2021-02-05 (FRIDAY) - SPELEVO EXPLOIT KIT (EK) SENDS SHARIK/SMOKELOADER

ASSOCIATED FILES:

  • 2021-02-05-IOCs-for-Spelevo-EK-sending-SmokeLoader.txt   (1,562 bytes)
  • 2021-02-05-Spelevo-EK-sends-SmokeLoader.pcap   (521,458 bytes)
  • 2021-02-05-scheduled-task-for-for-SmokeLoader.txt   (3,602 bytes)
  • 2021-02-05-Spelevo-EK-Flash-exploit.swf.bin   (22,035 bytes)
  • 2021-02-05-Spelevo-EK-landing-page.txt   (39,735 bytes)
  • 2021-02-05-Spelevo-EK-payload-SmokeLoader-EXE.bin   (104,960 bytes)
  • 2021-02-05-Spelevo-EK-second-HTML-page.txt   (1,908 bytes)

NOTE:

 

IMAGES


Shown above:  Traffic from the infection filtered in Wireshark.

 


Shown above:  Alerts from the infection from Security Onion 16.04 using Squil with Sucirata and the ETPRO ruleset.

 


Shown above:  Sharik/SmokeLoader post-infection traffic.

 


Shown above:  Sharik/SmokeLoader persistent on an infected Windows 7 host.

 

Click here to return to the main page.