2021-02-08 Hancitor IOCs

1. THREAT ATTRIBUTION: HANCITOR
2.  
3. HANCITOR BUILD
4. BUILD=0802_ff0912
5.  
6. SUBJECTS OBSERVED
7. You got invoice from DocuSign Electronic Service
8. You got invoice from DocuSign Electronic Signature Service
9. You got invoice from DocuSign Service
10. You got invoice from DocuSign Signature Service
11. You got notification from DocuSign Electronic Service
12. You got notification from DocuSign Electronic Signature Service
13. You got notification from DocuSign Service
14. You got notification from DocuSign Signature Service
15. You received invoice from DocuSign Electronic Service
16. You received invoice from DocuSign Electronic Signature Service
17. You received invoice from DocuSign Service
18. You received invoice from DocuSign Signature Service
19. You received notification from DocuSign Electronic Service
20. You received notification from DocuSign Electronic Signature Service
21. You received notification from DocuSign Service
22. You received notification from DocuSign Signature Service
23.  
24. SENDERS OBSERVED
25. [email protected]
26. [email protected]
27. [email protected]
28. [email protected]
29. [email protected]
30. [email protected]
31. [email protected]
32. [email protected]
33. [email protected]
34. [email protected]
35. [email protected]
36. [email protected]
37. [email protected]
38. [email protected]
39. [email protected]
40. [email protected]
41. [email protected]
42. [email protected]
43. [email protected]
44. [email protected]
45. [email protected]
46. [email protected]
47. [email protected]
48. [email protected]
49. [email protected]
50. [email protected]
51. [email protected]
52. [email protected]
53. [email protected]
54. [email protected]
55. [email protected]
56. [email protected]
57. [email protected]
58. [email protected]
59. [email protected]
60. [email protected]
61. [email protected]
62. [email protected]
63. [email protected]
64. [email protected]
65.  
66. MALDOC LANDING PAGES
67. https://docs.google.com/document/d/e/2PACX-1vQ7A7hgNUzEZIhXfaBppFXCOnn_rJ15qoB7jHFMCFOiXJYZE-xoeqYVt8YjU0i_5Wm5Z4e5cawLPHWM/pub
68. https://docs.google.com/document/d/e/2PACX-1vQc8XwAxOetaoxILZsGLJgCCF2I39s_vgDHTpTDy4v9Nmh8nlZNhbCjqa8u01xY2ckettVxUsrjlSLf/pub
69. https://docs.google.com/document/d/e/2PACX-1vQeUQCdriz9ZT5dR7Byyfi4r-Y6FsHucjRbzvYLtWNmDGKfcqKyp9l4-EAFFYXHxbAWrAR-CI25e8cZ/pub
70. https://docs.google.com/document/d/e/2PACX-1vQg5Zz0TCDbhy7WFP_7qji6toEgEXolSgVf_176vF5SrqDcH5Yoc7VqG92mmiz7YVEsvbgmzvLaGOWO/pub
71. https://docs.google.com/document/d/e/2PACX-1vQsv776-VtJ5XAs29KGd3fEFlnX8xC3Lw-BO25itVwXRFAHywCW8_Tg_LE5Ap4Em2OY-99u8RvBJtTF/pub
