![]() ![]() ![]() BazarLoader is a member of the Bazar family - a family of malware (including both BazarLoader and BazarBackdoor) with strong ties to the Trickbot malware, the Anchor malware family, and Conti ransomware. These ISO files contained a Windows shortcut LNK file and a BazarLoader Dynamic Link Library (i.e, DLL). Before March 2022, Google’s TAG observed Exotic Lily leveraging sophisticated impersonation techniques to trick employees of targeted organisations into downloading ISO disc image files from legitimate file storage services such as WeTransfer. In March 2022, Google’s Threat Analysis Group (TAG) provided details of the activities of an Initial Access Broker (IAB) group dubbed ‘Exotic Lily’. In this article, we will provide details of the actions threat actors took during their intrusions, as well as details of the network-based behaviours which served as evidence of the actors’ activities. The threat actors then leveraged Cobalt Strike Beacon to conduct network reconnaissance, obtain account password data, and write malicious payloads across the network. Throughout April 2022, Darktrace observed several cases in which threat actors used the loader known as ‘BumbleBee’ to install Cobalt Strike Beacon onto victim systems. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |