOAD DOWNLOAD URLS
65. http://partycitylawsuit.com/f3.exe
66.  
67. partycitylawsuit.com
68.  
69. SECONDARY PAYLOAD FILE HASHES
70. f3.exe
71. b2c96a156e4346838ca812b4eeb319fe
72.  
73. SECONDARY C2
74. functionalrejh.com
75. 5.63.155.126