SmokeLoader

GPTKB entity

Statements (56)
Predicate Object
gptkbp:instanceOf malware
gptkbp:abilities modular architecture
command and control communication
persistence mechanisms
process injection
anti-analysis
gptkbp:alsoKnownAs gptkb:Dofoil
gptkbp:C2Communication gptkb:HTTP
HTTPS
custom protocols
gptkbp:category loader
trojan
gptkbp:detects gptkb:Kaspersky
gptkb:Malwarebytes
gptkb:ESET
gptkb:Symantec
gptkb:Microsoft_Defender
gptkbp:distributedBy phishing emails
exploit kits
malicious macros
malvertising
drive-by downloads
gptkbp:firstAppearance 2011
https://www.w3.org/2000/01/rdf-schema#label SmokeLoader
gptkbp:notable_campaign 2018 Dofoil outbreak
multiple spam campaigns
gptkbp:operatingSystem gptkb:Windows
gptkbp:origin gptkb:Russia
gptkbp:payload gptkb:Remcos
gptkb:Dridex
gptkb:FormBook
gptkb:LokiBot
gptkb:Pony
gptkb:Raccoon_Stealer
gptkb:Emotet
gptkb:TrickBot
gptkb:AZORult
gptkb:NetWire
gptkb:Agent_Tesla
RedLine Stealer
gptkbp:primaryUse malware delivery
payload downloader
gptkbp:programmingLanguage gptkb:C++
gptkbp:spreadTo malicious websites
malicious email attachments
exploit kits
gptkbp:status active
gptkbp:target individuals
organizations
financial institutions
gptkbp:usedFor credential theft
information stealing
distributing other malware
gptkbp:usesMalware Dofoil family
gptkbp:bfsParent gptkb:Dofoil
gptkbp:bfsLayer 7