Bazar Loader

Detected loader normally used to deploy BazarBackdoor malware.

Suspicious use of NtCreateUserProcessOtherParentProcess

suricata: ET MALWARE BazaLoader Activity (GET)

suricata: ET MALWARE BazaLoader Activity (GET)

suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

Bazar/Team9 Loader payload

Blocklisted process makes network request

Tries to connect to .bazar domain

Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.