Smoke Loader poses as an Office plugin
Tags
country: Poland
attack-pattern: Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Rootkit - T1014 Rootkit
Show in Graph
Common Information
Type Value
UUID 42004876-d19b-4c36-b8db-26c57db00c21
Fingerprint f51c4c98ee830ed2
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 27, 2015, midnight
Added to db Nov. 9, 2023, 1:50 a.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Social media
Title Smoke Loader poses as an Office plugin
Detected Hints/Tags/Attributes 34/2/16
Source URLs
Redirection Url
Details Source https://cert.pl/en/posts/2015/08/smoke-loader-poses-as-an-office-plugin/
Details Source https://www.cert.pl/en/news/single/smoke-loader-poses-as-an-office-plugin/
URL Provider
Details Provider Source level domain
Details cert.pl www.cert.pl
Details cert.pl cert.pl
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 81 CERT Polska https://cert.pl/en/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 16 
gov.pl
Details Domain 5 
zaufanatrzeciastrona.pl
Details Domain 1 
z3s.pl
Details Domain 52 
msn.com
Details Domain 1 
cannedgood.eu
Details Domain 8 
stopmalvertising.com
Details Domain 2 
eternal-todo.com
Details File 40 
gov.pl
Details File 5 
zaufanatrzeciastrona.pl
Details File 1 
z3s.pl
Details File 1 
doneapp.exe
Details File 1 
rootkit.dll
Details File 1 
faker.dll
Details File 4 
analysis-of-smoke-loader.html
Details Url 4 
http://stopmalvertising.com/rootkits/analysis-of-smoke-loader.html
Details Url 1 
http://eternal-todo.com/blog/smokeloader-analysis-yulia-photo