Zloader has been observed to utilize legitimate remote management tools like AnyDesk, TeamViewer, and Microsoft Quick Assist for initial access. Threat actors leverage social engineering tactics to convince victims to grant them remote access to their systems. Once they gain remote access, the attackers proceed to deploy Zloader.
Technique: System Access [T1078] –> Remote Services [T1021] –> Remote Desktop Protocol [T1021.001]