2022-02-04 - BazarLoader infection with Cobalt Strike

main>
1

Source: 2022-02-04 – BazarLoader infection with Cobalt Strike – cobaltstrike.net


2022-02-04 (FRIDAY) – BAZARLOADER INFECTION WITH COBALT STRIKE

ASSOCIATED FILES:

  • 2022-02-04-IOCs-for-BazarLoader-with-Cobalt-Strike.txt.zip 4.0 kB (3,957 bytes)
  • 2022-02-04-BazarLoader-infection-with-Cobalt-Strike.pcap.zip 5.8 MB (5,797,732 bytes)
  • 2022-02-04-BazarLoader-malware-samples.zip 764 kB (764,250 bytes)

    • NOTES:

  • All zip archives on this site are password-protected. If you don’t know the password, see the “about” page of this website.

    • IMAGES

    Shown above: Some of the zip archives and extracted HTA file associated with this infection chain.

    Shown above: One of the HTA files opened in a text editor.

    Shown above: Traffic from the infection filtered in Wireshark (part 1 of 2).

    Shown above: Traffic from the infection filtered in Wireshark (part 2 of 2).

    Start the discussion in our Community at forum.cobaltstrike.net.


    Source link