BazarBackdoor

GPTKB entity

Statements (54)
Predicate Object
gptkbp:instanceOf malware
gptkbp:abilities file upload
persistence
remote command execution
file download
C2 communication
gptkbp:alsoKnownAs gptkb:BazarLoader
gptkb:Team9_Backdoor
gptkbp:associatedWith gptkb:Conti_ransomware
gptkb:TrickBot_group
gptkbp:C2Communication HTTPS
TLS
gptkbp:deliveredBy phishing emails
malicious attachments
malicious links
gptkbp:detects gptkb:Kaspersky
gptkb:Malwarebytes
gptkb:ESET
gptkb:Symantec
gptkb:Microsoft_Defender
gptkbp:firstObserved 2020
https://www.w3.org/2000/01/rdf-schema#label BazarBackdoor
gptkbp:industry gptkb:government
education
finance
healthcare
retail
gptkbp:notable_campaign gptkb:Conti_ransomware_operations
2020-2021 ransomware attacks
gptkbp:operatingSystem gptkb:Windows
gptkbp:relatedTo gptkb:Cobalt_Strike
gptkb:Anchor_malware
gptkb:Ryuk_ransomware
gptkb:TrickBot
gptkbp:technique process injection
anti-analysis
DLL side-loading
anti-debugging
living off the land binaries
anti-VM
encrypted C2 traffic
fileless execution
gptkbp:threats high
gptkbp:usedBy cybercriminals
gptkbp:usedFor malware delivery
initial access
ransomware deployment
gptkbp:usesMalware loader
backdoor
gptkbp:writtenBy gptkb:C++
C
gptkbp:bfsParent gptkb:BazarLoader
gptkb:Wizard_Spider_group
gptkbp:bfsLayer 6