Campaigns
Smoke Loader Bill Trap

Smoke Loader Bill Trap

Smoke Loaderwin.smokeloaderUAC-0006DofoilRaccoon
Based on the Ukraine Computer Emergency Response Team (CERT-UA), the SmokeLoader malware is now spreading through a phishing campaign using traps focused on bills. A ZIP folder containing a fake document and a JavaScript file is attached to emails that the agency says were sent from hacked accounts.

Indicators of Compromise

mail.expertsconsultgh.co
test.novostroi21.ru
www.vouchshow.xyz
naturaverdebeauty.com
www.dwkapl.xyz
www.calvellirappresentanze.com
www.hezop.xyz
www.cusmose.com
specialblue.in
www.ascents.info
www.hagfiw.xyz
mail.ciscuns.coop
www.brequx.online
www.bakecamp.info
www.tugrow.top
vinetikett.com
www.bakerous.xyz
qleapinnovations.com
www.ziplapse.xyz
izmirlist.com
www.btdpipe1ine.com
rosatifragrances.co.zw
www.lightouch.life
www.traindic.top
www.purtfur.info
www.opuspring.xyz
demo.double-eleven.hk
www.xysklhgf.xyz
www.uyruio.xyz
ingitek.ru
mail.alicevik.com.tr
www.clasmiv.xyz
www.payshop.life
www.tomart.live
www.qr-api.net
cambiamarcia.net
firp.governo.ao
usxcheap.us
www.mkcrop-kr.com
03.22.2023.one
www.methicone.top
archerhall.com
realmebel.pro
www.brezop.xyz
www.whymart.info
priexports.com
www.nsggroup.it
www.merxip.online
0322.one
razarmanagement.com
www.qiopz.online
www.znbs.co.zm
tzp.com.pk
modelinfra.com
mailsdc61.ga
www.profitz.live
www.palazzocalo.com
www.tanforks.xyz
gooddreams.co.in
www.stufshop.life
mail.alnajimalzahir.com
nuljjjnuli.org
linislominyt11.at
signaturebusinesspark.com
kingscrownme.com
www.moidvain.live
simplyadvanced3.com
www.cahxary.site
mallarg.tk
gemlikotoekspertiz.com
sopush.email
winnlinne.com
quoteme.email
mb666.vip
nicehybridseeds.com
idealcustomer.net
www.copebees.online
www.vazert.xyz
teriamservice.it
himoil.com
mgffomento.com.br
www.timerity.online
oshi.at
www.koyesses.makeup
afaghehekmat.ir
bulimu55t.net
wildweep.com
jajainfo.net
teamfighttacticstools.info
zeo-unusual-activity-com.chanellelakin.ml
mail.rimiapparelsltd.com
www.hopspot.info
mail.as-print.pl
kishtoptravel.ir
tzgl.org
www.hostmart.site
buy-fantasy-gmes.com.sg
powertek.com.au
cranecenter.ru
autotintwest.com
topniemannpicksh0p.cc
lombardeamok.tk
goscale.uno
stemschools.in
novanosa5org.org
himiketiv.com
hopeforsd.org
presstheme.me
lulubandco.net
chardhesha.xyz
vladiolitrade.ru
services.com
www.sathunter.site
submit-form.com
whsddzs.com
hutnilior.net
www.dmuchanceinamioty.pl
jalocliche.xyz
technicallyjules.com
eurekabike.com
www.merop.online
4311.zip
veterantechnologysolution.com
mightys.at
dudimosa.com.mx
mail.pisc.lk
otogi-zensen.com
apajewelleryonline.com
dabcor.ca
alightpharma.com
host-data-coin-11.com
stylesheet.faseaegasdfase.com
clinicacarlosgomes.med.br
www.drevom.online
hondamotospanama.co
www.scastive.online
daynadecker.com
filtrosramirez.com
noemiaguesthouse.space
duvalle.agr.br
strofima.com
example-rooms.at.ply.gg
www.pushgit.site
www.saint444.com
seafordrotary.org.au
www.naruot.xyz
www.koyesses.site
mail.dr2marking.com
ykd-services.net
dantesport.it
winchestar.cc
source3.boys4dayz.com
cupertinochiropracticcenter.com
mail.kidobd.com
itastecoffee.com
potunulit.org
www.domight.live
sensauto.info
ads-memory.biz
www.suhosty.xyz
albacomplett.hu
discountsignandprint.co.uk
channelpi.com
cinseldunya.com
fashionexclusiveuae.com
cctvhd.co.uk
training.c1ypsilanti.org
doublestep.dance
dl.uploadgram.me
greentechnd.com
salrockfalls.com
nftmatrixed.info
o36fafs3sn6xou.com
informatify.net
www.mewzom.online
privacy-tools-for-you-782.com
retrak.co.ke
www.nbemt.xyz
creotopi.biz
hhiuew33.com
mail.jaromaxpalacehotel.com
dollybuster.at
telanganadigital.com
wfsdragon.ru
topexpertshop.com
coupvile.info
miamiwave.casa
nuluitnulo.me
minhaslaw.co.uk
k2oentertainment.com
youyouumenia5.org
guluiiiimnstra.net
agriquartiles.com
