add BazarBackdoor

clusters/backdoor.json

@@ -128,7 +128,18 @@
       },
       "uuid": "e663ac1b-9474-4f9a-b0c8-184861327dd7",
       "value": "Mori Backdoor"
+    },
+    {
+      "description": "Something that made the brute-force attacks on RDP connections easier was a new module of the notorious Trojan, TrickBot. It now seems that the TrickBot developers have a new tactic. Cybersecurity researchers have discovered a new phishing campaign that delivers a stealthy backdoor called BazarBackdoor, which can be used to compromise and gain full access to corporate networks.\nAs is the case with 91% of cyberattacks, this one starts with a phishing email. A range of subjects are used to personalize the emails: Customer complaints, coronavirus-themed payroll reports, or employee termination lists. All these emails contain links to documents hosted on Google Docs. To send the malicious emails, the cybercriminals use the marketing platform Sendgrid.\nThis campaign uses spear phishing, which means that the perpetrators have made an effort to ensure that the websites sent in the emails seem legitimate and correspond to the emails subjects.",
+      "meta": {
+        "refs": [
+          "https://www.advanced-intel.com/post/anatomy-of-attack-inside-bazarbackdoor-to-ryuk-ransomware-one-group-via-cobalt-strike",
+          "https://www.pandasecurity.com/en/mediacenter/business/bazarbackdoor-trickbot-backdoor/"
+        ]
+      },
+      "uuid": "1523a693-5d90-4da1-86d2-b5d22317820d",
+      "value": "BazarBackdoor"
     }
   ],
-  "version": 9
+  "version": 10
 }