2021-07-30 BazarCall IOCs

1. THREAT ATTRIBUTION: BAZARCALL
2.  
3. SUBJECTS OBSERVED
4. Car accident demand notification
5. Crucial notice! Abandoned place of vehicle accident
6. L0#########
7. Motor vehicle accident report
8.  
9. SENDERS OBSERVED
10. [email protected]
11. [email protected]
12. [email protected]
13. [email protected]
14.  
15. LURE PHONE NUMBER
16. +1 646 980 6856
17.  
18. EMAIL BODY
19. Meagher Insurance company
20. Re: Left site of vehicle accident on 07.22.2021
21. Request No.: L0#########
22.  
23. Greetings, dear <First> <Last>,
24. This notification is accepted as an authenticated notice that bank payment is being requested from for the automobile accident that has taken place on 07.22.2021. The total demand amount, with direct payments included, is $346.87
25. Kindly give us a phone call at +18646298056856
26. Monday to Friday from 9 am to 6 pm. Our customer support will assist you in getting the complete info on the vehicle accident along with videos, images of the vehicle plate, and all the other sensitive information about this certain scene.
27. As it was highlighted before the location of a automobile accident was abandoned. By following our insurance company's policy, we'll have to report this vehicle accident to the police after 3 days, please give us a phone call as soon as you can to take care of this inconvenience.
28.  
29. Thank you,
30. Meagher Insurance company
31.  
32. MALDOC LANDING PAGES
33. https://meagherinsurance.net/
34. https://meagherinsurance.net/case
35.  
36. MALDOC DOWNLOAD URL
37. https://meagherinsurance.net/download.php
38.  
39. BAZARCALL MALDOC FILE HASHES
40. case_L0277271758.xlsb
41. bca5d2db1447e42e8d2d22d8bbb4378e
42.  
43. BAZARLOADER PAYLOAD DOWNLOAD URL
44. http://185.158.250.200/index.php
45. http://185.158.250.200/main.php
46.  
47. BAZARLOADER PAYLOAD FILE HASHES
48. I was filtered from getting the payload DLL.
49.  
50. BAZARLOADER C2
51. N/A
52.