Bazarbackdoor

Malware updated 4 months ago (2024-05-04T19:19:47.280Z)

Download STIX

Preview STIX

BazarBackdoor is a type of malware developed by ITG23, first identified in April 2020. It is commonly distributed via contact forms on corporate websites, bypassing regular phishing emails, which makes it harder to detect. The malware is often associated with BazarLoader, both of which were used extensively by actors linked to the TrickBot network to infiltrate victim systems starting from early 2020. In February 2022, the Conti ransomware group took over the TrickBot operation and planned to replace it with BazarBackdoor. This transition came after several unsuccessful takedown attempts by the U.S. government. The Conti group enhanced the development of more advanced and stealthy malware such as BazarBackdoor and Anchor, with BazarBackdoor being employed for initial access to networks due to increased detection of TrickBot by anti-malware solutions. Before its dissolution in mid-2022, the Conti group launched a new subgroup called Karakurt. This subgroup focused on data extortion rather than crypto-locking files. It used the BazarLoader dropper to infect systems, install BazarBackdoor, and provide remote access to these systems to Karakurt. This allowed them to steal data and extort victims. The core team of TrickBot developers had created BazarBackdoor, a stealthier malware, to gain remote access into corporate networks and deploy ransomware.

Description last updated: 2024-05-04T16:48:49.805Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Bazarloader	2	BazarLoader is a form of malware that has been utilized extensively by ITG23, a cybercriminal group. This harmful software infiltrates systems via suspicious downloads, emails, or websites, potentially stealing personal information, disrupting operations, or holding data for ransom. ITG23 has used B

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
TrickBot	Unspecified	3	TrickBot is a notorious malware that has been used extensively by cybercriminals to exploit and damage computer systems. It operates as a crimeware-as-a-service platform, infecting systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can stea
Conti	Unspecified	3	Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was

Source Document References

Information about the Bazarbackdoor Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
MITRE	9 months ago	Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds
CERT-EU	9 months ago	TrickBot malware dev pleads guilty, faces 35 years in prison
CERT-EU	a year ago	US and UK sanction 11 TrickBot and Conti cybercrime gang members
CERT-EU	2 years ago	Russian Hacker Pleads Guilty to Money Laundering Linked to Ryuk Ransomware
BankInfoSecurity	a year ago	Stung by Free Decryptor, Ransomware Group Embraces Extortion
MITRE	2 years ago	Ransomware Activity Targeting the Healthcare and Public Health Sector \| CISA
Securityaffairs	2 years ago	US and UK sanctioned seven Russian members of Trickbot gang
MITRE	2 years ago	A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak
CERT-EU	a year ago	Cybersecurity threatscape: Q1 2022
MITRE	2 years ago	Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser \| Mandiant