New Trickbot and BazarLoader delivery vectors
Tags
cmtmf-attack-pattern: Obfuscated Files Or Information
maec-delivery-vectors: Watering Hole
attack-pattern: Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Drive-By Compromise - T1456 Gather Victim Network Information - T1590 Hide Artifacts - T1628 Hide Artifacts - T1564 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Mshta - T1218.005 Powershell - T1059.001 Deobfuscate/Decode Files Or Information - T1140 Drive-By Compromise - T1189 Mshta - T1170 Obfuscated Files Or Information - T1027 Powershell - T1086 Scripting - T1064 System Information Discovery - T1082 Drive-By Compromise Scripting
Show in Graph
Common Information
Type Value
UUID 3253978a-fc99-44b7-9afc-963236d301f2
Fingerprint 2c253b5820f68ff1
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 8, 2021, midnight
Added to db Sept. 11, 2022, 12:30 p.m.
Last updated Nov. 18, 2024, 5:20 p.m.
Headline New Trickbot and BazarLoader campaigns use multiple delivery vectors
Title New Trickbot and BazarLoader delivery vectors
Detected Hints/Tags/Attributes 64/3/38
Source URLs
Redirection Url
Details Source https://www.zscaler.com/blogs/security-research/new-trickbot-and-bazarloader-campaigns-use-multiple-delivery-vectors
URL Provider
Details Provider Source level domain
Details zscaler.com www.zscaler.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
jolantagraban.pl
Details Domain 1 
blomsterhuset-villaflora.dk
Details Domain 1 
d15k2d11r6t6rl.cloudfront.net
Details Domain 1 
glareestradad.com
Details Domain 1 
francopublicg.com
Details File 2130 
cmd.exe
Details File 1212 
powershell.exe
Details File 379 
wscript.exe
Details File 1 
readytunes.png
Details File 1 
application1_form.pdf
Details File 3 
support.exe
Details File 457 
mshta.exe
Details File 1 
100.js
Details File 1 
4821.js
Details File 1 
4014.js
Details File 1 
7776.js
Details File 1 
7770.js
Details File 1 
68.js
Details File 1 
a087650f65f087341d07ea07aa89531624ad8c1671bc17751d3986e503bfb76.bin
Details File 1 
sample.gz
Details File 1 
jolantagraban.pl
Details File 1 
assistant.php
Details md5 1 
5B606A5495A55F2BD8559778A620F21B
Details md5 1 
B79AA1E30CD460B573114793CABDAFEB
Details md5 1 
AB0BC0DDAB99FD245C8808D2984541FB
Details md5 1 
192D054C18EB592E85EBF6DE4334FA4D
Details md5 1 
21064644ED167754CF3B0C853C056F54
Details md5 1 
3B71E166590CD12D6254F7F8BB497F5A
Details md5 1 
BA89D7FC5C4A30868EA060D526DBCF56
Details md5 1 
C7298C4B0AF3279942B2FF630999E746
Details md5 1 
3F06A786F1D4EA3402A3A23E61279931
Details IPv4 1 
45.148.121.227
Details MITRE ATT&CK Techniques 1 
T5190
Details MITRE ATT&CK Techniques 183 
T1189
Details MITRE ATT&CK Techniques 1008 
T1082
Details MITRE ATT&CK Techniques 505 
T1140
Details MITRE ATT&CK Techniques 107 
T1564
Details MITRE ATT&CK Techniques 630 
T1027