TEHDİT TANIMI: HANCITOR 

Hancitor (Chanitor olarak da bilinir), sosyal mühendislik teknikleriyle temelde kötü niyetli bağlantılarla gömülü phishing e-postaları ve içinde kötü amaçlı makro içeren Microsoft Office belgesi yoluyla yayılan 2013 yılında ortaya çıktı ve halen günümüzde siber tehdit aktörleri tarafından kullanılmaktadır. 

Aşağıda görüldüğü gibi en son IoC’ler bulunmaktadır. 

 

GÖZLENEN KONULAR 

DocuSign Elektronik Hizmetinden fatura aldınız (You got invoice from DocuSign Electronic Service) 

DocuSign Elektronik İmza Hizmetinden fatura aldınız (You got invoice from DocuSign Electronic Signature Service) 

DocuSign Hizmetinden fatura aldınız (You got invoice from DocuSign Service) 

DocuSign Elektronik İmza Hizmetinden bildirim aldınız (You got notification from DocuSign Electronic Signature Service) 

DocuSign Hizmetinden bildirim aldınız (You got notification from DocuSign Service) 

DocuSign İmza Hizmetinden bildirim aldınız (You got notification from DocuSign Signature Service) 

DocuSign Elektronik İmza Hizmetinden fatura aldınız (You received invoice from DocuSign Electronic Signature Service) 

DocuSign İmza Hizmetinden fatura aldınız (You received invoice from DocuSign Signature Service) 

DocuSign Elektronik Hizmetinden bildirim aldınız (You received notification from DocuSign Electronic Service) 

DocuSign Elektronik İmza Hizmetinden bildirim aldınız (You received notification from DocuSign Electronic Signature Service) 

DocuSign İmza Hizmetinden bildirim aldınız (You received notification from DocuSign Signature Service) 

 

Indicators of Compromise 

GÖNDERENLER GÖZLEMLENDİ  (SENDERS OBSERVED ) 

anxyhqi@skidsteersnowtires [.]com  

cli@skidsteersnowtires [.]com  

ddowigy@skidsteersnowtires [.]com  

eeoybot@skidsteersnowtires [.]com  

eogof@skidsteersnowtires [.]com  

gtsiyf@skidsteersnowtires [.]com  

lycsfiz@skidsteersnowtires [.]com  

mar@skidsteersnowtires [.]com  

mwouhaf@skidsteersnowtires [.]com  

tilegp@skidsteersnowtires [.]com  

tiz@skidsteersnowtires [.]com  

uaqoye@skidsteersnowtires [.]com  

uviqexo@skidsteersnowtires [.]com  

vnctuj@skidsteersnowtires [.]com  

voiutyy@skidsteersnowtires [.]com  

yfefwua@skidsteersnowtires [.]com  

 

MALDOC AÇILIŞ SAYFASI URLLERİ (MALDOC LANDING PAGE URLS ) 

https://docs [.]google [.]com/document/d/e/2PACX-1vQV1Y7N0-q-0vCctsRjOdqtJ2d8YChDHAdY4HqHjIkrpVMSuuOFHQub6GHNacx74GC-lljtyw-VHMF0/pub  

https://docs [.]google [.]com/document/d/e/2PACX-1vR2le5OY6eitMTv7OV1eLn4–MYdrdJ0SRvjR40Mn4hyK2BMWWiGSh67_cD0GsBRGes3ipUBNlZdTjR/pub  

https://docs [.]google [.]com/document/d/e/2PACX-1vRAgFOqsHYGVq7BZ-cm5gtcK_Gh5rGzd5vJvVloYtI5XeZGV1EgHAVlRmjS7JlO_CuFdZ10TbQjUJBV/pub  

https://docs [.]google [.]com/document/d/e/2PACX-1vSKhMosGJRhAx6nPKG1CxRA5OqFCouT4mAn581iigdj6E0kW5E7pkDM7rzgT4lHSD2w4pbfIDgqO16u/pub  

https://docs [.]google [.]com/document/d/e/2PACX-1vSllYUcuuUT4iqwFmWWSBAi4ZnCIJfd_I7MpP8pN7_D_kvyVtrFaSRUUStKL19a4N8XVHOboTo2p1S4/pub 

https://docs [.]google [.]com/document/d/e/2PACX-1vSRfbQEHuTyQW0eqqmAmeC8gNg8L9WUju07_rv4tHRn-eNfCzflVELccrZKo1Vs0h9BlE5HECXJLzrK/pub  

https://docs [.]google [.]com/document/d/e/2PACX-1vSSt6CrA6bUtz5gwU3mv6B8tCak80azHhLnd6dMsM_XVaxj7q13YfnYOikhuYuhOm2m29tG6se7t5PG/pub 

