Today > vulnerabilities   -   You can now download lists of IOCs here!

Tag: smokeloader

7 attack reports | 0 vulnerabilities

Attack reports

Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices

A malicious botnet called Socks5Systemz is operating a proxy service named PROXY.AM, utilizing over 85,000 compromised devices. The botnet, active since 2013, aims to turn infected systems into proxy exit nodes for cybercriminals seeking to obscure their attack sources. Initially boasting around 25…

botnet
amadey
cybercrime
smokeloader
proxy service
socks5systemz
2024-12-09
privateloader
exit nodes
hacked devices
proxy.am
Published: December 9, 2024

Downloadable IOCs 2

SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer

Threat actors are exploiting old Microsoft Office vulnerabilities using SmokeLoader, a modular malware loader, to steal browser credentials. The campaign targets manufacturing, healthcare, and IT companies in Taiwan, utilizing CVE-2017-0199 and CVE-2017-11882 to execute remote code and deploy malic…

phishing
plugins
credential theft
smokeloader
CVE-2017-0199
CVE-2017-11882
taiwan
modular malware
2024-12-03
microsoft office
vulnerabilities
andeloader
Published: December 3, 2024

Downloadable IOCs 28

SmokeBuster Tool

ThreatLabz has developed SmokeBuster, a tool to detect, analyze, and remove SmokeLoader malware from infected systems. Despite Operation Endgame's disruption in May 2024, SmokeLoader continues to be used by threat groups. SmokeBuster supports various SmokeLoader versions and Windows systems, offeri…

windows
smokeloader
operation endgame
malware analysis
2024-10-31
thread manipulation
system performance
memory injection
dofoil
smokebuster
Published: October 31, 2024

Downloadable IOCs 0

SmokeLoader Evolution Through The Years

This report provides an in-depth analysis of the evolution of SmokeLoader, a prominent malware downloader that has been active since 2011. It examines the significant changes and improvements introduced in SmokeLoader versions from 2015 to 2022, including updates to its communication protocol, encr…

smokeloader
downloader
2024-07-03
Published: July 3, 2024

Downloadable IOCs 11

Unfurling Hemlock: Threat group uses cluster bomb campaigns

A threat actor dubbed Unfurling Hemlock has been observed distributing hundreds of thousands of malware samples in a campaign lasting several months. The malware is distributed using a 'cluster bomb' technique where each sample contains multiple stages of nested executable files, each containing ad…

amadey
redline
smokeloader
2024-07-01
risepro
mystic stealer
cluster bomb
mass distribution
eastern european
stealers
Published: July 1, 2024

Downloadable IOCs 55

Operation Endgame: Up In Smoke

A detailed technical analysis of Smoke malware loader, also known as SmokeLoader or Dofoil, which has been operational since 2011. Smoke is primarily used to deliver second-stage malware payloads like trojans, ransomware, and information stealers, and can also deploy custom plugins for various mali…

smokeloader
2024-05-30
operation endgame
Published: May 30, 2024

Downloadable IOCs 12

Spring Exacerbation: UAC-0006 increased cyberattacks

This report aims to provide insights into the ongoing cyber operations targeting Ukraine. It analyzes the tactics, techniques, and procedures employed by threat actors in their malicious campaigns. The document offers a comprehensive overview of the cybersecurity landscape in Ukraine, highlighting …

powershell
ukraine
2024-05-22
smokeloader
uac-0006
taleshot
Published: May 22, 2024

Downloadable IOCs 31

» Click here to see all Attack Reports «