Dissecting Smoke Loader
Tags
country: Russia
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID 768694b5-cd7a-4a30-a7bb-ea257f50b8d4
Fingerprint 2a056000ed7fbb98
Analysis status DONE
Considered CTI value 0
Text language
Published July 18, 2018, midnight
Added to db Aug. 31, 2024, 1:44 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Table of contents
Title Dissecting Smoke Loader
Detected Hints/Tags/Attributes 38/2/15
Source URLs
Redirection Url
Details Source https://cert.pl/en/posts/2018/07/dissecting-smoke-loader/
Details Source https://www.cert.pl/en/news/single/dissecting-smoke-loader/
URL Provider
Details Provider Source level domain
Details cert.pl www.cert.pl
Details cert.pl cert.pl
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 81 CERT Polska https://cert.pl/en/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
grabberz.com
Details Domain 21 
www.msftncsi.com
Details Domain 105 
web.archive.org
Details Domain 1 
xaker.name
Details Domain 8 
stopmalvertising.com
Details Domain 15 
www.hexacorn.com
Details File 4 
ncsi.txt
Details File 32 
showthread.php
Details File 4 
analysis-of-smoke-loader.html
Details md5 1 
d32834d4b087ead2e7a2817db67ba8ca
Details Url 4 
http://www.msftncsi.com/ncsi.txt
Details Url 1 
https://grabberz.com/showthread.php?t=29680
Details Url 1 
https://web.archive.org/web/20160419010008/http://xaker.name/threads/22008
Details Url 4 
http://stopmalvertising.com/rootkits/analysis-of-smoke-loader.html
Details Url 2 
http://www.hexacorn.com/blog/2017/10/26/propagate-a-new-code-injection-trick