API tools faq
paste
ExecuteMalware

2021-06-15 BazarCall IOCs

ExecuteMalware
Jun 15th, 2021
18,129
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.21 KB | None | 0 0
raw download clone embed print report
  1. THREAT ATTRIBUTION: BAZARCALL / BAZARLOADER
  2.  
  3. SENDERS OBSERVED
  4. [email protected]
  5. [email protected]
  6. [email protected]
  7. [email protected]
  8. [email protected]
  9.  
  10. SUBJECTS OBSERVED
  11. FWD: Automated premium subscription update notice VC7############## 🤗
  12. Your free trial version ends soon, VC7############## . Your premium plan will immediately renew itself.
  13. Your free trial version will expire soon, VC7############## . Your membership will immediately re-new itself.
  14. Your trial offer will expire really soon, VC7############## . Your premium plan will instantly renew itself.
  15. Your trial offer will expire soon, VC7############## . Your premium will immediately renew itself.
  16.  
  17. LURE PHONE NUMBER
  18. +1 213 401 2706
  19.  
  20. MALDOC LANDING PAGE URLS
  21. https://zonerphotos.com/
  22.  
  23. MALDOC DOWNLOAD URLS
  24. https://zonerphotos.com/cancel.php
  25.  
  26. MALDOC (XLSB) FILE HASHES
  27. cancel_sub_VC7##############.xlsb
  28. 94e15e803bee24cb13ed11498d3abb9d
  29.  
  30. BAZARLOADER PAYLOAD DOWNLOAD URLs
  31. First call is to:
  32. http://195.123.222.109/
  33.  
  34. which does a 302 redirect to:
  35. http://th4c910ma9puls.xyz/xe1t23ym0s.php
  36.  
  37. BAZARLOADER FILE HASHES
  38. gz5oOdsKu.dll
  39. a4d96695e894dd22feb7e3e3b0dd6887
  40.  
  41. BAZARLOADER C2
  42. https://172.83.155.161/corp/sentinel
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!