2020-08-12 TA505 IOCs

1. THREAT ATTRIBUTION: TA505
2.  
3. SUBJECTS OBSERVED
4. Updated Finance Dept. Assignments
5.  
6. SENDERS OBSERVED
7. accounting@fuji[.]co[.]th
8. acct-ar@ekadharma[.]co[.]id
9. admin@lcc-allgaeu[.]de
10. administracion@mosa[.]com[.]mx
11. angeli@inrete[.]com
12. carla[.]merli@pergamino[.]gob[.]ar
13. chen-hj@tsinghua[.]edu[.]cn
14. chris_lo@cyberpowersystems[.]com[.]tw
15. contact@gancorp[.]fr
16. contact@yamani-ks[.]co[.]jp
17. curriculum@linkey[.]it
18. egon@altek-laser[.]dk
19. fetisova[.]natalia@santa[.]by
20. guy@azd[.]com[.]au
21. highway@bizlogistics[.]biz
22. hui_liu@priver[.]com
23. info@erenhasgroup[.]com
24. info@kobe-nextage[.]com
25. info@sanderc[.]net
26. info@soroban[.]or[.]jp
27. info@sunbig[.]net
28. info@sushiart[.]cz
29. kadry@ekk-wagon[.]pl
30. lab@fauna-fish[.]by
31. list@aaart[.]edu
32. m[.]logel@hans-associes[.]fr
33. m[.]maccari@comune[.]corciano[.]pg[.]it
34. maria[.]escobar@pergamino[.]gob[.]ar
35. maurice[.]corver@deimac[.]nl
36. morimoto@amibrand[.]co[.]jp
37. mundodacerveja@mundodacerveja[.]com
38. o[.]gueye@synthesis-sn[.]com
39. office@sfk-hoellrigl[.]at
40. osmanbaysal@baysallar[.]com
41. postmaster@ixchelent[.]com
42. rainer[.]behrends@erf[.]de
43. respllpp@comune[.]corciano[.]pg[.]it
44. sanchezgarces@dr[.]teknon[.]es
45. scouts@sonningscouts[.]co[.]uk
46. thanij@blpower[.]co[.]th
47. viajesislamar@group-team[.]com
48. weicheng@dgrise[.]com
49. ys2320[.]kim@samco1[.]co[.]kr
50. ziolkowskak@terbud[.]pl
51.  
52. MALDOC FILE HASH
53. 258d275e5483df0432664569018d105d
54. 76518e28fc8c37ed346585c632732d01
55.  
56. PAYLOAD FILE HASH
57. 665453a0b3488eb243921adaeb79da3d
58.  
59. MALDOC LANDING PAGE URLS
60. hxxp://150[.]60[.]3[.]44/04aowo[.]html
61. hxxp://198[.]91[.]87[.]97/sxuoz8s[.]html
62. hxxp://aaa-architecten[.]nl/3xa9[.]html
63. hxxp://buresova-obrazy[.]wz[.]cz/8omcp[.]html
64. hxxp://caavfx248[.]secure[.]ne[.]jp/ek3ecp[.]html
65. hxxp://cgmt[.]co[.]id/vipd[.]html
66. hxxp://coolnovelties[.]co[.]uk/a9k87[.]html
67. hxxp://dashingleather[.]com/5yfo[.]html
68. hxxp://decor8[.]ie/9qpr7y[.]html
69. hxxp://deechtebol[.]com/hadtz6[.]html
70. hxxp://dmatica[.]it/4xcs[.]html
71. hxxp://eatondesigns[.]com/9jkd[.]html
72. hxxp://izmsj[.]co[.]jp/~y-kubota/wc8r5[.]html
73. hxxp://jesamcorp[.]com/yxduf[.]html
74. hxxp://jlcarral[.]com/ylype[.]html
75. hxxp://jmvisuals[.]com/dzc45[.]html
76. hxxp://mwt[.]net/~blainee/gkxnfr[.]html
77. hxxp://ntskeptics[.]org/ew7do[.]html
78. hxxp://nyittc[.]com/apbux[.]html
79. hxxp://petzel[.]be/kae443[.]html
80. hxxp://sabre[.]com[.]tw/nm95[.]html
81. hxxp://scgis[.]co[.]uk/6235ig[.]html
82. hxxp://seapower-italia[.]it/x9vg[.]html
83. hxxp://sistemishop[.]it/fwplbl[.]html
84. hxxp://sorrentotransport[.]com/yvn6cv5[.]html
85. hxxp://spadework[.]org/yuyfkfj[.]html
86. hxxp://spiralfolderrollers[.]com/om5kx[.]html
87. hxxp://staceydodge[.]com/zyqkfem[.]html
88. hxxp://streamfisherman[.]net/23gqs[.]html
89. hxxp://theswimshop[.]co[.]za/i0t72[.]html
90. hxxp://tomsonguitars[.]co[.]uk/nk0j7r[.]html
91. hxxp://unser-en[.]de/ql9s3t[.]html
92. hxxp://wallflore[.]de/nyj7h[.]html
93. hxxp://www[.]1120[.]com[.]tw/44md2[.]html
94. hxxp://www[.]bluecrabhosting[.]co[.]uk/a1ralfa[.]html
95. hxxp://www[.]everestgroupcorp[.]com/b0zbrpf[.]html
96. hxxp://www[.]ozonatory24[.]pl/~ozonator/t63b9z[.]html
97. hxxp://www[.]skegness[.]net/xwm9llc[.]html
98. hxxp://www4176uc[.]sakura[.]ne[.]jp/~n-harada/hraq[.]html
99.  
100. MALDOC DISTRIBUTION URLS
101. hxxps://dl1[.]tremd-space[.]com
102.  
103. TA505 C2s
104. band-switch[.]com