Some security researchers say it’s actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows it’s for real a scary morphic malware that changes its parts and recompiles itself.
However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community’s focus on stopping ransomware attacks.