2021-06-08 Hancitor IOCs

1. THREAT ATTRIBUTION: HANCITOR
2.  
3. HANCITOR BUILD NUMBER
4. BUILD=0806_2xvek
5.  
6. SUBJECTS OBSERVED
7. You got invoice from DocuSign Electronic Service
8. You got invoice from DocuSign Electronic Signature Service
9. You got invoice from DocuSign Service
10. You got invoice from DocuSign Signature Service
11. You got notification from DocuSign Electronic Service
12. You got notification from DocuSign Electronic Signature Service
13. You got notification from DocuSign Service
14. You got notification from DocuSign Signature Service
15. You received invoice from DocuSign Electronic Service
16. You received invoice from DocuSign Electronic Signature Service
17. You received invoice from DocuSign Service
18. You received invoice from DocuSign Signature Service
19. You received notification from DocuSign Electronic Service
20. You received notification from DocuSign Electronic Signature Service
21. You received notification from DocuSign Service
22. You received notification from DocuSign Signature Service
23.  
24. SENDERS OBSERVED
25. [email protected]
26. [email protected]
27. [email protected]
28. [email protected]
29. [email protected]
30. [email protected]
31. [email protected]
32. [email protected]
33. [email protected]
34. [email protected]
35. [email protected]
36. [email protected]
37. [email protected]
38. [email protected]
39. [email protected]
40. [email protected]
41. [email protected]
42. [email protected]
43. [email protected]
44. [email protected]
45. [email protected]
46. [email protected]
47. [email protected]
48. [email protected]
49. [email protected]
50. [email protected]
51. [email protected]
52. [email protected]
53. [email protected]
54. [email protected]
55. [email protected]
56. [email protected]
57. [email protected]
58. [email protected]
59. [email protected]
60. [email protected]
61. [email protected]
62. [email protected]
63. [email protected]
64. [email protected]
65. [email protected]
66. [email protected]
67. [email protected]
68. [email protected]
69. [email protected]
70. [email protected]
71. [email protected]
72. [email protected]
73. [email protected]
74. [email protected]
75. [email protected]
76. [email protected]
77. [email protected]
78. [email protected]
79. [email protected]
80. [email protected]
81. [email protected]
82. [email protected]
83. [email protected]
84. [email protected]
85. [email protected]
86. [email protected]
87. [email protected]
88. [email protected]
89. [email protected]
90. [email protected]
91. [email protected]
92. [email protected]
93. [email protected]
94. [email protected]
95. [email protected]
96. [email protected]
97. [email protected]
98. [email protected]
99. [email protected]
100. [email protected]
101. [email protected]
102. [email protected]
103. [email protected]
104. [email protected]
105. [email protected]
106. [email protected]
107. [email protected]
108. [email protected]
109. [email protected]
110. [email protected]
111. [email protected]
112. [email protected]
113. [email protected]
114. [email protected]
115. [email protected]
116. [email protected]
117. [email protected]
118. [email protected]
119. [email protected]
120. [email protected]
121. [email protected]
122. [email protected]
123. [email protected]
124.  
125. MALDOC PROXY DISTRIBUTION URLS
126. http://feedproxy.google.com/~r/achcrza/~3/vsl1LsuuwYA/darken.php
127. http://feedproxy.google.com/~r/anykj/~3/TtCuarFO3Ds/tatter.php
128. http://feedproxy.google.com/~r/aqdlsxol/~3/i9CvYQQ7zGQ/estranging.php
129. http://feedproxy.google.com/~r/boidwe/~3/4hpodogJaT4/force.php
130. http://feedproxy.google.com/~r/bpwmm/~3/lwpJRQb0LfA/plummet.php
131. http://feedproxy.google.com/~r/bszjuxh/~3/49chtVhTeR8/diatribe.php
132. http://feedproxy.google.com/~r/ctfodopaelb/~3/W%0D%0APc0qFiG3Ro/student.php
133. http://feedproxy.google.com/~r/ctfodopaelb/~3/WPc0qFiG3Ro/student.php
134. http://feedproxy.google.com/~r/dmnvpsdsrcm/~3/ip55LftUb-c/stipendless.php
135. http://feedproxy.google.com/~r/dykmmccfm/~3/3bhzQ9CeB9E/penumbrae.php
136. http://feedproxy.google.com/~r/eazkshoj/~3/FjbKYTWmU3U/ford.php
137. http://feedproxy.google.com/~r/embbmyfp/~3/T1YlRciflm4/microfolio.php
138. http://feedproxy.google.com/~r/eomwtapws/~3/FLb6zOmkKB0/tyke.php
139. http://feedproxy.google.com/~r/erotiamcikz/~3/-kacmPWUhrw/cordless.php
140. http://feedproxy.google.com/~r/extgsczxld/~3/sp1rYo7QdEs/brunet.php
141. http://feedproxy.google.com/~r/fiajajfjuvz/~3/PD04KvgN69g/unilateral.php
142. http://feedproxy.google.com/~r/fnnhtbcuohp/~3/ip55LftUb-c/stipendless.php
143. http://feedproxy.google.com/~r/fticgofqi/~3/6Jc-g0FC5FA/funded.php
144. http://feedproxy.google.com/~r/hanczahtwz/~3/54Py-AQlr_U/policing.php
