2020-08-26 TA505 IOCs

1. Given that the same subject is used, these may be stragglers from yesterday.
2.  
3. THREAT ATTRIBUTION: TA505
4.  
5. SUBJECTS OBSERVED
6. MONITORING REPORT
7.  
8. SENDERS OBSERVED
9. ricardo@tornado.com.br
10. sales@funkyflavors.pl
11.  
12. MALDOC FILE HASH
13. None
14.  
15. PAYLOAD FILE HASH
16. None
17.  
18. MALDOC LANDING PAGE URLS
19. http://audio-pa-service.de/9xfxp.html
20. http://vodoustoichivshperplat.com/1xiif.html
21.  
22. MALDOC DISTRIBUTION URLS
23. https://filesharess.com/?d-297c5e5ae9ea4c5f
24.  
25. TA505 C2s
26. box-cdn.com
27. first-destin.com
28.  
29. SUPPORTING EVIDENCE
30. https://twitter.com/stoerchl/status/1298539371927351298