2021-04-08 BazarCall IOCs

1. THREAT IDENTIFICATION: BAZARCALL
2.  
3. SENDER EMAILS
4. [email protected]
5. [email protected]
6.  
7. SUBJECTS
8. Your premium plan demo expires in 24 hours 0408########
9. Your current premium demo expires in 48 hours 0408########
10. Your current premium plan trial ends in 24 hours 0408########
11. Your current premium plan trial ends in 24 hours 0408########
12. Your premium demo expires in 3 days 0408#########
13. Your current premium plan trial ends in 24 hours 0408########
14. Your current premium trial ends in 48 hours 0408########
15. Your current premium trial expires in 3 days 0408########
16.  
17. LURE PHONE NUMBER
18. +1 901 584 0490
19.  
20. MALDOC LANDING PAGE URLS
21. https://bookpoint.us
22. https://bookspoint.us
23. https://pointbook.us
24. https://pointbooks.us
25. https://subsbookpoint.us
26. https://worldbookpoint.com
27.  
28. bookpoint.us
29. bookspoint.us
30. pointbook.us
31. pointbooks.us
32. subsbookpoint.us
33. worldbookpoint.com
34.  
35. MALDOC DOWNLOAD URLS
36. https://bokpoint.xyz/unsubscribe
37. https://bokspoint.xyz/unsubscribe
38. https://pointbok.xyz/unsubscribe
39. https://pointboks.xyz/unsubscribe
40.  
41. bokpoint.xyz
42. bokspoint.xyz
43. pointbok.xyz
44. pointboks.xyz
45.  
46. MALDOC (XLSB) FILE HASHES
47. 713ff91d0faecdc317dbdb22cf30afe3
48. 7c06f05b2d96542bc7a6997c5e3f4cb4
49. 9d39f307b0d6276450038cca7568b2cc
50. a18c5031cb91caf0818448ec313773f5
51. dd0068e6af3b638e96b09a2e0ec6f051
52.  
53. PAYLOAD DOWNLOAD URLS
54. http://dance4.xyz/campo/d8/d9
55.  
56. ADDITIONAL DROPPED FILES
57. 14118.doy
58. 61f9ff7edf0a1ff6888e541124226553
59.  
60. 14118.xlsb
61. 61f9ff7edf0a1ff6888e541124226553
62.  
63. 14118.biy
64. 0d90eb265cfe49b20037673845bd0c3c
65.