2023-08-23 ⋅ Logpoint ⋅ Anish Bogati, Nischal khadgi @online{bogati:20230823:defending:9322a16,
author = {Anish Bogati and Nischal khadgi},
title = {{Defending Against 8base: Uncovering Their Arsenal and Crafting Responses}},
date = {2023-08-23},
organization = {Logpoint},
url = {https://www.logpoint.com/en/blog/emerging-threat/defending-against-8base/},
language = {English},
urldate = {2023-09-05}
}
Defending Against 8base: Uncovering Their Arsenal and Crafting Responses 8Base SmokeLoader SystemBC |
2023-07-17 ⋅ Acronis ⋅ Acronis Security @online{security:20230717:8base:e99c087,
author = {Acronis Security},
title = {{8Base ransomware stays unseen for a year}},
date = {2023-07-17},
organization = {Acronis},
url = {https://www.acronis.com/en-sg/cyber-protection-center/posts/8base-ransomware-stays-unseen-for-a-year/},
language = {English},
urldate = {2023-08-09}
}
8Base ransomware stays unseen for a year 8Base Phobos SmokeLoader |
2023-06-28 ⋅ vmware ⋅ Deborah Snyder, Fae Carlisle, Dana Behling, Bria Beathley @online{snyder:20230628:8base:6caf8b6,
author = {Deborah Snyder and Fae Carlisle and Dana Behling and Bria Beathley},
title = {{8Base Ransomware: A Heavy Hitting Player}},
date = {2023-06-28},
organization = {vmware},
url = {https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html},
language = {English},
urldate = {2023-08-03}
}
8Base Ransomware: A Heavy Hitting Player 8Base Phobos SmokeLoader SystemBC |
2023-06-24 ⋅ Twitter (@embee_research) ⋅ Embee_research @online{embeeresearch:20230624:smokeloader:9b36b55,
author = {Embee_research},
title = {{SmokeLoader - Malware Analysis and Decoding With Procmon}},
date = {2023-06-24},
organization = {Twitter (@embee_research)},
url = {https://embee-research.ghost.io/smokeloader-analysis-with-procmon/},
language = {English},
urldate = {2023-06-24}
}
SmokeLoader - Malware Analysis and Decoding With Procmon SmokeLoader |
2023-02-27 ⋅ PRODAFT Threat Intelligence ⋅ PRODAFT @techreport{prodaft:20230227:rig:72076aa,
author = {PRODAFT},
title = {{RIG Exploit Kit: In-Depth Analysis}},
date = {2023-02-27},
institution = {PRODAFT Threat Intelligence},
url = {https://www.prodaft.com/m/reports/RIG___TLP_CLEAR-1.pdf},
language = {English},
urldate = {2023-05-08}
}
RIG Exploit Kit: In-Depth Analysis Dridex IcedID ISFB PureCrypter Raccoon RecordBreaker RedLine Stealer Royal Ransom Silence SmokeLoader Zloader |
2022-11-19 ⋅ Malwarology ⋅ Robert Simmons @online{simmons:20221119:malicious:13718e6,
author = {Robert Simmons},
title = {{Malicious Packer pkr_ce1a}},
date = {2022-11-19},
organization = {Malwarology},
url = {https://malwarology.substack.com/p/malicious-packer-pkr_ce1a?r=1lslzd},
language = {English},
urldate = {2022-11-25}
}
Malicious Packer pkr_ce1a SmokeLoader Vidar |
2022-11-17 ⋅ Trellix ⋅ Trelix @online{trelix:20221117:trellix:8d385ac,
author = {Trelix},
title = {{Trellix Insights: SmokeLoader Exploits Old Vulnerabilities to Drop zgRAT}},
date = {2022-11-17},
organization = {Trellix},
url = {https://kcm.trellix.com/corporate/index?page=content&id=KB96190&locale=en_US},
language = {English},
urldate = {2023-09-18}
}
Trellix Insights: SmokeLoader Exploits Old Vulnerabilities to Drop zgRAT SmokeLoader zgRAT |
2022-10-07 ⋅ YouTube (BSides Portland) ⋅ Pim Trouerbach @online{trouerbach:20221007:smokeloader:7c5e5b3,
author = {Pim Trouerbach},
title = {{SmokeLoader - The Pandora's box of Tricks}},
date = {2022-10-07},
organization = {YouTube (BSides Portland)},
url = {https://youtu.be/QOypldw6hnY?t=3237},
language = {English},
urldate = {2022-10-11}
}
SmokeLoader - The Pandora's box of Tricks SmokeLoader |
2022-09-29 ⋅ Team Cymru ⋅ S2 Research Team @online{team:20220929:seychelles:2d1a3c1,
author = {S2 Research Team},
title = {{Seychelles, Seychelles, on the C(2) Shore: An overview of a bulletproof hosting provider named ELITETEAM.}},
date = {2022-09-29},
organization = {Team Cymru},
url = {https://www.team-cymru.com/post/seychelles-seychelles-on-the-c-2-shore},
language = {English},
urldate = {2022-10-10}
}
Seychelles, Seychelles, on the C(2) Shore: An overview of a bulletproof hosting provider named ELITETEAM. Amadey Raccoon RedLine Stealer SmokeLoader STOP |
2022-09-26 ⋅ Kaspersky ⋅ Haim Zigel, Oleg Kupreev, Artem Ushkov @online{zigel:20220926:nullmixer:c623b01,
author = {Haim Zigel and Oleg Kupreev and Artem Ushkov},
title = {{NullMixer: oodles of Trojans in a single dropper}},
date = {2022-09-26},
organization = {Kaspersky},
url = {https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/},
language = {English},
urldate = {2023-02-06}
}
NullMixer: oodles of Trojans in a single dropper ColdStealer DanaBot GCleaner Nullmixer PrivateLoader PseudoManuscrypt RedLine Stealer SmokeLoader Vidar |
2022-09-15 ⋅ Sekoia ⋅ Threat & Detection Research Team @online{team:20220915:privateloader:d88c7b2,
author = {Threat & Detection Research Team},
title = {{PrivateLoader: the loader of the prevalent ruzki PPI service}},
date = {2022-09-15},
organization = {Sekoia},
url = {https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/},
language = {English},
urldate = {2022-09-19}
}
PrivateLoader: the loader of the prevalent ruzki PPI service Agent Tesla Coinminer DanaBot DCRat Eternity Stealer Glupteba Mars Stealer NetSupportManager RAT Nymaim Nymaim2 Phoenix Keylogger PrivateLoader Raccoon RedLine Stealer SmokeLoader Socelars STOP Vidar YTStealer |
2022-08-31 ⋅ BitSight ⋅ André Tavares @online{tavares:20220831:tracking:5b4130e,
author = {André Tavares},
title = {{Tracking PrivateLoader: Malware Distribution Service}},
date = {2022-08-31},
organization = {BitSight},
url = {https://www.bitsight.com/blog/tracking-privateloader-malware-distribution-service},
language = {English},
urldate = {2022-08-31}
}
Tracking PrivateLoader: Malware Distribution Service PrivateLoader RedLine Stealer SmokeLoader |
2022-08-30 ⋅ Github (vc0RExor) ⋅ vc0RExor @online{vc0rexor:20220830:smokeloader:350c787,
author = {vc0RExor},
title = {{SmokeLoader - Quick-Analysis}},
date = {2022-08-30},
organization = {Github (vc0RExor)},
url = {https://github.com/vc0RExor/Quick-Analysis/blob/main/SmokeLoader/SmokeLoader.md},
language = {English},
urldate = {2022-08-31}
}
SmokeLoader - Quick-Analysis SmokeLoader |
2022-08-25 ⋅ OALabs ⋅ Sergei Frankoff @online{frankoff:20220825:smokeloader:d02283f,
author = {Sergei Frankoff},
title = {{SmokeLoader Triage Taking a look how Smoke Loader works}},
date = {2022-08-25},
organization = {OALabs},
url = {https://research.openanalysis.net/smoke/smokeloader/loader/config/yara/triage/2022/08/25/smokeloader.html},
language = {English},
urldate = {2022-08-31}
}
SmokeLoader Triage Taking a look how Smoke Loader works SmokeLoader |
2022-08-08 ⋅ Fortinet ⋅ James Slaughter @online{slaughter:20220808:life:5db63b6,
author = {James Slaughter},
title = {{Life After Death - SmokeLoader Continues to Haunt Using Old Vulnerabilities}},
date = {2022-08-08},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities},
language = {English},
urldate = {2023-09-18}
}
Life After Death - SmokeLoader Continues to Haunt Using Old Vulnerabilities SmokeLoader zgRAT |
2022-08-08 ⋅ Medium CSIS Techblog ⋅ Benoît Ancel @online{ancel:20220808:inside:67ef9a0,
author = {Benoît Ancel},
title = {{An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure}},
date = {2022-08-08},
organization = {Medium CSIS Techblog},
url = {https://medium.com/csis-techblog/inside-view-of-brazzzersff-infrastructure-89b9188fd145},
language = {English},
urldate = {2022-08-28}
}
An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP TinyNuke Vidar Zloader |
2022-07-29 ⋅ Blackberry ⋅ BlackBerry Research & Intelligence Team @online{team:20220729:smokeloader:628912d,
author = {BlackBerry Research & Intelligence Team},
title = {{SmokeLoader Malware Used to Augment Amadey Infostealer}},
date = {2022-07-29},
organization = {Blackberry},
url = {https://blogs.blackberry.com/en/2022/07/smokeloader-malware-used-to-augment-amadey-infostealer},
language = {English},
urldate = {2022-08-22}
}
SmokeLoader Malware Used to Augment Amadey Infostealer Amadey SmokeLoader |
2022-07-27 ⋅ Darktrace ⋅ Sam Lister, Shuh Chin Goh @online{lister:20220727:privateloader:e408698,
author = {Sam Lister and Shuh Chin Goh},
title = {{PrivateLoader: Network-Based Indicators of Compromise}},
date = {2022-07-27},
organization = {Darktrace},
url = {https://de.darktrace.com/blog/privateloader-network-based-indicators-of-compromise},
language = {English},
