December 2, 2024 at 11:09PM Taiwanese manufacturing, healthcare, and IT sectors are targeted by a campaign using SmokeLoader malware, which has advanced evasion techniques and modular capabilities. It primarily serves as a downloader but can execute attacks independently. The campaign starts with a phishing email exploiting old vulnerabilities to deploy SmokeLoader via Ande Loader. **Meeting … Read more
December 13, 2023 at 07:12AM Malware analysis involves examining network traffic and overcoming common challenges. Tools like a man-in-the-middle (MITM) proxy aid in decrypting HTTPS traffic, revealing details of malicious activities. FakeNET can identify malware families, and a residential proxy helps bypass geo-restrictions for analyzing evasive malware. Utilize these tools in the cloud-based ANY.RUN sandbox … Read more
November 18, 2023 at 07:00AM Cisco Talos has discovered that the 8Base ransomware group is using a variant of the Phobos ransomware in its attacks. The malware is distributed through the SmokeLoader backdoor trojan, and the group has been active at least since March 2022. The findings also reveal the methods and characteristics of the … Read more