Pulse Detail — Threat Intelligence

PULSE NAME

CONTInuing the Bazar Ransomware Story

WHITE AlienVault 2021-11-29 Modified: 2021-12-29

IOCs

MEDIUM VOLUME

As part of a series of reports on cyber-attacks, we look back at some of the key events that have been reported in the past year and look at how the Bazar ransomware story unfolded.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1218.010 T1218.005 T1218.011 T1567.002 T1105 T1059.005 T1059.007 T1059.001 T1055 T1486 T1482 T1047 T1021.002 T1124 T1021.001 T1566.001 T1087.002 T1087.001 T1057 T1083 T1590.005

MALWARE FAMILIES

Bazar - S0534 Net - S0039 Nltest - S0359 cmd - S0106 Tasklist - S0057 Cobalt Strike - S0154 AdFind - S0552 Conti - S0575

Indicators of Compromise (13 / 44 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 YARA domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA256	01a9549c015cfcbff4a830cea7df6386dc5474fd433f15a6944b834551a2b4c9	—	2021-11-29
FileHash-SHA256	09d7fcbf95e66b242ff5d7bc76e4d2c912462c8c344cb2b90070a38d27aaef53	SHA256 of ea031940b2120551a6abbe125eb0536b9e4f14c8 SHA256 of ea031940b2120551a6abbe125eb0536b9e4f14c8	2021-11-29
FileHash-SHA256	14bccfecaaec8353e3e8f090ec1d3e9c87eb8ceb2a7abedfc47c3c980da8ad71	SHA256 of 5d4f020115a483e9e5aa9778c038466f9014c90c	2021-11-29
FileHash-SHA256	1872bf6c974e9b11040851f7d30e5326afdc8b13802891c222af4368a14f829c	—	2021-11-29
FileHash-SHA256	1edfae602f195d53b63707fe117e9c47e1925722533be43909a5d594e1ef63d3	—	2021-11-29
FileHash-SHA256	31656dcea4da01879e80dff59a1af60ca09c951fe5fc7e291be611c4eadd932a	—	2021-11-29
FileHash-SHA256	4a49cf7539f9fd5cc066dc493bf16598a38a75f7b656224db1ddd33005ad76f6	—	2021-11-29
FileHash-SHA256	6f844a6e903aa8e305e88ac0f60328c184f71a4bfbe93124981d6a4308b14610	—	2021-11-29
FileHash-SHA256	8f09c538fc587b882eecd9cfb869c363581c2c646d8c32a2f7c1ff3763dcb4e7	SHA256 of 33738cf695a6ac03675fe925d62ecb529ac73d03	2021-11-29
FileHash-SHA256	9b5d1f6a94ce122671a5956b2016e879428c74964174739b68397b6384f6ee8b	SHA256 of f88a948b0fd137d4b14cf5aec0c08066cb07e08d	2021-11-29
FileHash-SHA256	9cd3c0cff6f3ecb31c7d6bc531395ccfd374bcd257c3c463ac528703ae2b0219	—	2021-11-29
FileHash-SHA256	d4a0fe56316a2c45b9ba9ac1005363309a3edc7acf9e4df64d326a0ff273e80f	SHA256 of c5e2018bf7c0f314fed4fd7fe7e69fa2e648359e	2021-11-29
FileHash-SHA256	fb38061bf601001c45aafe8d0c5feaa22c607d2ff79cfb841788519ca55a17b4	SHA256 of 742ed8d0202aafba1c162537087a8a131cb85cde	2021-11-29

References (1)

↗ https://thedfirreport.com/2021/11/29/continuing-the-bazar-ransomware-story/