Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: BAZARCALL / BAZARLOADER
- SENDERS OBSERVED
- Joerg.brauch@web.de
- mallory.86money@yahoo.com
- MaryjaneViel1984@mail.com
- RosamondGalapon@usa.com
- sophiajwn@mail.com
- SUBJECTS OBSERVED
- FWD: Automated premium subscription update notice VC7############## 🤗
- Your free trial version ends soon, VC7############## . Your premium plan will immediately renew itself.
- Your free trial version will expire soon, VC7############## . Your membership will immediately re-new itself.
- Your trial offer will expire really soon, VC7############## . Your premium plan will instantly renew itself.
- Your trial offer will expire soon, VC7############## . Your premium will immediately renew itself.
- LURE PHONE NUMBER
- +1 213 401 2706
- MALDOC LANDING PAGE URLS
- https://zonerphotos.com/
- MALDOC DOWNLOAD URLS
- https://zonerphotos.com/cancel.php
- MALDOC (XLSB) FILE HASHES
- cancel_sub_VC7##############.xlsb
- 94e15e803bee24cb13ed11498d3abb9d
- BAZARLOADER PAYLOAD DOWNLOAD URLs
- First call is to:
- http://195.123.222.109/
- which does a 302 redirect to:
- http://th4c910ma9puls.xyz/xe1t23ym0s.php
- BAZARLOADER FILE HASHES
- gz5oOdsKu.dll
- a4d96695e894dd22feb7e3e3b0dd6887
- BAZARLOADER C2
- https://172.83.155.161/corp/sentinel
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement