216.73.216.233

Smoke Loader

The MITRE Corporation · Published 18/04/2018 19:59 · Modified 27/03/2026 01:03 Family

Essential information

Confidence
100/100
Is family
Yes
Published
18/04/2018 19:59
Modified
27/03/2026 01:03
Revoked
No
Author / Source
The MITRE Corporation
Related entities
29 attack patterns (mitre), 2 countries, 22 indicators

Aliases

Dofoil

Description

[Smoke Loader](https://attack.mitre.org/software/S0226) is a malicious bot application that can be used to load other malware. [Smoke Loader](https://attack.mitre.org/software/S0226) has been seen in the wild since at least 2011 and has included a number of different payloads. It is notorious for its use of deception and self-protection. It also comes with several plug-ins. (Citation: Malwarebytes SmokeLoader 2016) (Citation: Microsoft Dofoil 2018)

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.