The Threat CodexDec 11, 2024
Inside Zloader’s Latest Trick: DNS Tunneling
#Zloader
https://www.zscaler.com/blogs/security-research/inside-zloader-s-latest-trick-dns-tunneling
Inside Zloader’s Latest Trick: DNS Tunneling

Discover how Zloader 2.9.4.0 implemented a custom DNS tunneling protocol combined with TLS encryption to evade network detection.

The Threat CodexMay 3, 2024
Zloader Learns Old Tricks
#Zloader
https://www.zscaler.com/blogs/security-research/zloader-learns-old-tricks
Zloader Learns Old Tricks

Technical Analysis | Zloader revives an old ZeuS-inspired anti-analysis feature, implementing unique execution restrictions.

securityaffairsMay 3, 2024
#ZLoader #Malware adds #Zeus's anti-analysis feature
https://securityaffairs.com/162688/cyber-crime/zloader-malware-anti-analysis-feature.html
#securityaffairs #hacking
ZLoader Malware adds Zeus's anti-analysis feature

Zloader continues to evolve, its authors added an anti-analysis feature that was originally present in the Zeus banking trojan.

Security Affairs
Anonymous 🐈️🐾☕🍵🏴🇵🇸 May 3, 2024

#ZLoader, a dangerous #malware, has resurfaced with an enhanced anti-analysis feature that prevents it from running on any machine other than the one initially infected.

https://thehackernews.com/2024/05/zloader-malware-evolves-with-anti.html

#cybersecurity #hacking

ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan

ZLoader modular malware trojan has resurfaced with anti-analysis feature that prevents execution on machines different from the original infection.

The Hacker News
🛡 [email protected]/:~# Jan 30, 2024

"🚨 New ZLoader Malware Resurgence: 64-bit Windows Under Threat 🚨"

The cybersecurity community is on alert as ZLoader malware resurfaces with a new variant targeting 64-bit Windows systems. Developed since September 2023, this version presents substantial loader module upgrades, including RSA encryption and an updated domain generation algorithm. Originally an offshoot of the Zeus banking trojan, ZLoader is now a sophisticated loader for various payloads, including ransomware. Despite previous setbacks by Microsoft's Digital Crimes Unit, ZLoader's comeback is marked by increased stealth and complexity, posing a significant threat for future ransomware attacks.

Source: The Hacker News

Tags: #ZLoader #Malware #Cybersecurity #Windows64bit #RSAEncryption #Ransomware #CyberThreat 🌍💻🔐👾

New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility

ZLoader malware resurfaces after 2 years, targeting Windows systems with ransomware.

The Hacker News
ITSEC NewsApr 18, 2022
Conti’s Ransomware Toll on the Healthcare Industry - Conti — one of the most ruthless and successful Russian ransomware groups — public... https://krebsonsecurity.com/2022/04/contis-ransomware-toll-on-the-healthcare-industry/ #healthcareinformationandmanagementsystemssociety #u.s.cybersecurity&infrastructuresecurityagency #healthinformationsharing&analysiscenter #neer-do-wellnews #alittlesunshine #ransomware #errolweiss #proofpoint #microsoft #emsisoft #zloader #emotet #h-isac
Conti’s Ransomware Toll on the Healthcare Industry – Krebs on Security

dispatchApr 18, 2022
Conti’s Ransomware Toll on the Healthcare Industry https://krebsonsecurity.com/2022/04/contis-ransomware-toll-on-the-healthcare-industry/ #HealthcareInformationandManagementSystemsSociety #U.S.Cybersecurity&InfrastructureSecurityAgency #HealthInformationSharing&AnalysisCenter #Ne'er-Do-WellNews #ALittleSunshine #Ransomware #ErrolWeiss #proofpoint #microsoft #Emsisoft #Zloader #Emotet #H-ISAC #sophos #Conti #Ryuk #fbi
Conti’s Ransomware Toll on the Healthcare Industry – Krebs on Security

heise online (inoffiziell)Apr 16, 2022
Beim Botnetz ZLoader hat es sich erstmal ausgebottet: 65 der Kontroll-Domains werden jetzt von Microsoft betrieben.
Kein "Malware as a Service" mehr: Microsoft demoliert ZLoader-Botnetz
Kein "Malware as a Service" mehr: Microsoft demoliert ZLoader-Botnetz

Beim Botnetz ZLoader hat es sich erstmal ausgebottet: 65 der Kontroll-Domains werden jetzt von Microsoft betrieben.

heise online
Tarnkappe.infoJul 10, 2021
📬Zloader nutzt neue Infektionstechnik um Entdeckung zu entgehen📬 https://tarnkappe.info/zloader-nutzt-neue-infektionstechnik-um-entdeckung-zu-entgehen/ #Malware-undPhishing-Mails #Artikel #Malware #Zloader #McAfee
Zloader nutzt neue Infektionstechnik um Entdeckung zu entgehen

Zloader kombiniert ein Word und ein Excel Dokument mit Makros, bei dem der eigentliche Schadcode erst nachträglich heruntergeladen wird.

Tarnkappe.info
Recap Time Squad (moved btw)May 16, 2021

RT @[email protected]

[Breaking Blog]🆕 "From Dawn to "Silent Night": "#DarkSide #Ransomware" Initial Attack Vector Evolution" | Microsoft Exchange
🔥Alliance with #Zloader aka “Silent Night” botnet group

Confirmed:
⭐️Zloader Sub-Botnet ➡️ Cobalt Strike ➡️ DarkSide Ransomware
https://www.advanced-intel.com/post/from-dawn-to-silent-night-darkside-ransomware-initial-attack-vector-evolution

🐦🔗: https://twitter.com/VK_Intel/status/1393291921729236995

From Dawn to "Silent Night": "DarkSide Ransomware" Initial Attack Vector Evolution

Disclaimer: This is a redacted excerpt of the report published by the subject matter expert team at Advanced Intelligence for the flagship product “Andariel”. DarkSide's affiliate group ascension to the top of the cybercrime food chain was determined by DarkSide's ability to build its initial attack arsenal, which included RDPs, infrastructural vulnerabilities, and, most importantly, a liaison with the Zloader aka "Silent Night" botnet sub-group operation. DarkSide positioned itself as a unique