ZLoader

GPTKB entity

Statements (50)
Predicate Object
gptkbp:instanceOf malware
gptkbp:abilities remote access
credential theft
web injection
keylogging
gptkbp:affiliatedWith cybercriminal groups
gptkbp:alsoKnownAs gptkb:Terdot
Zbot
gptkbp:area gptkb:Asia
gptkb:Europe
gptkb:North_America
gptkbp:commanded gptkb:HTTP
encrypted channels
gptkbp:detects gptkb:Kaspersky
gptkb:Symantec
gptkb:Microsoft_Defender
gptkbp:exploitedVulnerabilities malicious scripts
macro-enabled Office documents
Microsoft digital signature verification flaw (CVE-2013-3900)
gptkbp:firstAppearance 2016
https://www.w3.org/2000/01/rdf-schema#label ZLoader
gptkbp:lawEnforcementResponse takedown by Microsoft and partners in April 2022
gptkbp:notable_campaign Conti ransomware delivery
2020-2021 global attacks
Ryuk ransomware delivery
gptkbp:notableFeature modular architecture
persistence mechanisms
code obfuscation
anti-analysis techniques
gptkbp:platform gptkb:Windows
gptkbp:primaryUse delivering other malware
stealing banking credentials
gptkbp:relatedTo gptkb:Zeus_malware_family
gptkbp:repository not publicly available
gptkbp:spreadTo malicious websites
malicious email attachments
exploit kits
gptkbp:status active as of 2022
disrupted by law enforcement in 2022
gptkbp:usedFor gptkb:fraud
ransomware delivery
gptkbp:uses DLL injection
process hollowing
browser manipulation
malicious payload download
phishing techniques
gptkbp:usesMalware malware
gptkbp:writtenBy gptkb:C++
gptkbp:bfsParent gptkb:Terdot
gptkbp:bfsLayer 7