2021-06-21 (MONDAY) - BAZARCALL (BAZACALL) CAMPAIGN PUSHES BAZARLOADER (BAZALOADER)

ASSOCIATED FILES:

NOTES:

 

IMAGES


Shown above:  Fake website used to distribute malicious Excel spreadsheet.

 


Shown above:  Page to use a subscription number from a malicious email to "sign in" to the site.

 


Shown above:  "Cancelling" the subscription will return a malicious spreadsheet.

 


Shown above:  Screenshot of the malicious spreadsheet.

 


Shown above:  Traffic from the infection filtered in Wireshark.

 

Click here to return to the main page.