TrickBot gang operators are increasingly targeting high-value targets with the new stealthy Bazar loader trojan. BazarBackdoor uses the BazarLoader/Bazar loader infection in phishing attacks. TrickBot has been using their trojan to compromise enterprise networks for years. The Bazarloader compromise starts with a targeted phishing attack, as shown by a phishing email received by BleepingComputer in April. The attack leads to threat actors deploying Ryuk ransomware on the entire network and demand massive ransoms.
Source: https://www.bleepingcomputer.com/news/security/bazarloader-used-to-deploy-ryuk-ransomware-on-high-value-targets/