Macro bazar

What is Bazar Loader? Bazar Loader is a fileless attack that downloads through the backdoor allowing attackers to install additional malware, often used for ransomware attacks. Since its inception in April 2020, Bazar Loader has attacked a wide variety of organizations in North America and Europe. The common assumption is that Bazar Loader was developed by a group of hackers known as Trickbot. How Bazar Loader works: The delivery method and course of the attack In this post, we will give an example of a recent Bazar Loader attack that we captured and will analyze it, pointing out typical Bazar Loader modes of action. In this specific example, the attack was sent to an aviation company. However, similar attacks target diverse industries and organizations of different sizes and geographical locations. Bazar Loader typically exploits existing "email" correspondences. It would “reply” to a real email thread with malicious content while using social engineering tricks to look legitimate and lure the victim. In many cases, the text in the email subject line and body uses a sense of urgency and entices the victim to open the attachment without thinking. Here is an example: Usually, the file attached to the email is a ZIP file that requires a password. The password itself is indicated in the body of the email. From the attacker’s perspective, the reason for using a password-protected file is to make it harder for security solutions to scan the file. A human, on the other hand, can...

What is Bazar Loader? Bazar Loader is a fileless attack that downloads through the backdoor allowing attackers to install additional malware, often used for ransomware attacks. Since its inception in April 2020, Bazar Loader has attacked a wide variety of organizations in North America and Europe. The common assumption is that Bazar Loader was developed by a group of hackers known as Trickbot. How Bazar Loader works: The delivery method and course of the attack In this post, we will give an example of a recent Bazar Loader attack that we captured and will analyze it, pointing out typical Bazar Loader modes of action. In this specific example, the attack was sent to an aviation company. However, similar attacks target diverse industries and organizations of different sizes and geographical locations. Bazar Loader typically exploits existing "email" correspondences. It would “reply” to a real email thread with malicious content while using social engineering tricks to look legitimate and lure the victim. In many cases, the text in the email subject line and body uses a sense of urgency and entices the victim to open the attachment without thinking. Here is an example: Usually, the file attached to the email is a ZIP file that requires a password. The password itself is indicated in the body of the email. From the attacker’s perspective, the reason for using a password-protected file is to make it harder for security solutions to scan the file. A human, on the other hand, can...