Wednesday, October 27, 2021

BazarCall to Conti Ransomware via Trickbot and Cobalt Strike

Intro

This report will go through an intrusion that went from an Excel file to domain wide ransomware. The threat actors used BazarCall to install Trickbot in the environment which downloaded and executed a Cobalt Strike Beacon. From there the threat actor discovered the internal network before moving laterally to a domain controller for additional discovery. A couple days later, the threat actors came back and executed Conti ransomware across the domain.

Unfamiliar with BazaCall/BazarCall? Re…

Read More

Latest news
Related news