New Zloader Campaign: Where Do IoCs Lead Us?
A new Zloader campaign has been detected. It is believed to be the work of the MalSmoke cybercrime group. More than 2,000 unique victim IP addresses have downloaded the malware, which exploits a vulnerability in Microsoft’s digital signature verification method.
WhoisXML API analyzed the initial list of IoCs to uncover artifacts and possible domain and IP connections. Our analysis includes:
- Registrant details analysis uncovering domains that share the exact registrant information as one of the IoCs
- 900+ domains artifacts, likely to be DGA, sharing the same registrar and name server details with the IoCs