Statements (50)
Predicate | Object |
---|---|
gptkbp:instanceOf |
malware
|
gptkbp:abilities |
remote access
credential theft web injection keylogging |
gptkbp:affiliatedWith |
cybercriminal groups
|
gptkbp:alsoKnownAs |
gptkb:Terdot
Zbot |
gptkbp:area |
gptkb:Asia
gptkb:Europe gptkb:North_America |
gptkbp:commanded |
gptkb:HTTP
encrypted channels |
gptkbp:detects |
gptkb:Kaspersky
gptkb:Symantec gptkb:Microsoft_Defender |
gptkbp:exploitedVulnerabilities |
malicious scripts
macro-enabled Office documents Microsoft digital signature verification flaw (CVE-2013-3900) |
gptkbp:firstAppearance |
2016
|
https://www.w3.org/2000/01/rdf-schema#label |
ZLoader
|
gptkbp:lawEnforcementResponse |
takedown by Microsoft and partners in April 2022
|
gptkbp:notable_campaign |
Conti ransomware delivery
2020-2021 global attacks Ryuk ransomware delivery |
gptkbp:notableFeature |
modular architecture
persistence mechanisms code obfuscation anti-analysis techniques |
gptkbp:platform |
gptkb:Windows
|
gptkbp:primaryUse |
delivering other malware
stealing banking credentials |
gptkbp:relatedTo |
gptkb:Zeus_malware_family
|
gptkbp:repository |
not publicly available
|
gptkbp:spreadTo |
malicious websites
malicious email attachments exploit kits |
gptkbp:status |
active as of 2022
disrupted by law enforcement in 2022 |
gptkbp:usedFor |
gptkb:fraud
ransomware delivery |
gptkbp:uses |
DLL injection
process hollowing browser manipulation malicious payload download phishing techniques |
gptkbp:usesMalware |
malware
|
gptkbp:writtenBy |
gptkb:C++
|
gptkbp:bfsParent |
gptkb:Terdot
|
gptkbp:bfsLayer |
7
|