Track Common Adversary Tasks Performed Using Bazar

 







To know more about it, you can go through my detailed document by clicking here






Overview

Bazar has been in use since at least 2020 as a downloader and backdoor attacking the professional services, healthcare, manufacturing, IT, logistics, travel companies, etc. across the USA as well as Europe. It can also easily deploy the other malware or ransomware to steal the sensitive data via its TrickBot campaigns.

How Does It Works?

Just like every other backdoor, it spreads malware by using spearphishing emails disguised as customer complaints, payroll reports, employee termination lists, etc. containing the links to the Google Docs files. Now once the users click on the link, they will be redirected to a page stating that the said Word Document or Excel Spreadsheet or PDF cannot be viewed properly and they must click on another link to open it. After clicking it, the executable appearing in the form of icons or names related to the file will be downloaded which will later serves as the loader of the backdoor. Hence, when the payload will be injected successfully, the backdoor will be installed in the computer.

Defense

In order to mitigate the cyber threat, you can take following measures:

  • Secure all the possible entry points like malicious sites, spam, third-party components, etc. and be careful while dealing with the files from unknown sources.

  • Always change passwords and reboot the device as it can avoid fileless attacks that doesn't show any persistence when the device is restarted.

  • Make use of behavioral monitoring and analysis in order to block as well as detect any kind of malicious behaviors and routines that can be linked with the malware. 










To know more about it, you can go through my detailed document by clicking here










































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)