145. http://feedproxy.google.com/~r/hdidktlz/~3/54Py-AQlr_U/policing.php
146. http://feedproxy.google.com/~r/hicvurye/~3/JPnGTxfhdYI/compactor.php
147. http://feedproxy.google.com/~r/htkdo/~3/T1YlRciflm4/microfolio.php
148. http://feedproxy.google.com/~r/ioolxrj/~3/Pd4R3-7pexk/bilevel.php
149. http://feedproxy.google.com/~r/jlspyibxi/~3/RfMxCuN6LbM/kabul.php
150. http://feedproxy.google.com/~r/juaomjjwfsw/~3/Wbmifp8uwMQ/constituency.php
151. http://feedproxy.google.com/~r/kysxsen/~3/LTllAGfdybU/cape.php
152. http://feedproxy.google.com/~r/lqmqpby/~3/vhmFFu2ZGkI/aha.php
153. http://feedproxy.google.com/~r/nvptp/~3/mZwlgmPteDI/institutional.php
154. http://feedproxy.google.com/~r/ocidtmwpvnv/~3/mwnvAT_VbCo/unamendable.php
155. http://feedproxy.google.com/~r/oxbuwtnnmo/~3/QpuFCYG4geQ/barbarian.php
156. http://feedproxy.google.com/~r/pdagfrdbh/~3/WF4wEqs6DjQ/shapelessness.php
157. http://feedproxy.google.com/~r/qpzwmtlg/~3/pdqaQGdtFEs/bakelite.php
158. http://feedproxy.google.com/~r/sldial/~3/dMfkUQuSTjQ/mph.php
159. http://feedproxy.google.com/~r/smhdeqaizot/~3/bx6FjykFngY/simultaneity.php
160. http://feedproxy.google.com/~r/spyzajnwrbl/~3/vhmFFu2ZGkI/aha.php
161. http://feedproxy.google.com/~r/txmsbpjlvdx/~3/tSIZWTkjucc/donate.php
162. http://feedproxy.google.com/~r/umegqguz/~3/GwzempQ-BE0/vehemence.php
163. http://feedproxy.google.com/~r/vbgzo/~3/nPtUeQZykwc/hare.php
164. http://feedproxy.google.com/~r/vbhezbyhu/~3/4hpodogJaT4/force.php
165. http://feedproxy.google.com/~r/vkougrmv/~3/nzgfpFP8aBs/sitcom.php
166. http://feedproxy.google.com/~r/vlbguhxhbw/~3/GV6UvQgYito/virtuous.php
167. http://feedproxy.google.com/~r/whcxyd/~3/rC0CDHGpEdI/gelatinous.php
168. http://feedproxy.google.com/~r/wnqutol/~3/-iCqgSSdsMU/hoopoe.php
169. http://feedproxy.google.com/~r/wqbzrmqqpyx/~3/ziUb07b6GGs/chlorination.php
170. http://feedproxy.google.com/~r/wvnijwiupbs/~3/BOHXg60nd5k/proadvisor.php
171. http://feedproxy.google.com/~r/wzjya/~3/vhmFFu2ZGkI/aha.php
172. http://feedproxy.google.com/~r/xgtsn/~3/dCufOc1AWCM/pictorial.php
173. http://feedproxy.google.com/~r/yrhisgkqcun/~3/O06L2ZfwnVk/imperialist.php
174. http://feedproxy.google.com/~r/yuvhi/~3/tL5m0astNEk/day.php
175.  
176. MALDOC REDIRECT DOWNLOAD URLS
177. https://airpaviliontours.com/virtuous.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+vlbguhxhbw+%28seimanetcetera%29
178. https://assistenciadeaquecedores.com/constituency.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+juaomjjwfsw+%28diversitybouillon%29
179. https://assistenciadeaquecedores.com/day.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+yuvhi+%28underchargeafterburner%29
180. https://assistenciadeaquecedores.com/kabul.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+jlspyibxi+%28goshferrite%29
181. https://assistenciadeaquecedores.com/simultaneity.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+smhdeqaizot+%28unbelovedexorcize%29
182. https://csakcserep.hu/imperialist.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+yrhisgkqcun+%28mannedrepellent%29
183. https://dev-wbs1.pantheonsite.io/force.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+vbhezbyhu+%28appraisementbe%29
184. https://panel.ppsa.in/darken.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+achcrza+%28phosphatecentime%29
185. https://piemontesasaffitti.e-bill.it/institutional.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nvptp+%28ventilatorsenseless%29
186. https://pos.nittosupport.ca/mph.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+sldial+%28ripenesssloppily%29
187. https://thiagoribeirokungfu.com/unamendable.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+ocidtmwpvnv+%28sedimentchaste%29
188. https://www.porvootransitioncare.com/tatter.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+anykj+%28squawkabhorrer%29
189. https://www.shiksharatna.com/policing.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+hanczahtwz+%28euphoniousbear%29
190.  
191. airpaviliontours.com
192. assistenciadeaquecedores.com
193. csakcserep.hu
194. e-bill.it
195. nittosupport.ca
196. pantheonsite.io
197. porvootransitioncare.com
198. ppsa.in
199. shiksharatna.com
200. thiagoribeirokungfu.com
201.  
202. HANCITOR MALDOC FILE HASHES
203. 02c4f753108081c7f52389a45a7f228d
204. 68c9ced15e2b7bcc4b7ad7bb5462afa2
205. 737925a806043690bb4245a4897dbc84
206. 8f16fed4d428ae25781ea82a05c55c30
207. a031e7e304561145c6c20f924d3f107b
208. a34aee2dba01707667d2a3a06066c7de
209.  
210. HANCITOR PAYLOAD FILE HASH
211. omsh.dll
212. cdee38da67289ef49f9d0c64a14fb22a
213.  
214. HANCITOR C2
215. http://aniumbougual.ru/8/forum.php
216. http://cogymbealpar.ru/8/forum.php
217. http://threcenvionsh.com/8/forum.php
218.  
219.  
220.  
221.