Since April 2020, the Cybereason Nocturnus Team has been investigating the emergence of the Bazar malware, a loader and backdoor used to collect data about the infected machine and to deploy additional malware.
The researchers are now observing multiple TrickBot gang attack operations featuring more new variants of the Bazar Loader for reconnaissance activity and deploying a CobaltStrike payload (IOCs here)
In research released in July 2020, the researchers showed how the Bazar malware is sent via phishing emails that take advantage of the ongoing coronavirus pandemic, employee payroll reports, and customer complaints.
The Bazar malware appears to have strong ties to Trickbot campaigns resembling those seen in the Trickbot-Anchor collaboration from December 2019.
Consider social engineering awareness and training, which are key in preventing such attacks.
Periodically proactively hunt in your environment for potential attacks on sensitive assets.
We highly recommend every customer enable the following features: