THREAT IDENTIFICATION:  BAZARLOADER

SUBJECTS OBSERVED
UP INV - #36954733 .

SENDERS OBSERVED
Jeff@katalystdm.com

ZIP FILE HASHES
26857748-2685.zip
4d08b49896f9ec1ea0d737d01bab6552

HTA FILE HASHES
26857748-2685.hta
b02a365b0713d887ceb7f67c52a1807e

POWERSHELL DOWNLOAD URL
http://pgd-primskovo.si/premiernote.php

PAYLOAD DOWNLOAD URLS
https://asseddiq.com/rocket.pdf

PAYLOAD FILE HASH
rocket.pdf
C9D74775CB5CFB43E118CFB43D71BC20

BAZARLOADER C2
https://104.143.94.101/social/research

SUPPORTING EVIDENCE
https://urlhaus.abuse.ch/url/1999309/

OTHER URLS FROM MEMORY STRINGS
(May or may not be associated with BazarLoader)
https://104.143.94.101:443
https://162.55.32.153:443
https://194.15.113.155:443
https://80.71.158.106:443