216.73.217.80

Operation Endgame: Up In Smoke

· Published 30/05/2024 17:55 · Modified 30/05/2024 18:04

Export JSON

Essential information

Published
30/05/2024 17:55
Modified
30/05/2024 18:04
Tags
2024-05-30 operation endgame smokeloader
Related entities
12 observables, 8 techniques (mitre), 1 malware

Description

A detailed technical analysis of Smoke malware loader, also known as or Dofoil, which has been operational since 2011. Smoke is primarily used to deliver second-stage malware payloads like trojans, ransomware, and information stealers, and can also deploy custom plugins for various malicious activities. The analysis covers Smoke's persistence mechanisms, network communication, and remote cleanup process, and how the international law enforcement operation 'Endgame' disrupted its infrastructure and remotely uninstalled the malware.

External references