Statements (57)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
malware
|
| gptkbp:abilities |
plugin support
modular architecture command and control communication persistence mechanisms process injection anti-analysis techniques |
| gptkbp:alsoKnownAs |
gptkb:Sharik
gptkb:Dofoil |
| gptkbp:C2Communication |
gptkb:HTTP
gptkb:TCP HTTPS |
| gptkbp:category |
trojan
malware loader |
| gptkbp:detects |
gptkb:Kaspersky
gptkb:ESET gptkb:Symantec gptkb:Microsoft_Defender |
| gptkbp:discoveredBy |
2011
|
| gptkbp:distributedBy |
malicious websites
malicious email attachments exploit kits |
| https://www.w3.org/2000/01/rdf-schema#label |
Smoke Loader
|
| gptkbp:notable_campaign |
2018 Dofoil outbreak
|
| gptkbp:operatingSystem |
gptkb:Windows
|
| gptkbp:origin |
gptkb:Russia
|
| gptkbp:primaryUse |
malware delivery
payload downloader |
| gptkbp:programmingLanguage |
C
|
| gptkbp:target |
individuals
organizations financial institutions |
| gptkbp:usedFor |
delivering other malware
stealing information spreading banking trojans spreading ransomware |
| gptkbp:uses |
encryption
code injection plugin system credential theft DLL injection information stealing process hollowing C2 communication obfuscation registry modification anti-debugging anti-VM techniques anti-sandbox techniques payload download self-update |
| gptkbp:usesMalware |
loader
trojan dropper Dofoil family |
| gptkbp:bfsParent |
gptkb:Dofoil
|
| gptkbp:bfsLayer |
7
|