{ "id": "e419485b-9673-41d8-ba8d-93a153b677c1", "created_at": "2026-04-06T00:18:13.922635Z", "updated_at": "2026-04-10T03:24:24.010653Z", "deleted_at": null, "sha1_hash": "8bb35903b77a84a3c43c0923bddfae128e6a2e47", "title": "Zloader Campaigns at a Glance", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1947123, "plain_text": "Zloader Campaigns at a Glance\r\nArchived: 2026-04-05 16:59:37 UTC\r\n open on a new tabView infographic: Zloader Campaigns at\r\na Glance\r\nThe ZBOT (aka Zeus) trojan has been one of the most prolific and enduring malware families of the past 20 years.\r\nAfter its first appearance in 2006news- cybercrime-and-digital-threats, its source code was leaked in 2011, leading\r\nto a plethora of new variants that plagued organizations over the succeeding years.\r\nOne of the most notable recent ZBOT variants is Zloader. First compiled under the name Silent Nightopen on a\r\nnew tab in late 2019, it has evolved from being an information stealer to a multipurpose dropper that provides\r\nmalicious actors the means to install and execute other malware and tools such as Cobalt Strike, DarkSide, and\r\nRyuk. In addition, it has other capabilities, such as the ability to provide remote access to attackers and install\r\nplug-ins for additional routines.\r\nZloader has multiple delivery methods, such as via email campaigns or downloads by other malware and hacking\r\ntools. One of the most basic yet reliable methods for individuals and organizations to avoid being infected by\r\nZloader and other malware with similar arrival techniques is to apply security best practices to their emails. This\r\nincludes avoiding downloading attachments or selecting links from emails that look suspicious or appear to be out\r\nof context.\r\nZloader’s versatility has made it a popular and effective campaign tool for any threat actor that is willing to pay\r\nfor it. We already witnessed this in past campaigns — some of which took advantage of current events such as the\r\nhttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/zloader-campaigns-at-a-glance\r\nPage 1 of 6\n\nCovid-19 pandemic — and we can expect to see it again in future campaigns from other threat actors.\r\nOrganizations can mitigate the impact of Zloader by employing robust security solutions and services. Trend\r\nMicro’s robust native XDR capabilities are tied together by Trend Micro Vision One™products, which connects\r\nemail, endpoints, servers, cloud workloads, and networks in order to provide a better context and perspective of\r\nthe entire chain of events of an attack, while also allowing security personnel to investigate and act from a single\r\nplace.\r\nFurthermore, managed security services, such as Trend Micro™ Managed XDRservices, provides expert threat\r\nmonitoring, correlation, and analysis from experienced cybersecurity professionals via a single and capable source\r\nof detection, analysis, and response. This expertise is further bolstered by AI-optimized, Trend Micro solutions\r\nthat draw from global threat intelligence.\r\nMITRE ATT\u0026CK techniques\r\nZloader uses the following tactics and techniques, as mapped out according to the MITRE ATT\u0026CK Matrix.\r\nIndicators of Compromise\r\nThe IOCs for Zloader can be found in this appendixopen on a new tab.\r\nHIDE\r\nhttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/zloader-campaigns-at-a-glance\r\nPage 2 of 6\n\nhttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/zloader-campaigns-at-a-glance\r\nPage 3 of 6\n\nhttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/zloader-campaigns-at-a-glance\r\nPage 4 of 6\n\nLike it? Add this infographic to your site:\r\n1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your\r\npage (Ctrl+V).\r\nImage will appear the same size as you see above.\r\nhttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/zloader-campaigns-at-a-glance\r\nPage 5 of 6\n\nWe Recommend\r\nThe Industrialization of Botnets: Automation and Scale as a New Threat Infrastructurenews article\r\nComplexity and Visibility Gaps in Power Automatenews article\r\nCracking the Isolation: Novel Docker Desktop VM Escape Techniques Under WSL2news article\r\nAzure Control Plane Threat Detection With TrendAI Vision One™news article\r\nThe AI-fication of Cyberthreats: Trend Micro Security Predictions for 2026predictions\r\nRansomware Spotlight: DragonForcenews article\r\nStay Ahead of AI Threats: Secure LLM Applications With Trend Vision Onenews article\r\nThe Road to Agentic AI: Navigating Architecture, Threats, and Solutionsnews article\r\nSource: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/zloader-campaigns-at-a-glance\r\nhttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/zloader-campaigns-at-a-glance\r\nPage 6 of 6", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/zloader-campaigns-at-a-glance" ], "report_names": [ "zloader-campaigns-at-a-glance" ], "threat_actors": [ { "id": "610a7295-3139-4f34-8cec-b3da40add480", "created_at": "2023-01-06T13:46:38.608142Z", "updated_at": "2026-04-10T02:00:03.03764Z", "deleted_at": null, "main_name": "Cobalt", "aliases": [ "Cobalt Group", "Cobalt Gang", "GOLD KINGSWOOD", "COBALT SPIDER", "G0080", "Mule Libra" ], "source_name": "MISPGALAXY:Cobalt", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434693, "ts_updated_at": 1775791464, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/8bb35903b77a84a3c43c0923bddfae128e6a2e47.pdf", "text": "https://archive.orkl.eu/8bb35903b77a84a3c43c0923bddfae128e6a2e47.txt", "img": "https://archive.orkl.eu/8bb35903b77a84a3c43c0923bddfae128e6a2e47.jpg" } }