Intel Name: Inside zloader’s latest trick: dns tunneling
Date of Scan: December 12, 2024
Impact: High
Summary: Zloader (also known as Terdot, DELoader, or Silent Night) is a modular Trojan derived from the leaked Zeus source code, first appearing in 2015. Initially designed for banking fraud through Automated Clearing House (ACH) and wire transfers, Zloader has since been repurposed for initial access, enabling ransomware deployment in corporate environments, similar to Qakbot and Trickbot. After a nearly two-year hiatus, Zloader resurfaced a year ago with a new version featuring enhanced obfuscation techniques, a refined domain generation algorithm (DGA), advanced anti-analysis measures, and updated network communication protocols.