BazarLoader malware

GPTKB entity

Statements (52)
Predicate Object
gptkbp:instanceOf malware
gptkbp:abilities evade detection
download additional payloads
establish persistence
execute arbitrary code
collect system information
gptkbp:alsoKnownAs gptkb:BazarBackdoor
gptkbp:associatedWith gptkb:Conti_ransomware_group
gptkb:Wizard_Spider
gptkbp:deliveredBy gptkb:Cobalt_Strike
gptkb:Conti_ransomware
gptkb:Anchor_malware
gptkb:Ryuk_ransomware
gptkb:TrickBot
malware
gptkbp:firstObserved 2020
https://www.w3.org/2000/01/rdf-schema#label BazarLoader malware
gptkbp:spreadTo phishing emails
malicious attachments
malicious links
gptkbp:target gptkb:government
gptkb:government_ministry
education sector
healthcare sector
corporate networks
Windows systems
gptkbp:type loader
backdoor
gptkbp:usedBy gptkb:TrickBot_group
gptkbp:usedFor remote access
initial access
payload delivery
gptkbp:uses gptkb:WMI
gptkb:PowerShell
gptkb:Windows_Registry
command and control servers
encrypted communication
malicious macros
process injection
scheduled tasks
contact forms
anti-analysis techniques
DLL side-loading
living off the land binaries
Google Docs links
anti-VM techniques
anti-debugging techniques
fileless techniques
legitimate cloud services
gptkbp:writtenBy gptkb:C++
gptkbp:bfsParent gptkb:Wizard_Spider_group
gptkbp:bfsLayer 6