2021-02-17 Buerloader IOCs

1. THREAT IDENTIFICATION: BUERLOADER
2.  
3. SUBJECTS OBSERVED
4. order 4667845 Package
5.  
6. SENDERS OBSERVED
7. Stewart@kiekhafer.com
8.  
9. BUERLOADER MALDOC FILE HASHES
10. Invoice-2823338
11. f71117b4bf6ab18ef9bf4b1bb45d6709
12.  
13. BUERLOADER PAYLOAD DOWNLOAD
14. https://forcemc.digital/image/v
15.  
16. BUERLOADER PAYLOAD FILE HASHES
17. v
18. e23246d5a16fd344dfd2fc7177d43890
19.  
20. Renamed as:
21. msversion.dll
22. e23246d5a16fd344dfd2fc7177d43890
23.  
24. BUERLOADER C2
25. http://complexofferstobakn.com
26.  
27. SUPPORTING EVIDENCE
28. https://app.any.run/tasks/4575e4e4-648c-4ad0-9f25-fb781c737a97/
29. https://www.virustotal.com/gui/file/f4f02f78b8d89ed5063773985d4ad7b4c9205417b34787fb945f739134a85a8b/detection