| Attribute | Details |
|---|---|
| Threat Actors | Unknown group, associated with Black Basta ransomware |
| Campaign Overview | Ongoing ZLoader malware updates, version 2.9.4.0 focused on evading detection |
| Target Regions | Not specified, but linked to ransomware attacks globally |
| Methodology | C2 communications via DNS tunneling, interactive shell, deployment of next-stage payloads |
| Product Targeted | Initial access to ransomware deployment, remote desktop infrastructure |
| Malware Reference | ZLoader 2.9.4.0, also known as Terdot, DELoader, Silent Night |
| Tools Used | DNS tunneling, remote desktop tools, GhostSocks, interactive shell |
| Vulnerabilities Exploited | DNS tunneling, environment checks, API import resolution algorithms, TLS network traffic |
| TTPs | Anti-analysis techniques, environment checks, data exfiltration, process termination |
| Attribution | Linked to groups deploying Black Basta ransomware, associated with advanced evasion techniques |
| Recommendations | Continuous updates to ZLoader to evade detection, resilient communication channels (DNS, HTTPS) |
| Source | The Hackers News |
Read full article: https://thehackernews.com/2024/12/zloader-malware-returns-with-dns.html
The above summary has been generated by an AI language model
Related posts:
Trickbot Rising — Gang doubles down on infection efforts to amass network Footholds
Germany warns of potential cyber threats from Russia ahead of snap election
Dozens of Central Asian targets hit in recent Russia-linked cyber-espionage campaign
British telecoms giant BT confirms attempted cyberattack after ransomware gang claims hack
Leave a Reply