← Back to Pulse Feed
PULSE DETAIL
In July, Thedfirreport observed an intrusion that started from a BazarLoader infection and lasted approximately three days. The threat actor’s main priority was to map the domain network, while looking for interesting data to exfiltrate. Their preferred method of operation was through GUI applications such as RDP and AnyDesk.
Historically, BazarLoader was used to deploy Ryuk, as they reported on many occasions. In one of their latest reports, they saw BazarLoader result in the deployment of Conti ransomware.
MITRE ATT&CK & Malware Families
Indicators of Compromise (15 / 41 total)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 16eb5134181c482824cd5814c0efd636 | — | 2021-10-04 | |
| FileHash-MD5 | 17b461a082950fc6332228572138b80c | — | 2021-10-04 | |
| FileHash-MD5 | 1e788b5d1ff62688cfe5d2ef7832712a | — | 2021-10-04 | |
| FileHash-MD5 | 1fd930064b81e7c96eedb985ca2a0d97 | MD5 of fb49dce92f9a028a1da3045f705a574f3c1997fe947e2c69699b17f07e5a552b | 2021-10-04 | |
| FileHash-MD5 | 742844254840eff409535494ae3ec338 | — | 2021-10-04 | |
| FileHash-MD5 | 9b02dd2a1a15e94922be3f85129083ac | MD5 of b1102ed4bca6dae6f2f498ade2f73f76af527fa803f0e0b46e100d4cf5150682 | 2021-10-04 | |
| FileHash-MD5 | 9ea3a4b4bf64aeaefb60ada634f7fb43 | — | 2021-10-04 | |
| FileHash-MD5 | a0e9f5d64349fb13191bc781f81f42e1 | — | 2021-10-04 | |
| FileHash-MD5 | ae4edc6faf64d08308082ad26be60767 | — | 2021-10-04 | |
| FileHash-MD5 | c91bde19008eefabce276152ccd51457 | — | 2021-10-04 | |
| FileHash-MD5 | d2bb4366b7018e0ed3e7f752fc312371 | — | 2021-10-04 | |
| FileHash-MD5 | d46c3b4e37ba8b21a79a63fbf69c6411 | — | 2021-10-04 | |
| FileHash-MD5 | d6b773f8b88be82d4de015edbf0cc2fa | — | 2021-10-04 | |
| FileHash-MD5 | e35df3e00ca4ef31d42b34bebaa2f86e | — | 2021-10-04 | |
| FileHash-MD5 | fede0607e830aa1add8deda3d59d9a77 | — | 2021-10-04 |