Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Agenda ransomware group has expanded its capabilities by incorporating SmokeLoader malware and a new loader called NETXLOADER. NETXLOADER is a highly obfuscated .NET-based loader that utilizes advanced techniques to evade detection and complicate analysis. The group has been targeting healthcare, technology, financial services, and telecommunications sectors across multiple countries. NETXLOADER employs sophisticated methods such as JIT hooking, API obfuscation, and memory manipulation to deploy payloads like Agenda ransomware and SmokeLoader. The attack chain involves multiple stages of evasion, discovery, and command and control communications. This evolution in tactics poses increased risks of data theft and device compromise for potential targets.
OPENCTI LABELS :
ransomware,rust,evasion,smokeloader,.net,netxloader
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal