Dissecting Smoke Loader by Michał Praszmo.
From the post:
Smoke Loader (also known as Dofoil) is a relatively small, modular bot that is mainly used to drop various malware families.
Even though it’s designed to drop other malware, it has some pretty hefty malware-like capabilities on its own.
Despite being quite old, it’s still going strong, recently being dropped from RigEK and MalSpam campaigns.
In this article we’ll see how Smoke Loader unpacks itself and interacts with the C2 server.
…
You can go the Freedom of Information Act (FOIA) route to become an “informed citizen,” provided you don’t mind:
- Indeterminate exchanges to clarify your request
- Delays and fees by agencies
- Exemptions
- Review and editing of documents by those most interested in non-disclosure
If you had access to the agency’s files:
- No need to clarify your request
- No delays or fees by the agency
- No exemptions from disclosure
- No review and editing of requested documents to prevent disclosure
Not to mention that self-help transparency saves the agency staff time and other resources in answering your request.
The other advantage of self-help transparency is that it works with political PACs, foreign governments, corporations and a host of other groups and institutions with no FOIA traditions.
All of those are incentives for closely attending to this blog post on the Smoke Loader.
Enjoy!