urldate = {2022-08-30}
}
PrivateLoader: Network-Based Indicators of Compromise PrivateLoader SmokeLoader |
2022-07-21 ⋅ AhnLab ⋅ ASEC @online{asec:20220721:amadey:1bbe53b,
author = {ASEC},
title = {{Amadey Bot Being Distributed Through SmokeLoader}},
date = {2022-07-21},
organization = {AhnLab},
url = {https://asec.ahnlab.com/en/36634/},
language = {English},
urldate = {2023-03-20}
}
Amadey Bot Being Distributed Through SmokeLoader Amadey SmokeLoader |
2022-06-21 ⋅ SonicWall ⋅ SonicWall @online{sonicwall:20220621:html:63e527d,
author = {SonicWall},
title = {{HTML Application Files are being used to distribute Smoke Loader Malware}},
date = {2022-06-21},
organization = {SonicWall},
url = {https://securitynews.sonicwall.com/xmlpost/html-application-hta-files-are-being-used-to-distribute-smoke-loader-malware/},
language = {English},
urldate = {2022-06-29}
}
HTML Application Files are being used to distribute Smoke Loader Malware SmokeLoader |
2022-04-20 ⋅ CISA ⋅ CISA, NSA, FBI, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), Government Communications Security Bureau, NCSC UK, National Crime Agency (NCA) @techreport{cisa:20220420:aa22110a:4fde5d6,
author = {CISA and NSA and FBI and Australian Cyber Security Centre (ACSC) and Canadian Centre for Cyber Security (CCCS) and Government Communications Security Bureau and NCSC UK and National Crime Agency (NCA)},
title = {{AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure}},
date = {2022-04-20},
institution = {CISA},
url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-110A_Joint_CSA_Russian_State-Sponsored_and_Criminal_Cyber_Threats_to_Critical_Infrastructure_4_20_22_Final.pdf},
language = {English},
urldate = {2022-04-25}
}
AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader |
2022-04-20 ⋅ CISA ⋅ CISA @online{cisa:20220420:alert:529e28c,
author = {CISA},
title = {{Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure}},
date = {2022-04-20},
organization = {CISA},
url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-110a},
language = {English},
urldate = {2022-04-25}
}
Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet |
2022-04-12 ⋅ AhnLab ⋅ ASEC Analysis Team @online{team:20220412:systembc:7bdd20c,
author = {ASEC Analysis Team},
title = {{SystemBC Being Used by Various Attackers}},
date = {2022-04-12},
organization = {AhnLab},
url = {https://asec.ahnlab.com/en/33600/},
language = {English},
urldate = {2022-04-15}
}
SystemBC Being Used by Various Attackers Emotet SmokeLoader SystemBC |
2022-02-18 ⋅ Bleeping Computer ⋅ Sergiu Gatlan @online{gatlan:20220218:new:6472349,
author = {Sergiu Gatlan},
title = {{New Golang botnet empties Windows users’ cryptocurrency wallets}},
date = {2022-02-18},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/new-golang-botnet-empties-windows-users-cryptocurrency-wallets/},
language = {English},
urldate = {2022-03-02}
}
New Golang botnet empties Windows users’ cryptocurrency wallets Anubis Loader SmokeLoader |
2022-02-17 ⋅ Blackberry ⋅ BlackBerry Research & Intelligence Team @online{team:20220217:threat:899b90a,
author = {BlackBerry Research & Intelligence Team},
title = {{Threat Thursday: Arkei Infostealer Expands Reach Using SmokeLoader to Target Crypto Wallets and MFA}},
date = {2022-02-17},
organization = {Blackberry},
url = {https://blogs.blackberry.com/en/2022/02/threat-thursday-arkei-infostealer},
language = {English},
urldate = {2022-02-26}
}
Threat Thursday: Arkei Infostealer Expands Reach Using SmokeLoader to Target Crypto Wallets and MFA Arkei Stealer SmokeLoader |
2022-02-08 ⋅ Intel 471 ⋅ Intel 471 @online{471:20220208:privateloader:5e226cd,
author = {Intel 471},
title = {{PrivateLoader: The first step in many malware schemes}},
date = {2022-02-08},
organization = {Intel 471},
url = {https://intel471.com/blog/privateloader-malware},
language = {English},
urldate = {2022-05-09}
}
PrivateLoader: The first step in many malware schemes Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar |
2022 ⋅ Silent Push ⋅ Silent Push @online{push:2022:privacy:921213d,
author = {Silent Push},
title = {{Privacy tools (not) for you}},
date = {2022},
organization = {Silent Push},
url = {https://www.silentpush.com/blog/privacy-tools-not-for-you},
