Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: BAZAR
- SUBJECTS OBSERVED
- Re: my call
- SENDERS OBSERVED
- sale@globalcashier[.]net
- assist@visavirtualbox[.]com
- tech@2brightlights[.]com
- team@visavirtualbox[.]com
- ticket@floridastatedivorce[.]com
- sale@littlernews[.]us
- team@thinkyoucandraw[.]info
- BAZAR PAYLOAD FILE HASHES
- Report13-10[.]exe
- cbdad2d72c1baacebe006d568d7859df
- DIGITAL SIGNATURE
- SNAB-RESURS, OOO
- LANDING PAGE URLS
- hxxps://docs[.]google[.]com/document/d/e/2PACX-1vQhfrsWRcG6_9XyhKcPtZCaO3qDNPnJtZStnf0m_vnkXdJuBPfmp_ErZqXzbg7tA0TLqWo7Vmh733aL/pub
- BAZAR C2
- hxxps://3[.]137[.]180[.]197/
- This resolves to: cuprinc[.]com
- ADDITIONAL PAYLOADS
- hxxps://34[.]221[.]202[.]231/bont/vnt
- hxxps://34[.]221[.]202[.]231/bont/past
- ADDITIONAL FILE HASHES
- ZIh3aplxwVwlJsyd-M6v
- addccf7798728f7f661e0f46bc661511
- iHzlat3KGi0b7oNw1h18
- 09bd533db6f05ad05f5414d2101e96f2
- SUPPORTING EVIDENCE
- https://twitter.com/James_inthe_box/status/1316009750086123523
Add Comment
Please, Sign In to add comment