72. https://docs.google.com/document/d/e/2PACX-1vR0ms1Ch1x_XWlmO8MNPjvrfET6213JV3e3VE0A7WvZIt1AFe1ZgURCNvqWHBYlpn3HHEBDW1ed5nwy/pub
73. https://docs.google.com/document/d/e/2PACX-1vR9XV_lngpf4hqbsZvrbWRooGyoSpuAE62-stPwRl1ym8cWwvUgDiFAbPoXA2VYZeds6Od5DFPM1zFi/pub
74. https://docs.google.com/document/d/e/2PACX-1vRBNwlzob_Bzlg7wKYFtQbecCFw1zerk6to9yUT5xXTebT548A1NRyabwuXYFMdOHGYXmvaYi8T4AFS/pub
75. https://docs.google.com/document/d/e/2PACX-1vRGsx7qNxYm_RXqxuN04AT9V5OS3NKmAZZCFC7ezCE5SZq1D717GkuAJIMLG16spFfgydPccO-mCpDr/pub
76. https://docs.google.com/document/d/e/2PACX-1vRP7ZP5jgudAzSnxnahrltpq_id3qRoS3FAsnGTPw6a38oHZHuGAplNQkZOtohAWvFpP_fmEAIE-rye/pub
77. https://docs.google.com/document/d/e/2PACX-1vRqb4WdNe61GX2s8FsO7HtUUyJ-R9_WNkFj7hWPfR1P1xiu21uueLWJtxUilNxPGTuiwSAW9h2uben8/pub
78. https://docs.google.com/document/d/e/2PACX-1vRvykmMXN0_5QNmICAfnJRHVEgIKTT5rt9b6L6IgWgfv_cshDngv-LkKzGldkNwmwzHAEzGnA9PIlGC/pub
79. https://docs.google.com/document/d/e/2PACX-1vRZ4xtfxtVExR7Cz59xCBwJL3p8Ae2c8SR-S8pKicaKKh8Aic89pybQyvJCGGCaGUI1H3q3c1ZbbFaj/pub
80. https://docs.google.com/document/d/e/2PACX-1vS-v-pl-j3kr2d1BH8w4yjhH9BUMgsKE9G4C5AWnIT8keqqhS3cDhmFsPaRDNuuh7BclHKLWJYZ6e-M/pub
81. https://docs.google.com/document/d/e/2PACX-1vSb2BaVN2_jHPvLHfNcvgwLhOcRiiA--NAXWiJ-0GyUSlSOKGkA1xfXatv6nJRNVN3O6Gg8YQwRc3sr/pub
82. https://docs.google.com/document/d/e/2PACX-1vSDwbw1FIgqM6JHOrqQTDYK_hrCP2j61E_8CufFnC1rGAeVcNtUT8d3mTWHSnMYT4PTob_3k-ulfL4d/pub
83. https://docs.google.com/document/d/e/2PACX-1vSjBH5UtTC0JcGFzDv-i9EsYhJ6MMCJ-PnqHl0JSWe-Vkc8U6kX5J-efrM1JW-HznaWDVe62FUEsRRL/pub
84. https://docs.google.com/document/d/e/2PACX-1vSPBGA3_D8dfupT021GG4VGB9a06Nm3viKAia4F2XWrjT7mhPyB0L1rKruj7DsB86Z38-EaxidoXIr8/pub
85. https://docs.google.com/document/d/e/2PACX-1vSVJvTziKsWHtQnLeokxbSLSaMREeSYM8QqpEE6zNaznH5ir-9-PJKDOGsLplymfEyhORz_lxRaafAf/pub
86. https://docs.google.com/document/d/e/2PACX-1vT6eZKPE5e_hFH5b7scxWSr-tgguWymidrQnuyPtCjLH-pMMkubT8goOFlTZTM6jJo7byL1FbCgy-sh/pub
87. https://docs.google.com/document/d/e/2PACX-1vTC5fAO7oEHK0vOKF93EqsLSkV0kiR4ppTG1tqAPXb4sXjYzYhVBOwlG-9F-6kxbhNeC8C9lRs5YsQD/pub
88. https://docs.google.com/document/d/e/2PACX-1vTCA3k-OzjxJhMVY92cVUY7Fe2RzTBDdqhQtWUPoT5ZnwO4tJourMB8dYzttyg0-QNH5c0buc4qUkbL/pub
89. https://docs.google.com/document/d/e/2PACX-1vTiJDrMl1axc13yzL5eM4GVDcxN3-2Edfhh9BohoKu0SKW6-dy1mC1FP8P71bQ18T0BkTSMPWzjnqxd/pub
90. https://docs.google.com/document/d/e/2PACX-1vTmH27LnKdpiZaqluXm3Ylu_OzjAu_vRuYGMFSzBQfOFraDXwYoP9ndVkGsJ_Vsiv2HW3aHbHV5WbIT/pub
91. https://docs.google.com/document/d/e/2PACX-1vTNyhfreXyAmUXQehCxrDTya_q-b_KBeUOK5xl3Oa4qhDHu_0gtHPqbpSwjb0Loqq1ggco6x3mUs2DR/pub
