2021-03-30 BazarCall IOCs

1. THREAT IDENTIFICATION: BAZARCALL
2.  
3. SENDER EMAILS
4. [email protected]
5. [email protected]
6. [email protected]
7.  
8. SUBJECTS
9. Do you want to extend your free period ###########?
10. Do you want to extend your free trial ###########?
11. Free period for ############ will come to the end end in 3 days
12. Free trial period for ############ ends in three days
13. Free trial period for ############ will end in 3 days
14. Your free period ########### is about to end!
15. Your free trial ########### is about to end!
16.  
17. LURE PHONE NUMBER
18. Not available
19.  
20. MALDOC DOWNLOAD URLS
21. https://buyimers.us/unsubscribe.html
22. https://geticart.us/unsubscribe.html
23. https://getmers.us/unsubscribe.html
24. https://gobcs.us/unsubscribe.html
25. https://goimed.us/unsubscribe.html
26.  
27. buyimers.us
28. geticart.us
29. getmers.us
30. gobcs.us
31. goimed.us
32.  
33. MALDOC (XLSB) FILE HASHES
34. 09740a9d5d1b3d09d64d22d019567784
35. 1974d98db0e8867165b008f7c46404a1
36. 5a8f6aa70fae15ba88c0c159c30f923d
37. cdd3aacf99acd2a4e339914c480a6afd
38.  
39. LURE PHONE NUMBERS
40. Unknown
41.  
42. PAYLOAD DOWNLOAD URLS
43. http://beauty1.xyz/campo/l/l1
44.  
45. ADDITONAL PAYLOAD FILE HASHES
46. 1163.pk9
47. dd6cdec2609c165cc64b3bc22be5fe20
48.  
49. 1163.ph5
50. 99bfec83b97bd216e06117c6468b19db
51.  
52. 1163.xlsb
53. 99bfec83b97bd216e06117c6468b19db