The SmokeLoader malware has reemerged and is targeting Taiwanese companies in various sectors.
SmokeLoader, typically used as a downloader for deploying other malicious samples, is now directly executing attacks by retrieving plugins from its C2 server.
Security professionals can rely on SOC Prime Platform for collective cyber defense and access dedicated Sigma rules to detect SmokeLoader attacks.
SmokeLoader belongs to the adversary toolkit of the financially motivated UAC-0006 group and has been used in phishing campaigns against Ukraine in the past.