92. https://docs.google.com/document/d/e/2PACX-1vTPH08z_iqFvJsGP7vBiYlyp_NhN-oqjON6J6Lh91ar2DBcOTKu0Vvb9UjnbchVX7jmEAgWuQXy6DBT/pub
93. https://docs.google.com/document/d/e/2PACX-1vTplYw7ZZGhOHDnxT13l7E0ewon_y5dU2bSHXtviUPMOxOZEK4_wkAJHKtNOkLFYf0jovzStvSGfHqQ/pub
94. https://docs.google.com/document/d/e/2PACX-1vTTBLYAKwzmC0pCKR2tOMJYNzIbN1GAtXgQK7Mz6991IuzYh3lWYqffWrFesfb6Aiqv2q9d8a82yLv9/pub
95. https://docs.google.com/document/d/e/2PACX-1vTx5vEcPtmqRM56xrMvakJn4JO9ccccEFSzJJ3Za51IXM57V9RBrRu1159FyypBgyWSgluj5fMNcJVD/pub
96. https://docs.google.com/document/d/e/2PACX-1vTxPV1p44-UfCkOfGWWMP3RZk-5LCvmqlOW78f1oiU4TOLOibyGjHUKkWNDLjCnMae4-0vBNwMZ8oKv/pub
97.  
98. MALDOC DOWNLOAD URLS
99. http://b2b.ebike-your-life.com/alcohol.php
100. http://pkpatent.com/demagnetizing.php
101. http://pkpatent.com/shaper.php
102. http://premierpt.co.uk/ton.php
103. http://sitio.vipsaesa.com/contest.php
104. http://somdeeppalace.com/muffin.php
105. http://tonmatdoanminh.com/uninviting.php
106. https://facturasenlineamarx.com/astounded.php
107. https://facturasenlineamarx.com/tumult.php
108. https://pepselectricailservice.co.uk/severs.php
109. https://pepselectricailservice.co.uk/wore.php
110. https://thequin-nso.com/assister.php
111. https://thequin-nso.com/broccoli.php
112. https://thequin-nso.com/legislation.php
113. https://thequin-nso.com/sunny.php
114. https://verkeersregelaars-stadskanaal.nl/drunkard.php
115. https://verkeersregelaars-stadskanaal.nl/hydrodynamics.php
116.  
117. b2b.ebike-your-life.com
118. facturasenlineamarx.com
119. pepselectricailservice.co.uk
120. pkpatent.com
121. premierpt.co.uk
122. sitio.vipsaesa.com
123. somdeeppalace.com
124. thequin-nso.com
125. tonmatdoanminh.com
126. verkeersregelaars-stadskanaal.nl
127.  
128. MALDOC FILE HASHES
129. 005b6d28e0e4d3cbb5edf262992173ea
130. 145f838abc9cdf34b4f1a63b6adce9e3
131. 2c50a1051e4ffc2b1fb5060b2ece0e59
132. 5797d7959a374447e004251696460f83
133. 88d441d2d41cecbf700ed16d5437dd7a
134. 96bac8146bce311b00929b7fda53f4d4
135. 9ede28f8e3442d5493f00714c9914999
136. a32495dca86fa4eb99d41897fd2ecbf5
137. af72d6559ef94f99cc14192f67520b27
138. c8389d4422aa560a509b0992ed85c627
139. db5152aa1b2e59f5acffce64e304adcb
140. dfd671280f947d08e5627744e3cb37ab
141.  
142. HANCITOR PAYLOAD FILE HASHES
143. W0rd.dll
144. 9df3cdeb628872f0d6180d2b1b41509d
145.  
146. HANCITOR C2
147. http://satursed.com/8/forum.php
148. http://sameastar.ru/8/forum.php
149.  
150. FICKER STEALER
151. http://roanokemortgages.com/6lhjgfdghj.exe
152.  
153. FICKER STEALER FILE HASH
154. 6lhjgfdghj.exe
155. 77be0dd6570301acac3634801676b5d7
156.  
157. FICKER STEALER C2
158. http://sweyblidian.com
159. http://185.100.65.29
160.  
161.