API tools faq
paste
ExecuteMalware

2021-04-27 BazarCall IOCs

ExecuteMalware
Apr 27th, 2021
17,143
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.04 KB | None | 0 0
raw download clone embed print report
  1. THREAT IDENTIFICATION: BAZARCALL
  2.  
  3. SENDERS OBSERVED
  4. [email protected]
  5. [email protected]
  6. [email protected]
  7. [email protected]
  8.  
  9. SUBJECTS OBSERVED
  10. Congratulations! Your order has been approved.
  11. Congratulations! Your order was approved.
  12. Well done! Your order has been approved.
  13. Your order Z0012############ has been confirmed. Address delivery will not take long!
  14.  
  15. LURE PHONE NUMBER
  16. 1 323 540 5822
  17.  
  18. MALDOC LANDING PAGE URLS
  19. https://prinpro.us
  20. https://printequip.us
  21. https://printools.us
  22. https://proprin.us
  23. https://profiprint.us
  24.  
  25. MALDOC DOWNLOAD URLS
  26. https://prinpro.us/cancel.php
  27. https://printequip.us/cancel.php
  28.  
  29. https://printools.us/cancel.php
  30. 302 to:
  31. https://printools.us/suspicious-traffic
  32.  
  33. MALDOC (XLSB) FILE HASHES
  34. order_Z0012112202927225.xlsb
  35. ae7ee17fe1beca77792942d4401c3f50
  36.  
  37. ADDITIONAL/CAMPO LOADER FILES
  38. 28222.dr1
  39. 547a4e8b1b3bf3359785479e768fa246
  40.  
  41. 28222.dr2
  42. 547a4e8b1b3bf3359785479e768fa246
  43.  
  44. 28222.dr3
  45. fe696977648eed8a2b0ab9dcdd70aca2
  46.  
  47. CAMPO LOADER PAYLOAD DOWNLOAD URLS
  48. http://lie3.xyz/campo/li/e3
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!