https://docs [.]google [.]com/document/d/e/2PACX-1vT4DehaB_ZFCPUCo6FPTyk0AwDNQHkO55-zrMUMiTCP9S3WYEuXa4E7qklLSmx0aT3kuGKV7EhibYF1/pub  

https://docs [.]google [.]com/document/d/e/2PACX-1vTCL_qjggEFoZ4wzusYvmPLV_mrOXN0FYiKApb3644JPU8Ivd5wKWf1p7nfb8u6GvDiMWZ2XDABkYHQ/pub  

https://docs [.]google [.]com/document/d/e/2PACX-1vTi15ayB8KwOrXxIaCUH1d03KK9-aUl7SRrqsLRzUmkoQydto93KgEMKBC8mqc2GDxUwJKb7GLERXyh/pub  

https://docs [.]google [.]com/document/d/e/2PACX-1vToBxyjYpZycUcRkK7RAHru3il-bWv7vaLAK_102cOZPv3Ff8pqbwda0pZQK8S2apVVvW-puhjQzLd3/pub  

https://docs [.]google [.]com/document/d/e/2PACX-1vTOPtRbRsBAmqOcP8PdkQ6TmvxMCD-AHEqSL76R7uk-c9TRHWajt-e_iYQ2iQ1LtG36wjH7ZkvinoNB/pub  

https://docs [.]google [.]com/document/d/e/2PACX-1vTqyJd8ZQl6kbLiiqbI-jsAQNUJBccElVWHzJBxIy7Mo11lUqD-bemTtPGfGjeGDOvReqs7IMX_VwBd/pub  

https://docs [.]google [.]com/document/d/e/2PACX-1vTslVGTV3rPJYFKSK2ulbm3mnGbSU1xUy02AwSWY9Qu_XzZeoCSMdJu63rmyQXH8hEFxissf_Yd6qiN/pub  

MALDOC DAĞITIM URLLERİ (MALDOC DISTRIBUTION URLS) 

http://tlfthelifefactory [.]com [.]au/fee [.]php  

http://www [.]capitallifesyariah [.]co [.]id/replay [.]php  

https://capasa [.]com [.]my/cycle [.]php  

https://koonol [.]mx/personably [.]php  

https://lt [.]app [.]krazyit [.]com [.]au/egor [.]php  

https://moradaimoveisjab [.]com [.]br/cranky [.]php  

https://pharmaciebougieba [.]org/gel [.]php https://uberum [.]ro/anoint [.]php  

https://uniquewebservice [.]com/wail [.]php  

capasa [.]com [.]my  

capitallifesyariah [.]co [.]id  

koonol [.]mx  

krazyit [.]com [.]au  

moradaimoveisjab [.]com [.]br  

pharmaciebougieba [.]org  

tlfthelifefactory [.]com [.]au  

uberum [.]ro  

uniquewebservice [.]com  

 

HANCITOR MALDOC DOSYASI Hash bilgileri (HANCITOR MALDOC FILE HASHES ) 

3448cc288fca67901056db4fa75d65c5 

570ea5f20ea57233801e4d8c5fbcf472  

79f7b1808de6aa49e4775799b0203329  

7ca22c035af153396354116cb1db11df  

e16b4f91101a452b9a2c5eceb8985cec  

fa3799eabf27a6c2c7834f48e5134088  

ff0131c3bad0b18758a03950179220e0  

 

HANCITOR PAYLOAD FILE HASH  

Runtime [.]dll  

c1e73a655d6cb7e796d2e490d03714c5  

HANCITOR C2  

http://stionicksilid [.]com/8/forum [.]php  

http://succupenous [.]ru/8/forum [.]php  

http://cappiasstising [.]ru/8/forum [.]php  

FICKER STEALER PAYLOAD URLS  

http://q17ar45 [.]ru/689uksdffs [.]exe  

FICKER STEALER FILE HASH  

689uksdffs [.]exe  

77be0dd6570301acac3634801676b5d7  

FICKER STEALER C2  

http://sweyblidian [.]com  

COBALT STRIKE PAYLOAD URLS  

http://q17ar45 [.]ru/3003 [.]bin  

http://q17ar45 [.]ru/3003s [.]bin  

COBALT STRIKE FILE HASHES  

3003 [.]bin 02dadaeecc3d8ba4e8b59ca4d27b54c6  

3003s [.]bin 62a46578b147897724e7e808918994e2 

COBALT STRIKE C2/ADDITIONAL TRAFFIC  

http://139 [.]60 [.]161 [.]50/Hsp1  

http://139 [.]60 [.]161 [.]50/load 

< Önceki Sonraki >