2021-09-01 (WEDNESDAY) - TA551 (SHATHAK) BAZARLOADER TO TRICKBOT GTAG ZEV4
- 2021-09-01-TA551-BazarLoader-with-Trickbot-IOCs.txt.zip 6.8 kB (6,841 bytes)
- 2021-09-01-TA551-malspam-example.eml.zip 51.6 kB (51,589 bytes)
- 2021-09-01-TA551-BazarLoader-with-Trickbot.pcap.zip 5.0 MB (4,984,703 bytes)
- 2021-09-01-TA551-malware-BazarLoader-with-Trickbot.zip 3.6 MB (3,575,724 bytes)
- All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website.
Shown above: Screenshot from a TA551 email from Wednesday 2021-09-01.
Shown above: Retreiving Word doc from the password-protected zip attachment.
Shown above: Screenshot of the Word doc.
Shown above: HTA file and BazarLoader DLL seen after enabling macros.
Shown above: Traffic from an infected Windows host.
Shown above: Trickbot sent over Bazar C2 traffic.
Click here to return to the main page.