language = {English},
urldate = {2022-07-18}
}
Privacy tools (not) for you SmokeLoader |
2021-06-17 ⋅ Suvaditya Sur @online{sur:20210617:analysis:74f0f46,
author = {Suvaditya Sur},
title = {{Analysis of SmokeLoader}},
date = {2021-06-17},
url = {https://suvaditya.one/malware-analysis/smokeloader/},
language = {English},
urldate = {2022-07-13}
}
Analysis of SmokeLoader SmokeLoader |
2021-06-10 ⋅ ZAYOTEM ⋅ Fatih YILMAZ, Buğra KÖSE, İrem ALKAŞİ, Esmanur ALİCAN, Çağlar YÜN @online{yilmaz:20210610:smokeloader:6699a4f,
author = {Fatih YILMAZ and Buğra KÖSE and İrem ALKAŞİ and Esmanur ALİCAN and Çağlar YÜN},
title = {{SmokeLoader Technical Analysis Report}},
date = {2021-06-10},
organization = {ZAYOTEM},
url = {https://drive.google.com/file/d/13BsHZn-KVLhwrtgS2yKJAM2_U_XZlwoD/view},
language = {English},
urldate = {2021-06-16}
}
SmokeLoader Technical Analysis Report SmokeLoader |
2021-05-26 ⋅ DeepInstinct ⋅ Ron Ben Yizhak @online{yizhak:20210526:deep:c123a19,
author = {Ron Ben Yizhak},
title = {{A Deep Dive into Packing Software CryptOne}},
date = {2021-05-26},
organization = {DeepInstinct},
url = {https://www.deepinstinct.com/2021/05/26/deep-dive-packing-software-cryptone/},
language = {English},
urldate = {2021-06-22}
}
A Deep Dive into Packing Software CryptOne Cobalt Strike Dridex Emotet Gozi ISFB Mailto QakBot SmokeLoader WastedLocker Zloader |
2021-05-19 ⋅ Intel 471 ⋅ Intel 471 @online{471:20210519:look:5ba9516,
author = {Intel 471},
title = {{Look how many cybercriminals love Cobalt Strike}},
date = {2021-05-19},
organization = {Intel 471},
url = {https://www.intel471.com/blog/Cobalt-strike-cybercriminals-trickbot-qbot-hancitor},
language = {English},
urldate = {2021-05-19}
}
Look how many cybercriminals love Cobalt Strike BazarBackdoor Cobalt Strike Hancitor QakBot SmokeLoader SystemBC TrickBot |
2021-04-12 ⋅ PTSecurity ⋅ PTSecurity @online{ptsecurity:20210412:paas:1d06836,
author = {PTSecurity},
title = {{PaaS, or how hackers evade antivirus software}},
date = {2021-04-12},
organization = {PTSecurity},
url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/paas-or-how-hackers-evade-antivirus-software/},
language = {English},
urldate = {2021-04-12}
}
PaaS, or how hackers evade antivirus software Amadey Bunitu Cerber Dridex ISFB KPOT Stealer Mailto Nemty Phobos Pony Predator The Thief QakBot Raccoon RTM SmokeLoader Zloader |
2021-03-21 ⋅ Blackberry ⋅ Blackberry Research @techreport{research:20210321:2021:a393473,
author = {Blackberry Research},
title = {{2021 Threat Report}},
date = {2021-03-21},
institution = {Blackberry},
url = {https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-bb-2021-threat-report.pdf},
language = {English},
urldate = {2021-03-25}
}
2021 Threat Report Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot |
2021-03-18 ⋅ Proofpoint ⋅ Brandon Murphy, Dennis Schwarz, Jack Mott, Proofpoint Threat Research Team @online{murphy:20210318:now:d4bd40e,
author = {Brandon Murphy and Dennis Schwarz and Jack Mott and Proofpoint Threat Research Team},
title = {{Now You See It, Now You Don’t: CopperStealer Performs Widespread Theft}},
date = {2021-03-18},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/blog/threat-insight/now-you-see-it-now-you-dont-copperstealer-performs-widespread-theft},
language = {English},
urldate = {2021-03-19}
}
Now You See It, Now You Don’t: CopperStealer Performs Widespread Theft CopperStealer SmokeLoader |
2021-02-23 ⋅ CrowdStrike ⋅ CrowdStrike @techreport{crowdstrike:20210223:2021:bf5bc4f,
author = {CrowdStrike},
title = {{2021 Global Threat Report}},
date = {2021-02-23},
institution = {CrowdStrike},
url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf},
language = {English},
urldate = {2021-02-25}
}
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader KNOCKOUT SPIDER OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
2021-02-18 ⋅ PTSecurity ⋅ PTSecurity @online{ptsecurity:20210218:httpswwwptsecuritycomwwenanalyticsantisandboxtechniques:d616c1f,
author = {PTSecurity},
title = {{https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/}},
date = {2021-02-18},
organization = {PTSecurity},
url = {https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/},
language = {English},
