SmokeLoader Attack Targets Companies in Taiwan

    Monday, December 9, 2024 In: Threat Research Print

    Date: 12/09/2024

    Severity: High

    Summary

    In September 2024, there was observed an attack leveraging the notorious SmokeLoader malware to target companies in Taiwan across sectors like manufacturing, healthcare, and IT. Known for its versatility and advanced evasion techniques, SmokeLoader’s modular design enables a variety of attacks. While typically serving as a downloader for other malware, in this case, it executed the attack directly by retrieving plugins from its command-and-control (C2) server.

    Indicators of Compromise (IOC) List

    IP Address : 

    198.23.188.147

    77.232.41.29

    91.183.104.24

    185.228.234.237

    Hash : 

    3e523ed80dbb592b1ff8c3345c3cd231ddd5a06e1af4c7b7d1f7f81249d0c4a3

ad657479d9f6322daba65638523d65631ff83ba5a717261acb5a53fd48e52209

8dc06fdc2897d7c3438105ea0a39d2074774f80e051007fe7799b8195580ad2f

fbe226dd0130c3c0c4db9d125cd25eca3c8e310dae8127d15c8be18041d41cd6

392d201120936c1f0e77bdb4b490f2825c1e6f584f18055c742b36250f89566b

e29c269a4c3ee4bbd673bfe0d24ca7d131d9221607e26a60989e81d8ffc17095

00874ab2a91433dfbfdc9ee6ade6173f3280737fc81505504ace11273f640610

1a1c8cdac1c3cbae5f1140e850ee06b414259876dab97152669f7c0f93469b13

5dc92a6ed1ef2a5d9cf2a112532ad2c9fd70bff727e4cb60cd5d9c4966f2f77f

a334ba0d8ac0676d09e41aa273589ee27338c44a09109a4d5defa45f1d9bd82b

35e55053bed6b3c1027a3e7c140e67303e01e8fcbf42abac27b8e9df2a090ee3

858d26e697bc60b642e5d92922b625f58532fc06f028962d8add5fa497981f33

7f9909677c290b98541be176251eca34b9f3d36555669a2639130adb97ca6958

f4b16c3f8bff445fdcd9d7edb5883d20d7663c3744e137439fa961736d0a9471

fb6ef14ac4cebf87f937f15553575f0f62ac62df917b490f602025a0985addd1

9dea895b5b1c03caa2b838b8def4e082392851325794c3bd2eb5ca7372d8e09c

cfe7f6c1c0560bd56cd2df856d459b7fe7fd63b2f635c35151f61d4d04ce4162

a4ec792538455fb56f0b89ae10ddd0b2504afba092ba5cfa2083cf61b5fac0ef

cb92d320fc9bc674e8d37ceeebf0363f8e96dd67ef4ef543b3348f96ef567e5f

eb8381b156aad734ef3a0328b4985ed1edeca1c8d79d66e094598f8c6992ac71

e3e7a3d0ba55b8dbbe3633b1dad0a3bbf4eada72dd8df3f7b1bc76a692862f23

ea3b07a2356a7bfb92144f621ba551677a138c31d684072d69a4d37c1a378bb3

7ab20d40431b990a9a44e96dc53519f0af72eaf56c4b20f8995f95a48039bf67

bdb897e6a8bfc21302ae1ac254b1b2e779684fe75b2b824cb24c80c775898940

f7544f07b4468e38e36607b5ac5b3835eac1487e7d16dd52ca882b3d021c19b6

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    IP Address : 

    dstipaddress IN ("77.232.41.29","198.23.188.147","185.228.234.237","91.183.104.24") or ipaddress IN ("77.232.41.29","198.23.188.147","185.228.234.237","91.183.104.24") or publicipaddress IN ("77.232.41.29","198.23.188.147","185.228.234.237","91.183.104.24") or srcipaddress IN ("77.232.41.29","198.23.188.147","185.228.234.237","91.183.104.24")

    Hash : 

    sha256hash IN ("cb92d320fc9bc674e8d37ceeebf0363f8e96dd67ef4ef543b3348f96ef567e5f","ea3b07a2356a7bfb92144f621ba551677a138c31d684072d69a4d37c1a378bb3","e29c269a4c3ee4bbd673bfe0d24ca7d131d9221607e26a60989e81d8ffc17095","858d26e697bc60b642e5d92922b625f58532fc06f028962d8add5fa497981f33","1a1c8cdac1c3cbae5f1140e850ee06b414259876dab97152669f7c0f93469b13","cfe7f6c1c0560bd56cd2df856d459b7fe7fd63b2f635c35151f61d4d04ce4162","392d201120936c1f0e77bdb4b490f2825c1e6f584f18055c742b36250f89566b","9dea895b5b1c03caa2b838b8def4e082392851325794c3bd2eb5ca7372d8e09c","f7544f07b4468e38e36607b5ac5b3835eac1487e7d16dd52ca882b3d021c19b6","3e523ed80dbb592b1ff8c3345c3cd231ddd5a06e1af4c7b7d1f7f81249d0c4a3","a334ba0d8ac0676d09e41aa273589ee27338c44a09109a4d5defa45f1d9bd82b","a4ec792538455fb56f0b89ae10ddd0b2504afba092ba5cfa2083cf61b5fac0ef","ad657479d9f6322daba65638523d65631ff83ba5a717261acb5a53fd48e52209","7ab20d40431b990a9a44e96dc53519f0af72eaf56c4b20f8995f95a48039bf67","35e55053bed6b3c1027a3e7c140e67303e01e8fcbf42abac27b8e9df2a090ee3","7f9909677c290b98541be176251eca34b9f3d36555669a2639130adb97ca6958","bdb897e6a8bfc21302ae1ac254b1b2e779684fe75b2b824cb24c80c775898940","00874ab2a91433dfbfdc9ee6ade6173f3280737fc81505504ace11273f640610","8dc06fdc2897d7c3438105ea0a39d2074774f80e051007fe7799b8195580ad2f","fbe226dd0130c3c0c4db9d125cd25eca3c8e310dae8127d15c8be18041d41cd6","5dc92a6ed1ef2a5d9cf2a112532ad2c9fd70bff727e4cb60cd5d9c4966f2f77f","f4b16c3f8bff445fdcd9d7edb5883d20d7663c3744e137439fa961736d0a9471","fb6ef14ac4cebf87f937f15553575f0f62ac62df917b490f602025a0985addd1","eb8381b156aad734ef3a0328b4985ed1edeca1c8d79d66e094598f8c6992ac71","e3e7a3d0ba55b8dbbe3633b1dad0a3bbf4eada72dd8df3f7b1bc76a692862f23")

    Reference:   

    https://www.fortinet.com/blog/threat-research/sophisticated-attack-targets-taiwan-with-smokeloader 


    Tags

    MalwareSmokeLoaderTaiwanHealthcare and Public HealthInformation TechnologyCritical Manufacturing

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2024 by Gurucul - All rights reserved.