← Back to Pulse Feed
PULSE DETAIL
Contact Forms is a campaign that uses a web site's contact form to email malicious links disguised as some sort of legal complaint. We've seen this campaign push BazarLoader malware and distribute Sliver, but recently it's been pushing IcedID (Bokbot). Most of the time, the Contact Forms campaign uses a "Stolen Images Evidence" theme, with emails stating a supposed violation of the Digital Millennium Copyright Act (DMCA).
MITRE ATT&CK & Malware Families
Indicators of Compromise (25)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | b873bfa8dec8c3a1f62c30903e59e849 | MD5 of fba9dd0ebb8d838fa394cda10dca50450d8c0fc6158deff38904072140d64507 | 2021-12-16 | |
| FileHash-MD5 | c681c785d6055a1d5a8fe74403c9dfe9 | MD5 of f9c4a119234df78e1ad71b10fb0bf18622fd5245b72b93e5b71992f20cb9fd2e | 2021-12-16 | |
| FileHash-MD5 | c7c45636ca690acdab7fba1e9d126f8b | MD5 of cfc202b44509f2f607d365858a8218dfdc6b26f8087efcc5e46f4fef9ab53705 | 2021-12-16 | |
| FileHash-MD5 | d4469032dd2fa795e7eeb995a3b7f1f1 | MD5 of 5b2751fa6c0c93f8f625375a87c8f235d7b61eb9941633f59cf2ec18352f915a | 2021-12-16 | |
| FileHash-SHA1 | 2c4aaefe0c20843db9b9f4996d42c7563b081097 | SHA1 of fba9dd0ebb8d838fa394cda10dca50450d8c0fc6158deff38904072140d64507 | 2021-12-16 | |
| FileHash-SHA1 | 50713534b62404d6f502a3efa129460fd7fb6927 | SHA1 of f9c4a119234df78e1ad71b10fb0bf18622fd5245b72b93e5b71992f20cb9fd2e | 2021-12-16 | |
| FileHash-SHA1 | 61376304cd90786813a80680a92cef03fedb6484 | SHA1 of cfc202b44509f2f607d365858a8218dfdc6b26f8087efcc5e46f4fef9ab53705 | 2021-12-16 | |
| FileHash-SHA1 | e5157c3c82726be307f329b198a9223fdf6bf48b | SHA1 of 5b2751fa6c0c93f8f625375a87c8f235d7b61eb9941633f59cf2ec18352f915a | 2021-12-16 | |
| FileHash-SHA256 | 0cc2afa847096e322c014f04f54b405902ce2613c555fb6b36fc4f93d53ba2a5 | — | 2021-12-16 | |
| FileHash-SHA256 | 0e1fa8cc5697d60664e9bf5fb4ef6af14d63d7f31f0b1565e0ff0e7ce86af735 | — | 2021-12-16 | |
| FileHash-SHA256 | 4fbf01e80561ac1528b50e3a49b7b7bf8139decf62c3653672a545cfec7deee5 | — | 2021-12-16 | |
| FileHash-SHA256 | 5b2751fa6c0c93f8f625375a87c8f235d7b61eb9941633f59cf2ec18352f915a | — | 2021-12-16 | |
| FileHash-SHA256 | b71f914f40d146462cafac5f360f816d59366be377268b33d0d4688917950223 | — | 2021-12-16 | |
| FileHash-SHA256 | c7d3cabf68151b9207d6262f3fd739f70f18a736a5a8d04479150f08448bd7bf | — | 2021-12-16 | |
| FileHash-SHA256 | cfc202b44509f2f607d365858a8218dfdc6b26f8087efcc5e46f4fef9ab53705 | — | 2021-12-16 | |
| FileHash-SHA256 | f9c4a119234df78e1ad71b10fb0bf18622fd5245b72b93e5b71992f20cb9fd2e | — | 2021-12-16 | |
| FileHash-SHA256 | fba9dd0ebb8d838fa394cda10dca50450d8c0fc6158deff38904072140d64507 | — | 2021-12-16 | |
| URL | http://149.91.89.17/soft/musicbee.dll | fba9dd0ebb8d838fa394cda10dca50450d8c0fc6158deff38904072140d64507 | 2021-12-16 | |
| URL | http://192.34.109.104/download/HI1FA3OB3N7D9.dll | f9c4a119234df78e1ad71b10fb0bf18622fd5245b72b93e5b71992f20cb9fd2e | 2021-12-16 | |
| URL | http://hdgravity.com/ | cab538fd1647961eb35348c1bd84e1fde389ad89672587d2fe3c007a0bc9e67f | 2021-12-16 | |
| domain | asrspoe.com | — | 2021-12-16 | |
| domain | bqtconsulting.com | — | 2021-12-16 | |
| domain | hdgravity.com | — | 2021-12-16 | |
| domain | maruadix.top | — | 2021-12-16 | |
| hostname | api.musicbee.getlist.destinycraftpe.com | — | 2021-12-16 |