home.social

#smokeloader — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #smokeloader, aggregated by home.social.

  1. 🚨 #OperationEndgame - With the operators out of the picture, law enforcement is closing in on Smokeloader botnet’s paying customers across Europe and North America.

    Read: hackread.com/smokeloader-users

    #CyberSecurity #CyberCrime #Smokeloader #Botnet

  2. CVE-2025-0411, a zero-day #vulnerability in 7-Zip is actively exploited by russian adversaries to target Ukraine in a #SmokeLoader campaign involving homoglyph attacks. Detect exploitation attempts using a set of #Sigma rules from SOC Prime Platform.
    socprime.com/blog/cve-2025-041

  3. Campagne #Malware #Italy Week 29

    ☠️💣🔥👻
    #AgentTesla: Ordine
    #Formbook: Offerta
    #GuLoader: Fattura Elettronica
    #Remcos: Bank
    #Lokibot: Delivery
    #SmokeLoader: Pagamenti
    #Irata: Malware APK
    #RedLine: Offerta
    #Neshta: Ordine
    #Ousaban: Processo
    #SnakeKeylogger: Fattura

    #mwitaly

  4. Das Bundeskriminalamt (BKA) und die Generalstaatsanwaltschaft Frankfurt am Main – Zentralstelle zur Bekämpfung der Internetkriminalität (ZIT) haben am 28. und 29. Mai 2024, unter Beteiligung des BSI, einen Schlag gegen #Cybercrime unternommen. Wir haben für den Takedown der #Schadsoftware #Smokeloader eine Sinkholing-Infrastruktur bereitgestellt und sind für die Benachrichtigung der deutschen Opfer zuständig.

    Mehr Infos: 👉 bsi.bund.de/dok/1112442

  5. #ユーロポール#IcedID#TrickBot 、その他のマルウェアに関連した100台以上のサーバーを #シャットダウン 」: The Hacker News

    「ユーロポールは木曜日、 #Operation #Endgame というコード名で行われる法執行機関の連携活動の一環として、IcedID、 #SystemB C、 #PikaBo t、 #SmokeLoader#Bumblebee 、TrickBotなどのいくつかのマルウェアローダー操作に関連するインフラストラクチャを停止したと発表した 。
    この措置は5月27日から5月29日までの間に行われ、 #アルメニア#オランダ#ポルトガル の16か所にわたる捜索の結果、世界中で100台以上のサーバーが解体され、アルメニアで1人、ウクライナで3人の計4人が #逮捕 された。 、そして #ウクライナ 。 」

    戦禍のウクライナでも、ややこしいことをしている奴がいる。

    thehackernews.com/2024/05/euro

    #prattohome #TheHackerNews

  6. #ユーロポール#IcedID#TrickBot 、その他のマルウェアに関連した100台以上のサーバーを #シャットダウン 」: The Hacker News

    「ユーロポールは木曜日、 #Operation #Endgame というコード名で行われる法執行機関の連携活動の一環として、IcedID、 #SystemB C、 #PikaBo t、 #SmokeLoader#Bumblebee 、TrickBotなどのいくつかのマルウェアローダー操作に関連するインフラストラクチャを停止したと発表した 。
    この措置は5月27日から5月29日までの間に行われ、 #アルメニア#オランダ#ポルトガル の16か所にわたる捜索の結果、世界中で100台以上のサーバーが解体され、アルメニアで1人、ウクライナで3人の計4人が #逮捕 された。 、そして #ウクライナ 。 」

    戦禍のウクライナでも、ややこしいことをしている奴がいる。

    thehackernews.com/2024/05/euro

    #prattohome #TheHackerNews

  7. We are proud to announce that Sekoia #TDR team contributed to the joint international law enforcement operation #OperationEndgame, targeting the notorious botnets #IcedID, #Smokeloader, #SystemBC and #Pikabot

    operation-endgame.com/

  8. Operation Endgame - Largest Ever Operation Against Botnets Hits Dropper Malware Ecosystem

    Date: May 30, 2024
    CVE: Not specified
    Vulnerability Type: Malware
    CWE: [[CWE-94]], [[CWE-502]]
    Sources: Europol News, Eurojust News

    Issue Summary

    Europol, in coordination with law enforcement agencies from multiple countries, conducted the largest ever operation targeting botnets. This operation, dubbed "Operation Endgame," took place from May 27 to 29, 2024, and led to the disruption of major malware droppers including IcedID, SystemBC, Pikabot, Smokeloader, and Bumblebee. The effort resulted in four arrests and the takedown of over 100 servers worldwide. These droppers were used to facilitate ransomware and other cyber-attacks by installing additional malware onto target systems. The operation was supported by Eurojust and involved contributions from countries including France, Germany, the Netherlands, Denmark, the UK, the US, and others. Private partners also played a role in the operation, which aimed to dismantle the infrastructure supporting these malicious activities. The success of this operation marks a significant step in combating cybercrime on a global scale.

    Operation Endgame, coordinated by Europol, dismantled several major botnets including IcedID, SystemBC, Pikabot, Smokeloader, and Bumblebee. This international effort involved law enforcement agencies from multiple countries and led to the arrest of four individuals and the takedown of over 100 servers. The botnets targeted facilitated ransomware and other cyber-attacks.

