X-Industry

smokeloader (5)

SmokeLoader Malware

13229596287?profile=RESIZE_400xIn September 2024, researchers observed an attack using the notorious SmokeLoader malware to target companies in Taiwan, including those in manufacturing, healthcare, information technology, and other sectors. SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks.  While SmokeLoader primarily serves as a downloader to deliver other malware, in this case, it carries out the attack itself by downloading pl

OP Endgame

12634541464?profile=RESIZE_400xLaw enforcement agencies in the United States and Europe announced on 30 May Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware.  Titled: “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” or “loaders” like IcedIDSmokeloader and Trickbot.

Link to full report: IR-24-151-001_OPendgame.p

New Year, New Information-Stealing Malware

10923797266?profile=RESIZE_400xRisePro is an information-stealing malware that was first discovered in mid-December 2022.  The earliest log recording from this malware, as of the time of this writing, was December 12th, 2022.  The logs found were posted to Russian Market, which is a log shop that is like other markets, such as Genesis.  There appeared to be multiple thousands of logs posted [2].  RisePro appears to be written in C++ and acts similarly to the “Vidar” malware.  According to a Joe Sandbox analysis, RisePro exhib

Agrius & Azov for the Holidays

10913981254?profile=RESIZE_400xCybersecurity researchers have published the inner workings of a new wiper called Azov Ransomware that's deliberately designed to corrupt data and "inflict impeccable damage" to compromised systems.  Azov is the name of ransomware, malware that blocks access to files by encrypting them.  It encrypts all files (except files with .ini, .dll, and .exe extensions) and appends the ".azov" extension to their filenames. Also, Azov drops ransom notes (the "RESTORE_FILES.txt" files) in all folders that i

Weekly Cyber Intel Report - All Sector 08 12 2022

10764228452?profile=RESIZE_400xActivity Summary - Week Ending on 12 August 2022:

  • Red Sky Alliance identified 23,968 connections from new IP’s checking in with our Sinkholes
  • ril.com Hit
  • Analysts identified 765 new IP addresses participating in various Botnets
  • Zeppelin Ransomware
  • Exim
  • SmokeLoader
  • RapperBot
  • AiTM Phishing
  • BlenderBot
  • PortDoor & CotSam

Link to full report: IR-22-224-001_weekly224.pdf