2021-09-21 Squirrel Waffle IOCs

THREAT IDENTIFICATION:  SQUIRREL WAFFLE

SUBJECTS OBSERVED
Reused email threads

SENDERS OBSERVED
pmante@hharajabelalkhaleejjfree.ml.harajabelalkhaleej.com
deshaun61@bvolunteer.codebits.ro

ZIP FILE DISTRIBUTION URLS
https://banyanproductosacupuntura.com/voluptates-consectetur/omnis.zip
https://banyanproductosacupuntura.com/voluptates-consectetur/documents.zip

https://panel.top-gaming.ro/omnis-doloremque/occaecati.zip
https://panel.top-gaming.ro/omnis-doloremque/documents.zip

ZIP FILE HASHES
omnis.zip
932dbef475840bd24f10fdce3943c194

occaecati.zip
3538dcb012a21941d8810ee3d1aeef57

MALDOC FILE HASHES
chart-1370132943.xls
6bdea269e62ad46ea44c6a2aa06da9f9

chart-398227237.xls
031a1d0be3b41b239ac6ea9499809120

CONTACTED DOMAINS/PAYLOAD DOWNLOAD DOMAINS
generatorulubabanu.ro
ottawaprocessservers.ca
totallybaked.ca

PAYLOAD FILE HASHES
test1.test
3a5ea4c159d47bfb5720d2eb86b1f6e0

test2.test
1f6c33771d79228f2d232c72edaeb3e7

SQUIRREL WAFFLE C2 (POST DATA)
http://arimeto.lv/Nm70oAfwB
http://gitamschool.com/oZbs0Oqw7uv
http://eresourcesmoneymarket.com/JbVwdgaV6l
http://flyershipmanager.com/SGAsORYsywt
http://deanandwilconstruction.com/UXEvfuIlhws