{ "name": "Zloader Learns Old Tricks", "slug": "zloader-learns-old-tricks", "description": "Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines that differ from the original infection. This anti-analysis technique was present in the original ZeuS 2.X code but implemented differently.", "published": "2024-04-30T12:41:41+00:00", "created_at": "2024-04-30T12:41:41+00:00", "modified_at": "2024-05-01T21:09:42+00:00", "created_at_opencti": "2024-04-30T12:41:41+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "anti-analysis", "python", "windows registry", "zeus", "zloader" ], "related_entities": { "observables": [ { "id": "", "name": "gycltda.cl" }, { "id": "", "name": "citscale.com" }, { "id": "", "name": "adslsdfdsfmo.world" }, { "id": "", "name": "eingangfurkunden.digital" }, { "id": "", "name": "cba9578875a3e222d502bb6a85898939bb9e8e247d30fcc0d44d83a64919f448" }, { "id": "", "name": "b1a6bf93d4ee659db03e51a3765d4d3c2ee3f1b56bd9b701ab5939d63f57d9ee" }, { "id": "", "name": "85b1a980eb8ced59f87cb5dd7702e15d6ca38441c4848698d140ffd37d2b55e6" }, { "id": "", "name": "85962530c71cd31c102853d64a8829f93b63bd1406bdec537b9d8c200f8f0bcc" } ], "malware": [ { "id": "legacy:malware:b8695e8f1cacd1a8", "name": "Zloader", "slug": "zloader" } ], "intrusion_sets": [ { "id": "2658adfd-9d77-4f9c-9186-45ed3909932c", "name": "Zloader", "slug": "zloader" } ], "attack_patterns": [ { "id": "d9a3095c-e3cc-40ab-bea5-649bf0ba0756", "name": "T1050" }, { "id": "cc9a1424-474f-468a-bdbe-21802217f1ff", "name": "T1139" }, { "id": "b15c00da-c412-4429-900c-659de612baf5", "name": "T1543.003" }, { "id": "7d79c881-912a-4747-8317-48ae3e53899a", "name": "T1542" }, { "id": "ecaaa4cc-d487-4002-bcb2-f769acfcc38f", "name": "T1490" }, { "id": "5e7cb3d2-6a97-48b2-bdd2-f11eee10f6dc", "name": "T1137" }, { "id": "9e784d22-5a6c-4da6-968a-5fab2f019efd", "name": "T1059.005" }, { "id": "e1b18ecf-d74e-4fe6-9bd4-ca6a62e7d818", "name": "T1027.002" }, { "id": "6b2e0999-c7e8-4662-94ac-19aa8520ee46", "name": "T1059.003" }, { "id": "32b33067-6566-4b8d-be80-e96f765d84de", "name": "T1059.001" }, { "id": "a2ba5594-6293-4868-928c-ab4b31927a02", "name": "T1572" }, { "id": "00430919-9257-403b-8a1b-958d4c3613aa", "name": "T1557" }, { "id": "32817170-4c07-427e-b8a5-80a733ae2550", "name": "T1497" }, { "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571", "name": "T1105" }, { "id": "af9ed2e3-4663-4723-beab-c606ddc312e0", "name": "T1543" }, { "id": "c3af9fd7-d307-4df4-9220-cc627938fb85", "name": "T1055" }, { "id": "0c836307-129e-4ff7-a532-180c633cacba", "name": "T1027" }, { "id": "bb20a9e1-f4f6-459d-94f4-470c6867dc2d", "name": "T1053" }, { "id": "fcd96dc0-500e-4354-bd97-5c65718a9004", "name": "T1562" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ] }, "external_refs": [ "https://www.zscaler.com/blogs/security-research/zloader-learns-old-tricks", "https://otx.alienvault.com/pulse/66310325d40474f335fa82f6" ] }