|
gptkbp:instanceOf
|
malware
|
|
gptkbp:abilities
|
modular architecture
command and control communication
persistence mechanisms
process injection
anti-analysis
|
|
gptkbp:alsoKnownAs
|
gptkb:Dofoil
|
|
gptkbp:C2Communication
|
gptkb:HTTP
HTTPS
custom protocols
|
|
gptkbp:category
|
loader
trojan
|
|
gptkbp:detects
|
gptkb:Kaspersky
gptkb:Malwarebytes
gptkb:ESET
gptkb:Symantec
gptkb:Microsoft_Defender
|
|
gptkbp:distributedBy
|
phishing emails
exploit kits
malicious macros
malvertising
drive-by downloads
|
|
gptkbp:firstAppearance
|
2011
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
SmokeLoader
|
|
gptkbp:notable_campaign
|
2018 Dofoil outbreak
multiple spam campaigns
|
|
gptkbp:operatingSystem
|
gptkb:Windows
|
|
gptkbp:origin
|
gptkb:Russia
|
|
gptkbp:payload
|
gptkb:Remcos
gptkb:Dridex
gptkb:FormBook
gptkb:LokiBot
gptkb:Pony
gptkb:Raccoon_Stealer
gptkb:Emotet
gptkb:TrickBot
gptkb:AZORult
gptkb:NetWire
gptkb:Agent_Tesla
RedLine Stealer
|
|
gptkbp:primaryUse
|
malware delivery
payload downloader
|
|
gptkbp:programmingLanguage
|
gptkb:C++
|
|
gptkbp:spreadTo
|
malicious websites
malicious email attachments
exploit kits
|
|
gptkbp:status
|
active
|
|
gptkbp:target
|
individuals
organizations
financial institutions
|
|
gptkbp:usedFor
|
credential theft
information stealing
distributing other malware
|
|
gptkbp:usesMalware
|
Dofoil family
|
|
gptkbp:bfsParent
|
gptkb:Dofoil
|
|
gptkbp:bfsLayer
|
7
|