urldate = {2021-02-25}
}
https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/ Poet RAT Gravity RAT Ketrican Okrum OopsIE Remcos RogueRobinNET RokRAT SmokeLoader |
2021-02-02 ⋅ CRONUP ⋅ Germán Fernández @online{fernndez:20210202:de:6ff4f3a,
author = {Germán Fernández},
title = {{De ataque con Malware a incidente de Ransomware}},
date = {2021-02-02},
organization = {CRONUP},
url = {https://www.cronup.com/post/de-ataque-con-malware-a-incidente-de-ransomware},
language = {Spanish},
urldate = {2021-03-02}
}
De ataque con Malware a incidente de Ransomware Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader |
2021-02-01 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team @online{team:20210201:what:2e12897,
author = {Microsoft 365 Defender Threat Intelligence Team},
title = {{What tracking an attacker email infrastructure tells us about persistent cybercriminal operations}},
date = {2021-02-01},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2021/02/01/what-tracking-an-attacker-email-infrastructure-tells-us-about-persistent-cybercriminal-operations/},
language = {English},
urldate = {2021-02-02}
}
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations Dridex Emotet Makop Ransomware SmokeLoader TrickBot |
2021-01-18 ⋅ Medium csis-techblog ⋅ Benoît Ancel @online{ancel:20210118:gcleaner:f8b9064,
author = {Benoît Ancel},
title = {{GCleaner — Garbage Provider Since 2019}},
date = {2021-01-18},
organization = {Medium csis-techblog},
url = {https://medium.com/csis-techblog/gcleaner-garbage-provider-since-2019-2708e7c87a8a},
language = {English},
urldate = {2021-01-21}
}
GCleaner — Garbage Provider Since 2019 Amadey Ficker Stealer Raccoon RedLine Stealer SmokeLoader STOP |
2021-01-11 ⋅ AhnLab ⋅ ASEC Analysis Team @techreport{team:20210111:smoke:e778162,
author = {ASEC Analysis Team},
title = {{Smoke Loader Learns New Tricks}},
date = {2021-01-11},
institution = {AhnLab},
url = {https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.101_ENG.pdf},
language = {English},
urldate = {2022-04-14}
}
Smoke Loader Learns New Tricks SmokeLoader |
2021-01-09 ⋅ Marco Ramilli's Blog ⋅ Marco Ramilli @online{ramilli:20210109:command:d720b27,
author = {Marco Ramilli},
title = {{Command and Control Traffic Patterns}},
date = {2021-01-09},
organization = {Marco Ramilli's Blog},
url = {https://marcoramilli.com/2021/01/09/c2-traffic-patterns-personal-notes/},
language = {English},
urldate = {2021-05-17}
}
Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
2020-12-23 ⋅ 0xC0DECAFE ⋅ Thomas Barabosch @online{barabosch:20201223:detect:bd873bc,
author = {Thomas Barabosch},
title = {{Detect RC4 in (malicious) binaries}},
date = {2020-12-23},
organization = {0xC0DECAFE},
url = {https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries},
language = {English},
urldate = {2020-12-26}
}
Detect RC4 in (malicious) binaries SmokeLoader Zloader |
2020-12-21 ⋅ Cisco Talos ⋅ JON MUNSHAW @online{munshaw:20201221:2020:4a88f84,
author = {JON MUNSHAW},
title = {{2020: The year in malware}},
date = {2020-12-21},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2020/12/2020-year-in-malware.html},
language = {English},
urldate = {2020-12-26}
}
2020: The year in malware WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader |
2020-12-17 ⋅ Telekom ⋅ Thomas Barabosch @online{barabosch:20201217:smokeloader:937c780,
author = {Thomas Barabosch},
title = {{Smokeloader is still alive and kickin’ – A new way to encrypt CC server URLs}},
date = {2020-12-17},
organization = {Telekom},
url = {https://www.telekom.com/en/blog/group/article/a-new-way-to-encrypt-cc-server-urls-614886},
language = {English},
urldate = {2020-12-18}
}
Smokeloader is still alive and kickin’ – A new way to encrypt CC server URLs SmokeLoader |
2020-09-09 ⋅ Malwarebytes ⋅ Threat Intelligence Team @online{team:20200909:malvertising:ed1c3b8,
author = {Threat Intelligence Team},
title = {{Malvertising campaigns come back in full swing}},
date = {2020-09-09},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/social-engineering/2020/09/malvertising-campaigns-come-back-in-full-swing/},
language = {English},
urldate = {2020-09-15}
}
Malvertising campaigns come back in full swing Raccoon SmokeLoader |
