2021-02-05 (FRIDAY) - SPELEVO EXPLOIT KIT (EK) SENDS SHARIK/SMOKELOADER
ASSOCIATED FILES:
- 2021-02-05-IOCs-for-Spelevo-EK-sending-SmokeLoader.txt.zip   1.0 kB   (966 bytes)
- 2021-02-05-IOCs-for-Spelevo-EK-sending-SmokeLoader.txt (1,562 bytes)
- 2021-02-05-Spelevo-EK-sends-SmokeLoader.pcap.zip   397 kB   (397,132 bytes)
- 2021-02-05-Spelevo-EK-sends-SmokeLoader.pcap (521,458 bytes)
- 2021-02-05-Spelevo-EK-and-SmokeLoader-malware-and-artifacts.zip   119 kB (118,965 bytes)
- 2021-02-05-scheduled-task-for-for-SmokeLoader.txt (3,602 bytes)
- 2021-02-05-Spelevo-EK-Flash-exploit.swf.bin (22,035 bytes)
- 2021-02-05-Spelevo-EK-landing-page.txt (39,735 bytes)
- 2021-02-05-Spelevo-EK-payload-SmokeLoader-EXE.bin (104,960 bytes)
- 2021-02-05-Spelevo-EK-second-HTML-page.txt (1,908 bytes)
NOTE:
- All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website.
IMAGES
Shown above: Traffic from the infection filtered in Wireshark.
Shown above: Alerts from the infection from Security Onion 16.04 using Squil with Sucirata and the ETPRO ruleset.
Shown above: Sharik/SmokeLoader post-infection traffic.
Shown above: Sharik/SmokeLoader persistent on an infected Windows 7 host.
Click here to return to the main page.