Statements (52)
Predicate | Object |
---|---|
gptkbp:instanceOf |
malware
|
gptkbp:abilities |
evade detection
download additional payloads establish persistence execute arbitrary code collect system information |
gptkbp:alsoKnownAs |
gptkb:BazarBackdoor
|
gptkbp:associatedWith |
gptkb:Conti_ransomware_group
gptkb:Wizard_Spider |
gptkbp:deliveredBy |
gptkb:Cobalt_Strike
gptkb:Conti_ransomware gptkb:Anchor_malware gptkb:Ryuk_ransomware gptkb:TrickBot malware |
gptkbp:firstObserved |
2020
|
https://www.w3.org/2000/01/rdf-schema#label |
BazarLoader malware
|
gptkbp:spreadTo |
phishing emails
malicious attachments malicious links |
gptkbp:target |
gptkb:government
gptkb:government_ministry education sector healthcare sector corporate networks Windows systems |
gptkbp:type |
loader
backdoor |
gptkbp:usedBy |
gptkb:TrickBot_group
|
gptkbp:usedFor |
remote access
initial access payload delivery |
gptkbp:uses |
gptkb:WMI
gptkb:PowerShell gptkb:Windows_Registry command and control servers encrypted communication malicious macros process injection scheduled tasks contact forms anti-analysis techniques DLL side-loading living off the land binaries Google Docs links anti-VM techniques anti-debugging techniques fileless techniques legitimate cloud services |
gptkbp:writtenBy |
gptkb:C++
|
gptkbp:bfsParent |
gptkb:Wizard_Spider_group
|
gptkbp:bfsLayer |
6
|