A new Zloader campaign has been detected. It is believed to be the work of the MalSmoke cybercrime group. More than 2,000 unique victim IP addresses have downloaded the malware, which exploits a vulnerability in Microsoft’s digital signature verification method.
WhoisXML API analyzed the initial list of IoCs to uncover artifacts and possible domain and IP connections. Our analysis includes:
- Registrant details analysis uncovering domains that share the exact registrant information as one of the IoCs
- 900+ domains artifacts, likely to be DGA, sharing the same registrar and name server details with the IoCs
- More than 10 active IP resolutions to seven unique IP addresses
- 2,000+ connected domains resolving to the same IP addresses
Download the threat research materials containing the data related to the Zloader campaign now.