ThreatFox IOC Database
You are viewing the ThreatFox database entry for url https://87.120.254.96/en-us/issue/run.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2026-06-14 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 244235 |
|---|---|
| IOC: | https://87.120.254.96/en-us/issue/run |
| IOC Type : | url |
| Threat Type : | botnet_cc |
| Malware: | BazarBackdoor |
| Malware alias: | BEERBOT, KEGTAP, Team9Backdoor, bazaloader, bazarloader |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS34224 NETERRA-AS |
| Country: |  BG |
| First seen: | 2021-11-05 15:38:31 UTC |
| Last seen: | never |
| UUID: | 6db5e9c4-3e4e-11ec-8ab6-42010aa4000a |
| Reporter |  AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | bazaloader |
| Reference: | https://tria.ge/211105-sqvj9shcer |
AndreGironda
MITRE T1566.001Date: Fri, 5 Nov 2021 13:00-13:30 +0000
Received: from cpe-98-151-41-31.hawaii.res.rr.com ([98.151.41.31]:27469 helo=localhost)
From: cathy@caweeks.com
Subject: Re: New mail [44]
Message-ID: <97b58d1250c789f03c000a92308e8d2a@127.0.0.1>
X-Mailer: SAP Web Application Server 7.01
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="b1_97b58d1250c789f03c000a92308e8d2a"
X-CMAE-Envelope: MS4xfOEn7QUMvBxbnjLRXJ3ojplkxwywL7q++YLQtGV5JA6ckVh395wfLo8Jv1XkTWHyRA3wyZXuFuDOFQajHCjCFq51lr8GkGLmsHY1anj5DewfVkrnYpNg
xCaM/P4os/KMRxOO2xOU9nCNvUstJx88BqB3fjTgX8P1HWlMrYHQhduYBBE/aqooYiPsxWrVMVya9cD5zIbM30SpL6482XQ9w9GRHbj0hMgyzbdJmuQItG4a
Return-Path: cathy@caweeks.com
Attachment Name: request.zip
Attachment SHA256: 81b6b6539fa184fd36e129b07a35fce65dcf77e356b3928a671c68e358273541
Unzipped Maldoc Name: facts_11.05.2021.doc
Maldoc SHA256: bbbe0e6e0b64a634f3e5dc20a1abb64dd85afc9fceeb3b43a1add628015a5f8d
Stage URL: hXXp://sawakeg[.]com/boolk/50312/72132/leh5?sid=qVQLzrpnA7D1X3KwCPse4y00h&cid=HIXyiQ
Stage DLL Name: leh11.dll
BazaLoader DLL SHA256: ae4cfb919cd440c66895ff6bd5d34ef2066d51d127a2ac825a3746497da32768