2021-02-15 Likely Bazar/BazarLoader IOCs

1. THREAT IDENTIFICATION: Bazar/BazarLoader/CobaltStrike Stager??
2.  
3. The landing page had been taken down by the time I tried to get the payload.
4.  
5. SUBJECTS OBSERVED
6. , lawyer request
7. Lastname, lawyer request
8.  
9. SENDERS OBSERVED
10. chelsey.dupre@secondnaturephotography.com
11. Cheryl.Quattro@live-operators.com
12. Emily.Woods@newdayrefinancing.com
13. INSERT.INTO@secondnaturephotography.com
14. Jennifer.Lusty@secondnaturephotography.com
15. Julie.Dixon@secondnaturephotography.com
16. Kimberly.Finch@live-operators.com
17. Kimberly.Finch@newdayrefinancing.com
18. Linda.Garrett@newdayrefinancing.com
19. Matthew.Wiley@newdayrefinancing.com
20. Mike.Fiorello@secondnaturephotography.com
21. Que.Walker@secondnaturephotography.com
22. Tammy.Ung@newdayrefinancing.com
23. Tammy.Ung@secondnaturephotography.com
24.  
25. BAZAR LANDING PAGES
26. https://lawyer-complaint-request-11f.subscribemenow.com/
27.  
28. BAZAR MALDOC FILE HASHES
29. N/A
30.  
31. BAZAR PAYLOAD DOWNLOAD
32. N/A
33.  
34. BAZAR PAYLOAD FILE HASHES
35. N/A
36.  
37. BAZAR C2
38. N/A