Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Case Study: Credit Union Boosts Threat Prevention & Detection with Cymulate
Learn More
New Research: Cymulate Research Labs Discovers Token Validation Flaw
Learn More
An Inside Look at the Technology Behind Cymulate
Learn More
Book a Demo
Book a Demo

Stolen Images Evidence Campaign Continues Pushing BazarLoader Malware

September 14, 2021

Downloaded zip archives The downloaded zip archives are always named Stolen Images Evidence.zip. They contain a JavaScript file named Stolen Images Evidence.js. BazarLoader from the JS file. If a victim double-clicks the extracted JavaScript file on a vulnerable Windows host, it retrieves and runs a DLL for BazarLoader malware. The DLL is saved to the infected user's AppDataLocalTemp directory with a .dat file extension.

Featured Resources

View More Resources
cymulate press release
CUSTOMERS

Credit Union Boosts Threat Prevention & Detection with Cymulate

Learn how a credit union automated live-data exercises to validate exposure, improve threat readiness, and streamline SecOps.

Read Case Study
image
blog

Validating Cloud Threat Detection with Wiz Defend and Cymulate

Cymulate-Wiz integration enables proven cloud threat detection by simulating real attacks and verifying Wiz Defend.

Read More
image
blog

Kerberos Authentication Relay Via CNAME Abuse 

A breakdown of Kerberos authentication relay using CNAME abuse and mitigation considerations.

Read More