Source: 2022-02-04 – BazarLoader infection with Cobalt Strike – cobaltstrike.net
2022-02-04 (FRIDAY) – BAZARLOADER INFECTION WITH COBALT STRIKE
Shown above: Some of the zip archives and extracted HTA file associated with this infection chain.
Shown above: One of the HTA files opened in a text editor.
Shown above: Traffic from the infection filtered in Wireshark (part 1 of 2).
Shown above: Traffic from the infection filtered in Wireshark (part 2 of 2).
Start the discussion in our Community at forum.cobaltstrike.net.