Statements (52)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:malware
|
| gptkbp:abilities |
evade detection
download additional payloads establish persistence execute arbitrary code collect system information |
| gptkbp:alsoKnownAs |
gptkb:BazarBackdoor
|
| gptkbp:associatedWith |
gptkb:Conti_ransomware_group
gptkb:Wizard_Spider |
| gptkbp:deliveredBy |
gptkb:Cobalt_Strike
gptkb:Conti_ransomware gptkb:Anchor_malware gptkb:Ryuk_ransomware gptkb:TrickBot gptkb:malware |
| gptkbp:firstObserved |
2020
|
| gptkbp:spreadTo |
phishing emails
malicious attachments malicious links |
| gptkbp:target |
gptkb:government
gptkb:government_ministry education sector healthcare sector corporate networks Windows systems |
| gptkbp:type |
loader
backdoor |
| gptkbp:usedBy |
gptkb:TrickBot_group
|
| gptkbp:usedFor |
remote access
initial access payload delivery |
| gptkbp:uses |
gptkb:WMI
gptkb:PowerShell gptkb:Windows_Registry command and control servers encrypted communication malicious macros process injection scheduled tasks contact forms anti-analysis techniques DLL side-loading living off the land binaries Google Docs links anti-VM techniques anti-debugging techniques fileless techniques legitimate cloud services |
| gptkbp:writtenBy |
gptkb:C++
|
| gptkbp:bfsParent |
gptkb:Wizard_Spider_group
|
| gptkbp:bfsLayer |
7
|
| https://www.w3.org/2000/01/rdf-schema#label |
BazarLoader malware
|