Thursday, January 20, 2022

CONTInuing the Bazar Ransomware Story

In this report we will discuss a case from early August where we witnessed threat actors utilizing BazarLoader and Cobalt Strike to accomplish their mission of encrypting systems with Conti ransomware.

The normal list of discovery tools were used during this case such as AdFind, Net, Ping, PowerView, and Nltest. Rclone was used to exfiltrate company data to Mega and Process Hacker was used to dump LSASS. The threat actors executed a Conti batch file on a server which then encrypted most of the …

Read More

Latest news
Related news