BazarBackdoor is the latest tools in the TrickBot
arsenal. Malware authors continues to use the COVID-19
theme to bait victims with corona virus related help or information and make the clicking and installing there malicious code. Its name Bazar come from the fact it uses Blockchain DNS bazar domain. It spread via phishing email send using SendGrid. Email Sample
Email contains a Google Docs Document which contains a link that download a executable that has either an icon of a Microsoft Word Document of Adobe PDF.
TrickBot BazarBackdoor Signatures
TrickBot BazarBackdoor Download