API tools faq
paste
ExecuteMalware

2021-08-16 BazarLoader IOCs

ExecuteMalware
Aug 16th, 2021 (edited)
16,348
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.92 KB | None | 0 0
raw download clone embed print report
  1. THREAT IDENTIFICATION: BAZARLOADER
  2.  
  3. WEB FORM CONTENTS
  4. name: Amanda
  5. email: [email protected]
  6. message: Hello! My name is Amanda. Your website or a website that your
  7. organization hosts is infringing on a copyright-protected images owned
  8. by me personally. Check out this document with the links to my images
  9. you used at www.<redacted>.com and my earlier publication to obtain the
  10. evidence of my copyrights. Download it right now and check this out
  11. for yourself:
  12. https://firebasestorage.googleapis.com/v0/b/files-d6e6c.appspot.com/o/download-3dk3nvbv4ju3n.html?alt=media&token=0471b204-69d8-4a6c-914a-31a622163a92&l=105655924057099880
  13. I really believe that you deliberately infringed my legal rights under
  14. 17 U.S.C. Sec. 101 et seq. and could possibly be liable for statutory
  15. damage of up to $130,000 as set forth in Section 504 (c)(2) of the
  16. Digital Millennium Copyright Act (DMCA) therein. This message is
  17. official notification. I demand the removal of the infringing
  18. materials described above. Please be aware as a service provider, the
  19. Digital Millennium Copyright Act requires you, to eliminate and/or
  20. disable access to the infringing content upon receipt of this
  21. particular notice. In case you don't cease the use of the
  22. aforementioned infringing materials a law suit can be initiated
  23. against you. I have a strong self-belief that utilization of the
  24. copyrighted materials mentioned above as allegedly infringing is not
  25. approved by the copyright proprietor, its legal agent, or the
  26. legislation. I swear, under consequence of perjury, that the
  27. information in this message is correct and that I am the legal
  28. copyright proprietor or am authorized to act on behalf of the
  29. proprietor of an exclusive and legal right that is presumably
  30. violated. Best regards, Amanda Mays 08/16/2021
  31.  
  32. MALDOC DOWNLOAD URLS
  33. https://firebasestorage.googleapis.com/v0/b/files-d6e6c.appspot.com/o/download-3dk3nvbv4ju3n.html?alt=media&token=0471b204-69d8-4a6c-914a-31a622163a92&l=105655924057099880
  34.  
  35. https://morungato.space/nerkl23vhb4/
  36.  
  37. https://drive.google.com/uc?export=download&id=19lvLhFngyRrtg-nco6BeSUqgo6oQghBA
  38.  
  39. https://doc-04-bg-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/2btpeop445f74euco74tc5r4vlh0q3b2/1629131550000/08811926844747145094/*/19lvLhFngyRrtg-nco6BeSUqgo6oQghBA?e=download
  40.  
  41. MALDOC FILE HASHES
  42. Stolen Images Evidence.zip
  43. ed95f966a0e5866442fcd940f7c55531
  44.  
  45. Which contains:
  46. Stolen Images Evidence.js
  47. 9f4d8898110eaf2acae077b8ea6d6c5e
  48.  
  49. BAZARLOADER PAYLOAD DOWNLOAD URLS
  50. http://meshura.space/333g100/index.php
  51. http://meshura.space/333g100/main.php
  52.  
  53. BAZARLOADER PAYLOAD FILE HASHES
  54. main.php
  55. 962d7236a91febb63b34fa72ab09357e
  56.  
  57. This .dll was renamed and dropped into AppData\Local\Temp
  58.  
  59. tqPuZe.dat
  60. 962d7236a91febb63b34fa72ab09357e
  61.  
  62. BAZARLOADER C2
  63. https://104.248.30.5/static/web/issue
  64. https://104.248.18.107/static/web/issue
  65. https://165.227.136.95/static/web/issue
  66. https://165.227.131.219/static/web/issue
  67.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!