Appendix: Analysis of the Mokes/SmokeBot backdoor from the incident
Show in Graph
Image Description
Common Information
Type Value
UUID ff97fd5e-5bae-4335-af5e-b10f672f63c5
Fingerprint 2552e2e46b64829c2d2f5d5bad055a21599219ee972f58b51063a364850245fb
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 15, 2017, 2:27 p.m.
Added to db Oct. 1, 2024, 2:39 p.m.
Last updated Oct. 1, 2024, 2:41 p.m.
Headline Appendix: Analysis of the Mokes/SmokeBot backdoor from the incident
Title Appendix: Analysis of the Mokes/SmokeBot backdoor from the incident
Detected Hints/Tags/Attributes 58/2/55
Source URLs
Redirection Url
Details Source https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2017/11/07165021/Appendix_Mokes-SmokeBot_analysis.pdf
URL Provider
Details Provider Source level domain
Details kasperskycontenthub.com media.kasperskycontenthub.com
Attributes
Details Type #Events CTI Value
Details Domain 372 
wscript.shell
Details Domain 285 
microsoft.net
Details Domain 4 
autoit-script.ru
Details Domain 12 
www.autoitscript.com
Details Domain 18 
windowsupdate.microsoft.com
Details Domain 2 
xvidmovies.in
Details Domain 1 
freecodecs.in
Details Domain 1174 
gmail.com
Details Domain 287 
yahoo.com
Details Domain 179 
hotmail.com
Details Domain 24 
blog.fox-it.com
Details Domain 8 
stopmalvertising.com
Details Domain 33 
blog.fortinet.com
Details Email 1 
gemini.yasu@gmail.com
Details Email 2 
zhoulu823@gmail.com
Details Email 1 
onosoed@yahoo.com
Details Email 1 
ffaisalshah@hotmail.com
Details File 99 
steam.exe
Details File 208 
setup.exe
Details File 9 
setup.dll
Details File 1 
lvku.exe
Details File 1 
2929830.vbs
Details File 41 
avastui.exe
Details File 22 
start.vbs
Details File 72 
regsvcs.exe
Details File 1204 
index.php
Details File 1122 
svchost.exe
Details File 4 
stub.dll
Details File 1 
chars%.dat
Details File 459 
regsvr32.exe
Details File 4 
office-2013-ppvl-x64-en-us-oct2013.iso
Details File 4 
analysis-of-smoke-loader.html
Details md5 4 
a82c0575f214bdc7c8ef5a06116cd2a4
Details md5 1 
9e1709c39f3620ef599321c0fdde0658
Details md5 1 
8bc78aa3dd8cb46ea5021ae6e72be094
Details md5 1 
71d8f6d5dc35517275bc38ebcc815f9f
Details md5 1 
90863477d05cff43e74072c11cef61cb
Details md5 1 
1d9872a6698cb9e4991a65a3ae155a15
Details md5 1 
a9fb872545e1581c7896434196857cc2
Details md5 1 
c7f6cc7cbbb293f9c90bfcad187bef31
Details sha256 1 
08378aca35beaba76b9cb6458678052427eacb67ac3f91c7b4e6897115df3938
Details sha256 1 
6317e69c9adfb17b7787e888cead25fd583c84511de94d35eeabc35feb3c0209
Details sha256 1 
fb73a819b37523126c7708a1d06f3b8825fa60c926154ab2d511ba668f49dc4b
Details sha256 1 
8073570cd92f34052448381089a4819614b7791a0ac5bdf0ee534a43adb959e8
Details sha256 1 
ad4bfbe93da44a05dc2f3ba7fe0545d1c4ae4f37cec1e7945ba1662fdd5abd0e
Details sha256 1 
9e1a0a47aae6058dd4e931b1eced5cd6948b84bc9fdf6f1169db04c358ec904b
Details sha256 1 
c752074f51882960ffa5e5fe0e4881bbae147c10ad0d68089d8458128b1eff61
Details Url 1 
http://autoit-script.ru/index.php?topic=5338.0
Details Url 4 
http://windowsupdate.microsoft.com
Details Url 2 
http://xvidmovies.in/dir/index.php
Details Url 1 
http://freecodecs.in/dir/index.php
Details Url 1 
https://blog.fox-it.com/tag/ёsmoke-loader
Details Url 4 
http://stopmalvertising.com/rootkits/analysis-of-smoke-loader.html
Details Url 2 
https://blog.fortinet.com/2014/11/12/the-rebirth-of-dofoil
Details Windows Registry Key 1 
HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce