2021-03-22 Bazar IOCs

1. THREAT IDENTIFICATION: BAZAR
2.  
3. SUBJECTS OBSERVED
4. APM Terminals -- Payment receipt # 54342747WW
5.  
6. SENDERS OBSERVED
7. [email protected]
8.  
9. MALDOC FILE HASHES
10. form_1348168160_1927608554.xls
11. f850ae7b2b87271f7e2b009a84734122
12.  
13. BAZAR PAYLOAD DOWNLOAD
14. http://ravepsychiatry.com/t/optonline.php
15. http://ravepsychiatry.com/t/sore.php
16.  
17. BAZAR PAYLOAD FILE HASHES
18. optonline.dll
19. 2c4ba65ebe45a97b6e43a971c6ad580b
20.  
21. sore.dll
22. 4aa61251226a51e9bdf40487265ab8be
23.  
24. BAZAR C2
25. None
26.  
27. SUPPORTING EVIDENCE
28. https://www.virustotal.com/gui/file/407efed8e868c0a3e8ef9dfbce26b48bdcd03b80dabdb39fadc4b16094e89bd1/details
29. https://app.any.run/tasks/31db7cea-fcf7-4bef-ba11-d3ba13fed1e6/
30.