2020-09-02 ⋅ Cisco Talos ⋅ Holger Unterbrink, Edmund Brumaghin @online{unterbrink:20200902:salfram:74ae3c9,
author = {Holger Unterbrink and Edmund Brumaghin},
title = {{Salfram: Robbing the place without removing your name tag}},
date = {2020-09-02},
organization = {Cisco Talos},
url = {https://blog.talosintelligence.com/2020/09/salfram-robbing-place-without-removing.html},
language = {English},
urldate = {2020-09-03}
}
Salfram: Robbing the place without removing your name tag Ave Maria ISFB SmokeLoader Zloader |
2020-08-27 ⋅ Hatching.io ⋅ Pete Cowman @online{cowman:20200827:smokeloader:6b86b56,
author = {Pete Cowman},
title = {{Smokeloader Analysis and More Family Detections}},
date = {2020-08-27},
organization = {Hatching.io},
url = {https://hatching.io/blog/tt-2020-08-27/},
language = {English},
urldate = {2020-09-03}
}
Smokeloader Analysis and More Family Detections SmokeLoader |
2020-06-22 ⋅ m.alvar.es ⋅ Marcos Alvares @online{alvares:20200622:comparative:270905b,
author = {Marcos Alvares},
title = {{Comparative analysis between Bindiff and Diaphora - Patched Smokeloader Study Case}},
date = {2020-06-22},
organization = {m.alvar.es},
url = {https://m.alvar.es/2020/06/comparative-analysis-between-bindiff.html},
language = {English},
urldate = {2021-11-09}
}
Comparative analysis between Bindiff and Diaphora - Patched Smokeloader Study Case SmokeLoader |
2020-06-21 ⋅ N1ght-W0lf Blog ⋅ Abdallah Elshinbary @online{elshinbary:20200621:deep:1a39a3f,
author = {Abdallah Elshinbary},
title = {{Deep Analysis of SmokeLoader}},
date = {2020-06-21},
organization = {N1ght-W0lf Blog},
url = {https://n1ght-w0lf.github.io/malware%20analysis/smokeloader/},
language = {English},
urldate = {2020-06-22}
}
Deep Analysis of SmokeLoader SmokeLoader |
2020-06-10 ⋅ m.alvar.es ⋅ Marcos Alvares @online{alvares:20200610:unpacking:38f29d6,
author = {Marcos Alvares},
title = {{Unpacking Smokeloader and Reconstructing PE Programatically using LIEF}},
date = {2020-06-10},
organization = {m.alvar.es},
url = {https://m.alvar.es/2020/06/unpacking-smokeloader-and.html},
language = {English},
urldate = {2021-11-17}
}
Unpacking Smokeloader and Reconstructing PE Programatically using LIEF SmokeLoader |
2020-05-24 ⋅ Malware and Stuff ⋅ Andreas Klopsch @online{klopsch:20200524:examining:842b499,
author = {Andreas Klopsch},
title = {{Examining Smokeloader’s Anti Hooking technique}},
date = {2020-05-24},
organization = {Malware and Stuff},
url = {https://malwareandstuff.com/examining-smokeloaders-anti-hooking-technique/},
language = {English},
urldate = {2020-05-25}
}
Examining Smokeloader’s Anti Hooking technique SmokeLoader |
2020-05-24 ⋅ Positive Technologies ⋅ PT ESC Threat Intelligence @online{intelligence:20200524:operation:2ce432b,
author = {PT ESC Threat Intelligence},
title = {{Operation TA505: network infrastructure. Part 3.}},
date = {2020-05-24},
organization = {Positive Technologies},
url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/operation-ta505-part3/},
language = {English},
urldate = {2020-11-23}
}
Operation TA505: network infrastructure. Part 3. AndroMut Buhtrap SmokeLoader |
2020-03-04 ⋅ CrowdStrike ⋅ CrowdStrike @techreport{crowdstrike:20200304:2020:818c85f,
author = {CrowdStrike},
title = {{2020 CrowdStrike Global Threat Report}},
date = {2020-03-04},
institution = {CrowdStrike},
url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf},
language = {English},
urldate = {2020-07-24}
}
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
2020-02-18 ⋅ Github (DanusMinimus) ⋅ Dan Lisichkin @online{lisichkin:20200218:analyzing:f805dad,
author = {Dan Lisichkin},
title = {{Analyzing Modern Malware Techniques Part 4: I’m afraid of no packer(Part 1 of 2)}},
date = {2020-02-18},
organization = {Github (DanusMinimus)},
url = {https://danusminimus.github.io/Analyzing-Modern-Malware-Techniques-Part-4/},
language = {English},
urldate = {2020-02-25}
}
Analyzing Modern Malware Techniques Part 4: I’m afraid of no packer(Part 1 of 2) SmokeLoader |
2019-11-21 ⋅ SentinelOne ⋅ Mario Ciccarelli @online{ciccarelli:20191121:going:0e7cac5,
author = {Mario Ciccarelli},
title = {{Going Deep | A Guide to Reversing Smoke Loader Malware}},
date = {2019-11-21},
organization = {SentinelOne},
