Not SimonMar 19, 2024

The State Cyber Protection Centre of the State Service of Special Communications and Information Protection of Ukraine (SCPC SSSCIP), in collaboration with Unit 42, has a whopping 94 page malware analysis report (complete with IOC) on Smoke Loader malware (aka Dofoil or Sharik), used in a surge of recent attacks on Ukrainian financial institutions and government organizations. Ukraine’s CERT-UA first identified Smoke Loader used by the financially motivated threat group UAC-0006 on 05 May 2023. Since then, Smoke Loader has been used worldwide and also in ransomware attacks. 🔗 https://scpc.gov.ua/en/articles/356

#SmokeLoader #malware #threatintel #UAC0006 #Ukraine #SCPC #SSSCIP #Ukraine #CERTUA #IOC

SCPC

Державний центр кіберзахисту Державної служби спеціального зв’язку та захисту інформації України.

scpc.gov.ua
SOC PrimeJul 24, 2023

#CERTUA warns cyber defenders of a third in a row #UAC0006 attack targeting Ukrainian financial institutions with #SmokeLoader #malware. Detect associated malicious activity with relevant #Sigma rules in the SOC Prime Platform.

https://socprime.com/blog/detecting-smokeloader-campaign-uac-0006-keep-targeting-ukrainian-financial-institutions-in-a-series-of-phishing-attacks/
#DFIR #SOC #threathunting

Detecting SmokeLoader Campaign: UAC-0006 Keep Targeting Ukrainian Financial Institutions in a Series of Phishing Attacks - SOC Prime

Detect UAC-0006 phishing attacks targeting Ukrainian financial institutions with SmokeLoader malware using Sigma rules from SOC Prime Platform.

SOC Prime