    Technical Key Findings

    The malware droppers involved are designed to infiltrate systems and install additional malware, often avoiding detection through sophisticated evasion techniques. These droppers were used to deploy ransomware and other malicious payloads by bypassing security measures and enabling further system compromises.

    Vulnerable Products

    The operation did not specify particular products but targeted the infrastructures supporting droppers like IcedID, SystemBC, Pikabot, Smokeloader, and Bumblebee.

    Impact Assessment

    If abused, these vulnerabilities could lead to widespread ransomware attacks, financial losses, and significant disruption of services. The infrastructure taken down had facilitated numerous cyber-attacks globally, highlighting the severe impact on cybersecurity.

    Patches or Workaround

    The report did not mention specific patches or workarounds. However, continuous monitoring and updating of security measures are recommended to protect against such threats.

    Tags

    #Botnets #Malware #Ransomware #Cybersecurity #Europol #OperationEndgame #Cybercrime #IcedID #SystemBC #Pikabot #Smokeloader #Bumblebee

  9. We are proud to announce that we assisted the joint international law enforcement operation #OperationEndgame, targeting the notorious botnets #IcedID, #Smokeloader, #SystemBC and #Pikabot 🔥

    abuse.ch has provided key infrastructure to LEA and internal partners to disrupt these botnet operations 🛑

    More information on the operation is available here:
    👉 operation-endgame.com/

  10. 🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏

    As with the #Qakbot and #Emotet takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.

    👉 For more information, read our write-up here: spamhaus.org/resource-hub/malw

    #OperationENDGAME

  11. 🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏

    As with the #Qakbot and #Emotet takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.

    👉 For more information, read our write-up here: spamhaus.org/resource-hub/malw

    #OperationENDGAME

  12. 🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏

    As with the #Qakbot and #Emotet takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.

    👉 For more information, read our write-up here: spamhaus.org/resource-hub/malw

    #OperationENDGAME

  13. 🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏

    As with the #Qakbot and #Emotet takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.

    👉 For more information, read our write-up here: spamhaus.org/resource-hub/malw

    #OperationENDGAME

  14. 🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏

    As with the #Qakbot and #Emotet takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.

    👉 For more information, read our write-up here: spamhaus.org/resource-hub/malw

    #OperationENDGAME

  15. ESET Research reports that AceCryptor use surged in the second half of 2023. This included Remcos RAT campaigns for the first time, using compromised accounts for credibility in phishing emails. AceCryptor + Remcos campaigns targeted Poland, Bulgaria, Spain, and Serbia. Campaigns were described, MITRE ATT&CK TTPs and IOC provided. 🔗 welivesecurity.com/en/eset-res

    #AceCryptor #threatintel #IOC #Remcos #RemcosRAT #VidarStealer #Stopransomware #SmokeLoader

  16. The State Cyber Protection Centre of the State Service of Special Communications and Information Protection of Ukraine (SCPC SSSCIP), in collaboration with Unit 42, has a whopping 94 page malware analysis report (complete with IOC) on Smoke Loader malware (aka Dofoil or Sharik), used in a surge of recent attacks on Ukrainian financial institutions and government organizations. Ukraine’s CERT-UA first identified Smoke Loader used by the financially motivated threat group UAC-0006 on 05 May 2023. Since then, Smoke Loader has been used worldwide and also in ransomware attacks. 🔗 scpc.gov.ua/en/articles/356

    #SmokeLoader #malware #threatintel #UAC0006 #Ukraine #SCPC #SSSCIP #Ukraine #CERTUA #IOC

  17. The State Cyber Protection Centre of the State Service of Special Communications and Information Protection of Ukraine (SCPC SSSCIP), in collaboration with Unit 42, has a whopping 94 page malware analysis report (complete with IOC) on Smoke Loader malware (aka Dofoil or Sharik), used in a surge of recent attacks on Ukrainian financial institutions and government organizations. Ukraine’s CERT-UA first identified Smoke Loader used by the financially motivated threat group UAC-0006 on 05 May 2023. Since then, Smoke Loader has been used worldwide and also in ransomware attacks. 🔗 scpc.gov.ua/en/articles/356

    #SmokeLoader #malware #threatintel #UAC0006 #Ukraine #SCPC #SSSCIP #Ukraine #CERTUA #IOC

  18. The State Cyber Protection Centre of the State Service of Special Communications and Information Protection of Ukraine (SCPC SSSCIP), in collaboration with Unit 42, has a whopping 94 page malware analysis report (complete with IOC) on Smoke Loader malware (aka Dofoil or Sharik), used in a surge of recent attacks on Ukrainian financial institutions and government organizations. Ukraine’s CERT-UA first identified Smoke Loader used by the financially motivated threat group UAC-0006 on 05 May 2023. Since then, Smoke Loader has been used worldwide and also in ransomware attacks. 🔗 scpc.gov.ua/en/articles/356

    #SmokeLoader #malware #threatintel #UAC0006 #Ukraine #SCPC #SSSCIP #Ukraine #CERTUA #IOC