Threat Intelligence – Bazarcall Malware Latest IOCs

2

The malware identified first as Anchor. The anchor is a sophisticated backdoor that served as a module to a subset of TrickBot installations. Operating since August 2018 it is not delivered to everybody, but the contrary is delivered only to high-profile targets. Since its C2 communication scheme is very similar to the one implemented in the early TrickBot, multiple experts believe it could be attributed to the same authors. Due to similarities in code and usage of the two different malware families in the same intrusions. In 2020 the Bazar malware family entered and again many associated it with the same group behind Trickbot. Below are the latest indicators of compromise.

Credits : Research by ExecuteMalware

Indicators of Compromise (IOCs)

THREAT IDENTIFICATION: BAZARCALL

SENDER EMAILS
faxihokosene@portalpapoaberto [.]com [.]br
filefewugydyno@portalpapoaberto [.]com [.]br
giqefema@proctjo [.]com
info@icartservice [.]net
jisytimykoki@portalpapoaberto [.]com [.]br
kabukywamo@proctjo [.]com
milykiwarekuno@gudrunteich [.]de
nananugysafa@gudrunteich [.]de
qibycemawusy@portalpapoaberto [.]com [.]br
sonjarc@a-1american [.]com
tosadu@portalpapoaberto [.]com [.]br
wejuporipyhe@portalpapoaberto [.]com [.]br
xalahy@gdpower [.]in
zaduguwy@portalpapoaberto [.]com [.]br
zafono@saleslandbuy [.]com

SUBJECTS
Thank you for using your free trial BCS23966243 [.] Time to move on!
Thank you for using your free trial BCS26389287 [.] Time to move on!
Thank you for using your free trial BCS99265033 [.] Time to move on!
Thank you for using your free trial BRT14657407 [.] Time to move on!
Thank you for using your free trial RMN19210127 [.] Time to move on!
Thank you for using your free trial RMN19641041 [.] Time to move on!
Thank you for using your free trial RMN51345416 [.] Time to move on!
Thank you for using your free trial RMN70334312 [.] Time to move on!
Thank you for using your free trial RMN94086834 [.] Time to move on!
Want to extend your free trial BCS34406373?
Want to extend your free trial BCS54350607?
Want to extend your free trial BCS64613015?
Want to extend your free trial RMN73387479?
Your free trial BCS11366563 is about to end!
Your free trial BCS32105877 has come to end!
Your free trial BCS35182778 has come to end!
Your free trial BCS80641479 has come to end!
Your free trial BCS89578312 is about to end!
Your free trial period BCS28590629 is almost over!
Your free trial period BCS73715158 is almost over!
Your free trial period BCS75791231 is almost over!
Your free trial period RMN36009603 is almost over!
Your free trial period RMN73387479 is almost over!
Your free trial RMN08929556 is about to end!
Your free trial RMN63918729 has come to end!
Your free trial RMN84417160 is about to end!

PHONE NUMBER
1 323 521 5338

EMAIL BODY
Dear Customer, #BCS26389287

Your free trial period is almost over… How’s it going so far?

You have provided a payment method which will be used to continue your subscription .
Due to the plan you chose you will be billed $89 [.]99 per month as soon as your free trial will be expired.
We are really excited that you are with us, let’s move to premium!
Don’t forget about our new referral system! Get up to 25% off your monthly bill! Just bring friends!

Incase you might want to change/drop the subcription, contact the Customer Service Center at: 1 323 521 5338 or visit our website.

Don’t forget to leave a comment about us!

We are always glad to see you on our website .

Sincerely,
Medical Reminder Service

5901 W Century Blvd #750, Los Angeles, CA 90045
Copyright © 2021 Medical reminder service, Inc.All rights reserved.
1 323 521 5338

Previous articleTop 5 Best Open Source Threat Intelligence Feeds
Next articleThreat Intelligence – HANCITOR Malware Latest IOCs
BalaGanesh
Balaganesh is a Incident Responder. Certified Ethical Hacker, Penetration Tester, Security blogger, Founder & Author of Soc Investigation.

LEAVE A REPLY

Please enter your comment!
Please enter your name here