SYMBOLCOMMON_NAMEaka. SYNONYMS
win.bazarnimrod (Back to overview)

BazarNimrod

aka: NimzaLoader

A rewrite of Bazarloader in the Nim programming language.

References
2021-07-27BlackberryBlackBerry Research & Intelligence Team
@techreport{team:20210727:old:3060d53, author = {BlackBerry Research & Intelligence Team}, title = {{Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages}}, date = {2021-07-27}, institution = {Blackberry}, url = {https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-old-dogs-new-tricks.pdf}, language = {English}, urldate = {2021-07-27} } Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages
elf.wellmess ElectroRAT BazarNimrod Buer Cobalt Strike Remcos Snake TeleBot WellMess Zebrocy
2021-06-01CiscoJosh Pyorre
@online{pyorre:20210601:backdoors:577a28b, author = {Josh Pyorre}, title = {{Backdoors, RATs, Loaders evasion techniques}}, date = {2021-06-01}, organization = {Cisco}, url = {https://umbrella.cisco.com/blog/cybersecurity-threat-spotlight-backdoors-rats-loaders-evasion-techniques}, language = {English}, urldate = {2021-06-24} } Backdoors, RATs, Loaders evasion techniques
BazarNimrod GoldMax Oblique RAT
2021-03-12HealthcareInfoSecurityPrajeet Nair
@online{nair:20210312:spearphishing:6df60be, author = {Prajeet Nair}, title = {{Spear-Phishing Campaign Distributes Nim-Based Malware}}, date = {2021-03-12}, organization = {HealthcareInfoSecurity}, url = {https://www.healthcareinfosecurity.com/spear-phishing-campaign-distributes-nim-based-malware-a-16176}, language = {English}, urldate = {2021-06-29} } Spear-Phishing Campaign Distributes Nim-Based Malware
BazarNimrod
2021-03-10ProofpointDennis Schwarz, Matthew Mesa, Proofpoint Threat Research Team
@online{schwarz:20210310:nimzaloader:f6960d4, author = {Dennis Schwarz and Matthew Mesa and Proofpoint Threat Research Team}, title = {{NimzaLoader: TA800’s New Initial Access Malware}}, date = {2021-03-10}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware}, language = {English}, urldate = {2021-03-12} } NimzaLoader: TA800’s New Initial Access Malware
BazarNimrod Cobalt Strike
2021-03-01Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20210301:investigation:a7851d5, author = {Joshua Platt and Jason Reaves}, title = {{Investigation into the state of Nim malware}}, date = {2021-03-01}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/investigation-into-the-state-of-nim-malware-14cc543af811}, language = {English}, urldate = {2021-03-04} } Investigation into the state of Nim malware
BazarNimrod Cobalt Strike
2021-03-01Medium walmartglobaltechJoshua Platt, Jason Reaves
@online{platt:20210301:nimar:c26af08, author = {Joshua Platt and Jason Reaves}, title = {{Nimar Loader}}, date = {2021-03-01}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/nimar-loader-4f61c090c49e}, language = {English}, urldate = {2021-03-04} } Nimar Loader
BazarBackdoor BazarNimrod Cobalt Strike
2021-02-03Twitter (@James_inthe_box)James_inthe_box
@online{jamesinthebox:20210203:tiwtter:34b6440, author = {James_inthe_box}, title = {{Tiwtter thread on Nim rewrite of Bazarloader}}, date = {2021-02-03}, organization = {Twitter (@James_inthe_box)}, url = {https://twitter.com/James_inthe_box/status/1357009652857196546}, language = {English}, urldate = {2021-02-17} } Tiwtter thread on Nim rewrite of Bazarloader
BazarNimrod

There is no Yara-Signature yet.