Threat Intelligence – Bazarcall Malware Latest IOCs

0

The malware identified first as Anchor. The anchor is a sophisticated backdoor that served as a module to a subset of TrickBot installations. Operating since August 2018 it is not delivered to everybody, but the contrary is delivered only to high-profile targets. Since its C2 communication scheme is very similar to the one implemented in the early TrickBot, multiple experts believe it could be attributed to the same authors. Due to similarities in code and usage of the two different malware families in the same intrusions. In 2020 the Bazar malware family entered and again many associated it with the same group behind Trickbot. Below are the latest indicators of compromise.


Credits : Research by ExecuteMalware

Indicators of Compromise

THREAT IDENTIFICATION: BAZARCALL

SENDER EMAILS
[email protected] [.]com
[email protected] [.]com
[email protected] [.]com

SUBJECTS
Do you want to extend your free period ###########?
Do you want to extend your free trial ###########?
Free period for ############ will come to the end end in 3 days
Free trial period for ############ ends in three days
Free trial period for ############ will end in 3 days
Your free period ########### is about to end!
Your free trial ########### is about to end!

LURE PHONE NUMBER
Not available

MALDOC DOWNLOAD URLS
https://buyimers [.]us/unsubscribe [.]html
https://geticart [.]us/unsubscribe [.]html
https://getmers [.]us/unsubscribe [.]html
https://gobcs [.]us/unsubscribe [.]html
https://goimed [.]us/unsubscribe [.]html

buyimers [.]us
geticart [.]us
getmers [.]us
gobcs [.]us
goimed [.]us

MALDOC (XLSB) FILE HASHES
09740a9d5d1b3d09d64d22d019567784
1974d98db0e8867165b008f7c46404a1
5a8f6aa70fae15ba88c0c159c30f923d
cdd3aacf99acd2a4e339914c480a6afd

LURE PHONE NUMBERS
Unknown

PAYLOAD DOWNLOAD URLS
http://beauty1 [.]xyz/campo/l/l1

ADDITONAL PAYLOAD FILE HASHES
1163 [.]pk9
dd6cdec2609c165cc64b3bc22be5fe20

1163 [.]ph5
99bfec83b97bd216e06117c6468b19db

1163 [.]xlsb
99bfec83b97bd216e06117c6468b19db


Previous articleURL Redirection – Prevention and Detection of Malicious Redirects
Next articleThreat Intelligence – HANCITOR Malware Latest IOCs
Balaganesh is a Incident Responder. Certified Ethical Hacker, Penetration Tester, Security blogger, Founder & Author of Soc Investigation.

LEAVE A REPLY

Please enter your comment!
Please enter your name here