BazarCall
Bazarcall is described as a Conti-linked collective that emerged in the context of Conti’s broader cybercrime syndicate and subsequent fragmentation. The content states that after the Conti brand shut down, members split into smaller cells and infiltrated or took over other operations, including the Bazarcall collective. It is specifically cited as an example of a Conti-linked group focused on data exfiltration rather than encryption. The content also characterizes Conti as a Russian-based ransomware operation active from 2020 (replacing Ryuk) that evolved into a wider syndicate tied to multiple malware operations (including TrickBot and BazarBackdoor), with members dispersing into other ransomware groups.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Tradecraft
2 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Named as a social-engineering/cybercrime collective that former Conti members allegedly infiltrated or took over.
Described as a collective focused on data exfiltration rather than encryption, mentioned in the context of Conti members splintering into other groups.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.