🚨Exposing #LOCKBIT 5.0 Server: IP & DOMAIN

IP: 205.185.116.233 🇺🇸
#AS53667

Domain: karma0[.]xyz
Reg: 2 November 2025

💡LockBit Group uses #Smokeloader in their attacks
MD5: e818a9afd55693d556a47002a7b7ef31

#Lockbit5 #Ransomware #Security #Intelligence #OSINT #Databreach

SmokeLoader Malware Returns with Version 2025

~Zscaler~
SmokeLoader resurfaces with a new 'v2025' variant, featuring bug fixes and updated evasion techniques following the 'Operation Endgame' takedown.
-
IOCs: (None identified)
-
#Malware #SmokeLoader #ThreatIntel

Campagna MaaS usa Emmenhtal e Amadey per colpire entità ucraine via GitHub. Talos rivela tattiche e IOC per la mitigazione.

#Amadey #CiscoTalos #Emmenhtal #github #MaaS #SmokeLoader #ucraina
www.matricedigitale.it/2025/07/17/o...

Operation Endgame - Global Law Enforcement Malware Takedown | Proofpoint US Operation Endgame was a widespread effort to disrupt malware and botnet operations. Learn how global law enforcement collaborated with Proofpoint to succeed.

In May 2024 Operation Endgame took down multiple malware families. Europol called it the “largest ever operation against botnets, which play a major role in the deployment of ransomware.” brnw.ch/21wSRiX

#IcedID #Bumblebee #SystemBC #Pikabot #SmokeLoader

Agenda Ransomware Adds SmokeLoader & NETXLOADER

~Trendmicro~
Agenda ransomware group now uses SmokeLoader and a new stealthy loader, NETXLOADER, increasing data theft risk.
-
IOCs: mxblog77[. ]cfd, bloglake7[. ]cfd, mxbook17[. ]cfd
-
#AgendaRansomware #NETXLOADER #SmokeLoader #ThreatIntel

Policía detiene a Clientes del Malware Smokeloader y confisca sus Servidores - CIBERNINJAS La Operación Endgame continúa ganando fuerza: esta semana, las autoridades han detenido al menos a cinco individuos vinculados como clientes del botnet

🚨 Policía detiene a Clientes del Malware Smokeloader y confisca sus Servidores ciberninjas.com/policia-deti...

#Malware #Smokeloader #Ciberseguridad #Cibercriminales #Investigación #Confisca #SeguridadCibernética #Hackers

Smokeloader Users Identified and Arrested in Operation Endgame Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

🚨 #OperationEndgame - With the operators out of the picture, law enforcement is closing in on Smokeloader botnet’s paying customers across Europe and North America.

Read: hackread.com/smokeloader-...

#CyberSecurity #CyberCrime #Smokeloader #Botnet

Europol arresta cinque clienti del botnet Smokeloader: database cifrato rivela identità reali. Operazione Endgame colpisce domanda crime-as-a-service.

#botnet #crimeasaservice #cybercrime #database #europol #forensics #OperazioneEndgame #SmokeLoader
www.matricedigitale.it/sicurezza-in...

Understanding the Smokeloader Botnet: A Persistent Cyber Threat | The DefendOps Diaries Explore the Smokeloader botnet's impact, adaptability, and law enforcement's efforts to dismantle this persistent cyber threat.

Smokeloader isn’t your everyday malware—it morphs into new threats and slips past defenses with ease. How long before cybercrime’s most elusive tool gets permanently shut down?

#smokeloader
#cybersecurity
#botnet
#malware
#cybercrime

CoffeeLoader: malware che evade le difese sfruttando le GPU CoffeeLoader: il malware che sfrutta le GPU per bypassare soluzioni antivirus avanzate rappresentando una minaccia significativa per la sicurezza informatica.

💡 CoffeeLoader il malware che evade le difese sfruttando la GPU

gomoot.com/coffeeloader...

#blog #coffeeloader #cybersecurity #gpu #malware #news #picks #ransomware #smokeloader #spuware #stack #tech #tecnologia #zscaler

CoffeeLoader Malware Loader Linked to SmokeLoader Operations Newly identified CoffeeLoader uses multiple evasion techniques and persistence mechanisms to deploy payloads and bypass endpoint security

CoffeeLoader マルウェア ローダーが SmokeLoader オペレーションにリンク

CoffeeLoader Malware Loader Linked to SmokeLoader Operations #InfosecurityMagazine (Mar 27)​

#CoffeeLoader #SmokeLoader #マルウェア #サイバーセキュリティ #脅威分析

Attacker compromised email account from mx[.]jurimex[.]ua to deliver phishing email. Email contains malicious URL abuse infrastructure from drive[.]legalaid[.]gov[.]ua, owned by Ukraine's Coordination Centre for Legal Aid Provision that was abused to deliver RAR file contains #SmokeLoader malware.

🚨 Targeted #phishing attacks on Ukrainian 🇺🇦 gov! Emails from moulmg@meta[.]ua & info@betta[.]com[.]ua deliver malicious 7ZIP files exploiting CVE-2025-0411 to drop #SmokeLoader. Notably, the meta[.]ua mail service has been previously abused by #APT28 (GRU) for #cyber operations.

