Track Common Adversary Tasks Performed Using Bazar
To know more about it, you can go through my detailed document by clicking here
Overview
How Does It Works?
Just like every other backdoor, it spreads malware by using spearphishing emails disguised as customer complaints, payroll reports, employee termination lists, etc. containing the links to the Google Docs files. Now once the users click on the link, they will be redirected to a page stating that the said Word Document or Excel Spreadsheet or PDF cannot be viewed properly and they must click on another link to open it. After clicking it, the executable appearing in the form of icons or names related to the file will be downloaded which will later serves as the loader of the backdoor. Hence, when the payload will be injected successfully, the backdoor will be installed in the computer.
Defense
In order to mitigate the cyber threat, you can take following measures:
- Secure all the possible entry points like malicious sites, spam, third-party components, etc. and be careful while dealing with the files from unknown sources.
- Always change passwords and reboot the device as it can avoid fileless attacks that doesn't show any persistence when the device is restarted.
- Make use of behavioral monitoring and analysis in order to block as well as detect any kind of malicious behaviors and routines that can be linked with the malware.
To know more about it, you can go through my detailed document by clicking here
Comments
Post a Comment