url = {https://www.sentinelone.com/blog/going-deep-a-guide-to-reversing-smoke-loader-malware/},
language = {English},
urldate = {2020-01-07}
}
Going Deep | A Guide to Reversing Smoke Loader Malware SmokeLoader |
2019-10-31 ⋅ m.alvar.es ⋅ Marcos Alvares @online{alvares:20191031:dynamic:a295d00,
author = {Marcos Alvares},
title = {{Dynamic Imports and Working Around Indirect Calls - Smokeloader Study Case}},
date = {2019-10-31},
organization = {m.alvar.es},
url = {https://m.alvar.es/2019/10/dynamic-imports-and-working-around.html},
language = {English},
urldate = {2021-11-17}
}
Dynamic Imports and Working Around Indirect Calls - Smokeloader Study Case SmokeLoader |
2019-08-05 ⋅ security.neurolabs ⋅ Marcos Alvares @online{alvares:20190805:smokeloaders:3ee435d,
author = {Marcos Alvares},
title = {{Smokeloader's Hardcoded Domains - Sneaky Third Party Vendor or Cheap Buyer?}},
date = {2019-08-05},
organization = {security.neurolabs},
url = {http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html},
language = {English},
urldate = {2021-09-19}
}
Smokeloader's Hardcoded Domains - Sneaky Third Party Vendor or Cheap Buyer? SmokeLoader |
2019-07-09 ⋅ Check Point ⋅ Israel Gubi @online{gubi:20190709:2019:38d9134,
author = {Israel Gubi},
title = {{The 2019 Resurgence of Smokeloader}},
date = {2019-07-09},
organization = {Check Point},
url = {https://research.checkpoint.com/2019-resurgence-of-smokeloader/},
language = {English},
urldate = {2020-01-10}
}
The 2019 Resurgence of Smokeloader SmokeLoader |
2019-05-02 ⋅ Proofpoint ⋅ Bryan Campbell, Proofpoint Threat Insight Team @online{campbell:20190502:2019:1fe00f6,
author = {Bryan Campbell and Proofpoint Threat Insight Team},
title = {{2019: The Return of Retefe}},
date = {2019-05-02},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/2019-return-retefe},
language = {English},
urldate = {2019-12-20}
}
2019: The Return of Retefe Dok Retefe SmokeLoader |
2018-12-19 ⋅ Palo Alto Networks Unit 42 ⋅ Kaoru Hayashi @online{hayashi:20181219:analysis:41c2b03,
author = {Kaoru Hayashi},
title = {{Analysis of Smoke Loader in New Tsunami Campaign}},
date = {2018-12-19},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/analysis-of-smoke-loader-in-new-tsunami-campaign/},
language = {English},
urldate = {2023-05-23}
}
Analysis of Smoke Loader in New Tsunami Campaign SmokeLoader |
2018-09-18 ⋅ int 0xcc blog ⋅ Raashid Bhat @online{bhat:20180918:taste:e7dd98d,
author = {Raashid Bhat},
title = {{A taste of our own medicine: How SmokeLoader is deceiving configuration extraction by using binary code as bait}},
date = {2018-09-18},
organization = {int 0xcc blog},
url = {https://int0xcc.svbtle.com/a-taste-of-our-own-medicine-how-smokeloader-is-deceiving-dynamic-configuration-extraction-by-using-binary-code-as-bait},
language = {English},
urldate = {2020-01-10}
}
A taste of our own medicine: How SmokeLoader is deceiving configuration extraction by using binary code as bait SmokeLoader |
2018-08-14 ⋅ Plug it, play it, burn it, rip it ⋅ Alberto Ortega @online{ortega:20180814:antihooking:b194a7c,
author = {Alberto Ortega},
title = {{Anti-Hooking checks of SmokeLoader 2018}},
date = {2018-08-14},
organization = {Plug it, play it, burn it, rip it},
url = {https://blog.badtrace.com/post/anti-hooking-checks-of-smokeloader-2018/},
language = {English},
urldate = {2020-01-13}
}
Anti-Hooking checks of SmokeLoader 2018 SmokeLoader |
2018-07-18 ⋅ CERT.PL ⋅ Michał Praszmo @online{praszmo:20180718:dissecting:aa5eca1,
author = {Michał Praszmo},
title = {{Dissecting Smoke Loader}},
date = {2018-07-18},
organization = {CERT.PL},
url = {https://www.cert.pl/en/news/single/dissecting-smoke-loader/},
language = {English},
urldate = {2020-01-13}
}
Dissecting Smoke Loader SmokeLoader |
2018-07-03 ⋅ Talos Intelligence ⋅ Ben Baker, Holger Unterbrink @online{baker:20180703:smoking:067be1f,
author = {Ben Baker and Holger Unterbrink},
title = {{Smoking Guns - Smoke Loader learned new tricks}},
date = {2018-07-03},
organization = {Talos Intelligence},
url = {https://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learned-new.html},
language = {English},
urldate = {2019-10-14}
}
Smoking Guns - Smoke Loader learned new tricks SmokeLoader TrickBot |