7-Zip MoTW Bypass Exploited in Zero-Day Attacks Against Ukraine: A Comprehensive Analysis | The DefendOps Diaries Explore the 7-Zip vulnerability exploited in zero-day attacks against Ukraine, highlighting the CVE-2025-0411 flaw and its implications.

7-Zip MoTW Bypass Exploited in Zero-Day Attacks Against Ukraine: A Comprehensive Analysis

thedefendopsdiaries.com/7-zip-motw-b...

#7zip
#zeroday
#cybersecurity
#ukraine
#motwbypass
#smokeloader
#cve20250411
#cyberattacks
#infosec

How attackers abuse S3 Bucket Namesquatting — And How to Stop Them AWS S3 bucket names are global with predictable names that can be exploited in "S3 bucket namesquatting" attacks to access or hijack S3 buckets. In this article, Varonis explains how these attacks…

攻撃者が S3 バケット ネームスクワッティングを悪用する方法とそれを阻止する方法

How attackers abuse S3 Bucket Namesquatting — And How to Stop Them #BleepingComputer (Feb 5)

#SmokeLoader #7Zip脆弱性 #CVE20250411 #サイバースパイ #ウクライナ攻撃

CVE-2025-0411 Detection: russian Cybercrime Groups Rely on Zero-Day Vulnerability in 7-Zip to Target Ukrainian Organizations - SOC Prime Detect CVE-2025-0411 exploitation attempts, 7-Zip zero-day vulnerability used in a SmokeLoader campaign against Ukraine, with Sigma rules from SOC Prime.

CVE-2025-0411, a zero-day #vulnerability in 7-Zip is actively exploited by russian adversaries to target Ukraine in a #SmokeLoader campaign involving homoglyph attacks. Detect exploitation attempts using a set of #Sigma rules from SOC Prime Platform.
https://buff.ly/3EmgSht

7-Zip MotW bypass exploited in zero-day attacks against Ukraine A 7-Zip vulnerability allowing attackers to bypass the Mark of the Web (MotW) Windows security feature was exploited by Russian hackers as a zero-day since September 2024.

7-Zip MotW バイパスがウクライナへのゼロデイ攻撃で悪用される

7-Zip MotW bypass exploited in zero-day attacks against Ukraine #BleepingComputer (Feb 4)

#7-Zip脆弱性 #MotW回避 #ゼロデイ攻撃 #SmokeLoader #サイバーセキュリティ

Chart showing malware families using AceCryptor

As for the malware families packed by the cryptor, we could yet again see the usual suspects such as #Rescoms, #Smokeloader, and #Stealc among the most delivered threats. 3/7

SmokeLoader use d'anciens bugs Office pour mieux voler des données - Le Monde Informatique Le chargeur de malware modulaire bien connu SmokeLoader exploite deux anciennes failles de la suite Office de Microsoft pour déployer des plugins...

SmokeLoader use d'anciens bugs Office pour mieux voler des données
www.lemondeinformatique.fr/actualites/l...

#Infosec #Security #Cybersecurity #CeptBiro #SmokeLoader #Office #VolerDesDonnees

SmokeLoader Attack Targets Companies in Taiwan | FortiGuard Labs FortiGuard Labs has uncovered an attack targeting companies in Taiwan with SmokeLoader, which performs its attack with plugins this time. Learn more.…

#SmokeLoader Attack Targets Companies in Taiwan | FortiGuard Labs

6/ Fortinet warns: "SmokeLoader uses plugins for attacks instead of downloading final-stage files." Analysts must remain cautious—even familiar malware like this can evolve, becoming a bigger threat.

#CyberSecurity #SmokeLoader #Taiwan #AI

SmokeLoader Malware Exploits MS Office Flaws to Steal Browser Data Follow us on Bluesky, Twitter (X) and Facebook at @Hackread

🚨 SmokeLoader malware is back, now more advanced and dangerous, with enhanced tools to steal harvast credentials - The malware was spotted targeting industries in #Taiwan 💻🔒

Read: hackread.com/smokeloader-...

#CyberSecurity #SmokeLoader #Malware #Taiwan

Flexible Structure of Zip Archives Exploited to Hide Malware Undetected Attackers abuse concatenation, a method that involves appending multiple zip archives into a single file, to deliver a variant of the SmokeLoader Trojan hidden in malicious attachments delivered via p...

Flexible Structure of Zip Archives Exploited to Hide Malware. www.darkreading.com/threat-intel... #Cybersecurity #Malware #Threatintel #Smokeloader

Attackers are targeting financial departments with SmokeLoader malware - Help Net Security Hackers have been leveraging SmokeLoader malware in phishing campaigns to target Ukrainian government and administration organizations.

Attackers are targeting financial departments with SmokeLoader malware
www.helpnetsecurity.com/2024/03/22/s...
#Infosec #Security #Cybersecurity #CeptBiro #FinancialDepartments #SmokeLoader #Malware

8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader The threat actors behind the 8Base ransomware are utilizing a variant of the Phobos ransomware for their attacks.

8Base Group Deploying New #Phobos Ransomware Variant via #SmokeLoader ⚠️
thehackernews.com/2023/11/8bas...