Bazaloader

Malware updated 3 months ago (2024-06-04T18:17:38.117Z)
Download STIX
Preview STIX
BazaLoader is a type of malware, malicious software designed to infiltrate and damage computer systems, often without the user's knowledge. It is typically distributed through suspicious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operations, or hold data hostage for ransom. BazaLoader was notably used in phishing campaigns that tricked unsuspecting users into phoning the attacker, who then guided them into downloading the malware. This malware would subsequently retrieve and install a remote monitoring and management (RMM) tool onto the user’s device. Several threat actors known for using BazaLoader in their malware campaigns have transitioned to a new malware loader called Bumblebee. This transition was observed by Proofpoint, with BazaLoader last appearing in their data in February 2022. At least three tracked threat actors that previously distributed BazaLoader have shifted to Bumblebee payloads. Additionally, TA578, a threat actor that has previously used email to deliver malware such as Ursnif, BazaLoader, and IcedID, is among those monitored. In response to the increasing threat from malware like BazaLoader, tech giants took steps to prevent these harmful programs' delivery. In February 2022, Microsoft disabled a vector frequently weaponized by threat actors to deliver malware, including Emotet, TrickBot, and BazaLoader. Despite these efforts, some groups continue to subtly use BazaLoader, as observed in the case of Lockbit, which also uses leaked Conti code. The connection between these groups prompted further analysis, confirming links with Conti, TrickBot, and BazaLoader.
Description last updated: 2024-06-04T17:18:32.810Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
ContiUnspecified
2
Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was
IcedIDUnspecified
2
IcedID is a malicious software (malware) that has been linked to various cybercrime operations. The malware can infiltrate systems via suspicious downloads, emails, or websites and proceed to steal personal information, disrupt operations, or hold data for ransom. IcedID has been associated with oth
Source Document References
Information about the Bazaloader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
9 months ago
New phishing attack steals your Instagram backup codes to bypass 2FA
Pulsedive
3 months ago
Pulsedive Blog | Latrodectus Threat Research
CERT-EU
8 months ago
MSIX App Installer Disabled Amid Microsoft Malware Attacks
CERT-EU
9 months ago
Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
a year ago
New LockBit variant targets MacOS, another relies on Conti source code
CERT-EU
a year ago
Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks | Microsoft Security Blog
InfoSecurity-magazine
a year ago
MFA Bypass Kits Account For One Million Monthly Messages
MITRE
2 years ago
Diavol Ransomware
MITRE
2 years ago
This isn't Optimus Prime's Bumblebee but it's Still Transforming | Proofpoint US