2018-04-16 ⋅ Spamhaus ⋅ Spamhaus Malware Labs @online{labs:20180416:smoke:b91b833,
author = {Spamhaus Malware Labs},
title = {{Smoke Loader malware improves after Microsoft spoils its Campaign}},
date = {2018-04-16},
organization = {Spamhaus},
url = {https://www.spamhaus.org/news/article/774/smoke-loader-improves-encryption-after-microsoft-spoils-its-campaign},
language = {English},
urldate = {2020-01-08}
}
Smoke Loader malware improves after Microsoft spoils its Campaign SmokeLoader |
2018-04-04 ⋅ Microsoft ⋅ Microsoft Defender ATP Research Team @online{team:20180404:hunting:fe0f809,
author = {Microsoft Defender ATP Research Team},
title = {{Hunting down Dofoil with Windows Defender ATP}},
date = {2018-04-04},
organization = {Microsoft},
url = {https://cloudblogs.microsoft.com/microsoftsecure/2018/04/04/hunting-down-dofoil-with-windows-defender-atp/},
language = {English},
urldate = {2020-01-08}
}
Hunting down Dofoil with Windows Defender ATP SmokeLoader |
2018-01-12 ⋅ Malwarebytes ⋅ Jérôme Segura @online{segura:20180112:fake:c7bc448,
author = {Jérôme Segura},
title = {{Fake Spectre and Meltdown patch pushes Smoke Loader malware}},
date = {2018-01-12},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/cybercrime/2018/01/fake-spectre-and-meltdown-patch-pushes-smoke-loader/},
language = {English},
urldate = {2019-12-20}
}
Fake Spectre and Meltdown patch pushes Smoke Loader malware SmokeLoader |
2017-08-24 ⋅ Blaze's Security Blog ⋅ BartBlaze @online{bartblaze:20170824:crystal:16adb4a,
author = {BartBlaze},
title = {{Crystal Finance Millennium used to spread malware}},
date = {2017-08-24},
organization = {Blaze's Security Blog},
url = {https://bartblaze.blogspot.com/2017/08/crystal-finance-millennium-used-to.html},
language = {English},
urldate = {2020-02-01}
}
Crystal Finance Millennium used to spread malware Chthonic SmokeLoader |
2017-08-04 ⋅ PhishLabs ⋅ Jason Davison @online{davison:20170804:smoke:06d64d3,
author = {Jason Davison},
title = {{Smoke Loader Adds Additional Obfuscation Methods to Mitigate Analysis}},
date = {2017-08-04},
organization = {PhishLabs},
url = {https://info.phishlabs.com/blog/smoke-loader-adds-additional-obfuscation-methods-to-mitigate-analysis},
language = {English},
urldate = {2020-01-08}
}
Smoke Loader Adds Additional Obfuscation Methods to Mitigate Analysis SmokeLoader |
2017-04-03 ⋅ Malware Breakdown ⋅ Malware Breakdown @online{breakdown:20170403:shadow:962f78d,
author = {Malware Breakdown},
title = {{Shadow Server Domains Leading to RIG Exploit Kit Dropping Smoke Loader}},
date = {2017-04-03},
organization = {Malware Breakdown},
url = {https://malwarebreakdown.com/2017/04/03/shadow-server-domains-leads-to-rig-exploit-kit-dropping-smoke-loader-which-downloads-neutrino-bot-aka-kasidet/},
language = {English},
urldate = {2019-12-18}
}
Shadow Server Domains Leading to RIG Exploit Kit Dropping Smoke Loader SmokeLoader |
2016-10-17 ⋅ Malwarebytes ⋅ Jérôme Segura @online{segura:20161017:newlooking:3e62740,
author = {Jérôme Segura},
title = {{New-looking Sundown EK drops Smoke Loader, Kronos banker}},
date = {2016-10-17},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2016/10/new-looking-sundown-ek-drops-smoke-loader-kronos-banker/},
language = {English},
urldate = {2019-12-20}
}
New-looking Sundown EK drops Smoke Loader, Kronos banker Kronos SmokeLoader |
2016-08-05 ⋅ Malwarebytes ⋅ Malwarebytes Labs @online{labs:20160805:smoke:afada56,
author = {Malwarebytes Labs},
title = {{Smoke Loader – downloader with a smokescreen still alive}},
date = {2016-08-05},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2016/08/smoke-loader-downloader-with-a-smokescreen-still-alive/},
language = {English},
urldate = {2019-12-20}
}
Smoke Loader – downloader with a smokescreen still alive SmokeLoader |
2014-10-05 ⋅ Eternal Todo ⋅ Jose Miguel Esparza @online{esparza:20141005:dissecting:93f306b,
author = {Jose Miguel Esparza},
title = {{Dissecting SmokeLoader (or Yulia's sweet ass proposition)}},
date = {2014-10-05},
organization = {Eternal Todo},
url = {https://eternal-todo.com/blog/smokeloader-analysis-yulia-photo},
language = {English},
urldate = {2020-01-13}
}
Dissecting SmokeLoader (or Yulia's sweet ass proposition) SmokeLoader |