|
gptkbp:instanceOf
|
malware
|
|
gptkbp:abilities
|
file upload
persistence
remote command execution
file download
C2 communication
|
|
gptkbp:alsoKnownAs
|
gptkb:BazarLoader
gptkb:Team9_Backdoor
|
|
gptkbp:associatedWith
|
gptkb:Conti_ransomware
gptkb:TrickBot_group
|
|
gptkbp:C2Communication
|
HTTPS
TLS
|
|
gptkbp:deliveredBy
|
phishing emails
malicious attachments
malicious links
|
|
gptkbp:detects
|
gptkb:Kaspersky
gptkb:Malwarebytes
gptkb:ESET
gptkb:Symantec
gptkb:Microsoft_Defender
|
|
gptkbp:firstObserved
|
2020
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
BazarBackdoor
|
|
gptkbp:industry
|
gptkb:government
education
finance
healthcare
retail
|
|
gptkbp:notable_campaign
|
gptkb:Conti_ransomware_operations
2020-2021 ransomware attacks
|
|
gptkbp:operatingSystem
|
gptkb:Windows
|
|
gptkbp:relatedTo
|
gptkb:Cobalt_Strike
gptkb:Anchor_malware
gptkb:Ryuk_ransomware
gptkb:TrickBot
|
|
gptkbp:technique
|
process injection
anti-analysis
DLL side-loading
anti-debugging
living off the land binaries
anti-VM
encrypted C2 traffic
fileless execution
|
|
gptkbp:threats
|
high
|
|
gptkbp:usedBy
|
cybercriminals
|
|
gptkbp:usedFor
|
malware delivery
initial access
ransomware deployment
|
|
gptkbp:usesMalware
|
loader
backdoor
|
|
gptkbp:writtenBy
|
gptkb:C++
C
|
|
gptkbp:bfsParent
|
gptkb:BazarLoader
gptkb:Wizard_Spider_group
|
|
gptkbp:bfsLayer
|
6
|