Mastodawn

𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲 Apr 15, 2023

#BazarLoader / #BazarBackdoor also uses the BackConnect protocol do deploy reverse VNC. This screenshot is from @malware_traffic's 2021-11-05 Bazar PCAP. The #BackConnect server was running on 87.120.8.190:9090

Teddy / Domingo (🇨🇵/🇬🇧)Feb 21, 2022

Is Conti Behind the #TrickBot Operation ? As #TrickBot became easily detectable by #antivirus, the attacker started using its new tool #BazarBackdoor, which is developed specifically for targeting high-value targets stealthily to obtain initial access to #networks.
https://cyware.com/news/is-conti-behind-the-trickbot-operation-d6f75b92/?&web_view=true
#security #malware #backdoor

Is Conti Behind the TrickBot Operation?

The operators of the TrickBot trojan appear to have collaborated with the creators of the Conti ransomware. Experts believe it was due to the aftereffect of recent crackdowns.

Cyware

Günter Born Feb 2, 2022

#CSV-Dateien enthalten nur Daten als Text und können risikolos in Microsoft #Excel importiert werden. Richtig? Falsch, eine Phishing-Kampagne nutzt CSV-Dateien, um die von der Trickbot-Gruppe benutzte #BazarBackdoor zu installieren. #Sicherheit

https://www.borncity.com/blog/2022/02/02/schdliche-csv-dateien-knnen-bazarbackdoor-installieren/

Schädliche CSV-Dateien können BazarBackdoor installieren

[English]Cyber-Kriminelle haben einen Weg gefunden, textbasierende CSV-Dateien zu missbrauchen, um auf Systemen der Opfer die BazarBackdoor-Malware zu installieren. Sicherheitsforscher sind wohl bei der Überwachung einer Phishing-Kampagne auf diesen Sachverhalt gestoßen. Verantwortlich ist die Mögli

Borns IT- und Windows-Blog

Teddy / Domingo (🇨🇵/🇬🇧)Feb 11, 2021

#TrickBot's stealthy #BazarBackdoor #malware has been rewritten in the #Nim programming language, likely to evade detection by #security #software.
https://www.bleepingcomputer.com/news/security/trickbots-bazarbackdoor-malware-is-now-coded-in-nim-to-evade-antivirus/?&web_view=true