Tag: ZLoader

Roboto Condensed Social Engineering Scheme Delivers DELoader (aka Terdot or ZLoader).

My first post on the Roboto Condensed social engineering scheme can be seen HERE. BleepingComputer.com also wrote an article on this, which can be seen HERE. The page presented to both Chrome and Firefox users: Looking at the page source shows a different .ZIP file for Chrome and Firefox users: Chrome users download “Chrome_Font.zip”, which is ...

EITest Leads to RIG EK at 188.225.36.196 And Drops Quant Loader. Downloads ZLoader/Zbot.

IOCs 199.116.248.108 – saywitzproperties.com – Compromised website (shout-out to thlnk3r‏ who gave me the site) 188.225.36.196 – fds.japanbioenergy.org – RIG Exploit Kit 52.90.24.205 – unisdr.top – GET /mail.index.php – Response contains download locations for additional malware at trackerhost.us 52.90.24.205 – trackerhost.us – GET /drop/lsmk.exe – Additional malware 52.90.24.205 – gerber.gdn – POST / info.php – Post-infection traffic DNS ...