Operation Endgame: Up In Smoke
May 30, 2024, 6:04 p.m.
Tags
External References
Description
A detailed technical analysis of Smoke malware loader, also known as SmokeLoader or Dofoil, which has been operational since 2011. Smoke is primarily used to deliver second-stage malware payloads like trojans, ransomware, and information stealers, and can also deploy custom plugins for various malicious activities. The analysis covers Smoke's persistence mechanisms, network communication, and remote cleanup process, and how the international law enforcement operation 'Endgame' disrupted its infrastructure and remotely uninstalled the malware.
Date
Published: May 30, 2024, 5:55 p.m.
Created: May 30, 2024, 5:55 p.m.
Modified: May 30, 2024, 6:04 p.m.
Indicators
vacantion18ffeu.cc
whxzqkbbtzvdyxdeseoiyujzs.co
trybobry.com.ua
trad-einmyus.com
nidoe.org
humman.art
gxutc2c.com
kkudndkwatnfevcaqeefytqnh.top
bethesdaserukam.org
galandskiyher5.com
akmedia.in
servermlogs27.xyz
Attack Patterns
SmokeLoader
T1060
T1136
T1548
T1070
T1574
T1547
T1543
T1566