newhorizonswv.com
gschwaetz.de
moabscript.ir
uploadeonline.com
www.gawiul.xyz
piratia-life.ru
am1420wbec.com
aqwe9sfiwswpyvmj.xyz
dietcontrungquocte.com
out.ezvizv.top
mail.raouf-hotels.com
mail.blocexpert.eu
www.atrikvde.xyz
www.crtinha.xyz
mail.kenchez.com
www.gvdxop.xyz
download.one
gmart.pk
www.rtivxam.xyz
escolagirassol.com.br
www.martcash.website
experconsult.com.br
alxcl.xyz
top10-webhosting.com
bethesdaserukam.org
alaskawoods.com
polog-55212.portmap.host
hfiepqnsyosb.top
mail.kulanitech.co.za
kl-store.com
megalobster.ru
maple-mediateam.com
outdoorbuddies.org
www.gfaxtp.xyz
yenitedarikciniz.xyz
onlinehueplet.com
bansalcement.com
iklok.us
mail.dmstech.in
mail.strictfacilityservices.com
imaker.io
piratia.su
belwooddoors.by
www.boxnotrading.com
mail.clipjoint.co.nz
hoellooooo.ga
smtp.nutiribio.com
www.anrovlp.xyz
mail.rapidcheckng.com
ofriaransim.shop
v.xyzgamev.com
vacanzeposada.it
bururutu44org.org
i.xyzgamei.com
www.pubfive.xyz
hadujaza.com
www.ytumz.xyz
koruma.com
www.lorsize.xyz
1219844918.one
eagleconstructiontn.com
glse.ru
motorconggiare.com
dll1.stdcdn.com
www.firmart.info
www.213221321.com
kgef.org.in
jaslyimpex.com
www.tes5ci.com
festival.robingaster.com
smgqnt3eixxksasu.xyz
rel-ton.com
mail.mktron.in
freeshmex.at
spbdg.ru
laptoplampung.com
www.jumtix.xyz
nahbleiben.at
www.mentospk.online
www.zugaro.xyz
deficulintersun.com
daca.hostedwebsitesystem.com
solution.co.kr
wexno.us
dal-d.com
krigenpharmaceuticals.com
download.me
lenmondscheinart.com
www.markmarket.live
tech4herafrica.com
isaahdaniels.com
www.fatsecing.xyz
nyaonjs.com
newtrp.com
www.mannnheim.com
heladosrico.com
chuwi.co.th
fewifasoc.com
nanavatisworld.com
1948ardithdr.com
thealtilium.com
ggg-cl.biz
careerguide4u.online
hybridpro.com
fastlanehelp.org
dmall-online.com
www.kjkpropertysolutions.com
cycleis.space
hyper.vote
www.genmanty.site
www.pitmarpay.xyz
discountsignandprint.co
looksno.email
onlinejanitorialservices.co
simplyadvanced2.com
toa.mygametoa.com
aqua-me.ae
www.rijnaq.xyz
mrfienberg123.com
bizbhutanevents.com
www.fashiontwin.info
sullivanbodhrans.com
app.padhaaku.co.in
allejee.com
ahhuakelong.com
application.pdf.zip
buy-fantasy-fo0tball.com.sg
flexnetinformatica.com.br
www.shapshit.xyz
eco-bottega.it
www.hampyko.online
www.haremp.xyz
exploretheneverb4.org
www.doyuip.xyz
ntre.com
birthday-messages.info
feurofood.com
www.waishow.website
finbelportal.com
womeninpublishing.org
1ntershippingp.co
apipauy.com
mail.icecleancare.com
stoneliquidators.net
svartalfheim.top
joyfashionhouse.com
www.sxhxrj.com
darcoltd.com
indieliving.com.au
conceitosseg.com
gohanamudrika.com
mail.mayann.co
achroweng.com
www.vieop.online
rgyui.top
banhamm.com
fivemonitoring.com
yjaton.cf
www.solisdq.info
gawahimission.org
hpvtvacuum.com
jackytpload.su
linensense.ca
isgci.com
dowe.at
ozentekstil.com
20221412042.zip
enter-me.xyz
www.mtevz.online
panel.erbium.ml
imprintboutiques.com
egsagl.com
hoorgostaran.ir
akmedia.in
www.gadpuch.website
allorausa.com
liubertiyyyul.net
efficiency.bar
tg8.cllgxx.com
appiglobal.es
www.fitwatz.online
www.mfoles.xyz
www.paymallmart.info
afzalelectronics.com.pk
mail.mercamaq.com.br
www.wordybag.online
www.fellasies.com
bahreloutour.com
mordo.ru
authymysexy.info
one-wedding-film.com
ewsrtdy.ga
integrasidata.com
multiservicon.com
mail.galaxybreakdown.co.za
acropol.lk
www.chopchity.site
fc92000.com
anli.com.mx
www.lalalanowa.info
b2bproject.org
www.magenx2.info
www.peiphitan.com
mail.ppecindia.com
avpqsnyw3.cf
hulimudulinu.net
www.vertiboard.live
bakkermadewithlove.com
jotunheim.name
tuners.top
tdesktop.tg
stalnnuytyt.org
o339ku32b3yk26.com
fennsports.com
www.lobefood.site
qusiny.com
riaxion.tech
mail.siriexergy.com
heidi-blog.com
khusifoundation.com
all-smart-green.com
kazan-oil.ru
www.paupocket.online
www.ringdrive.website
mail.nec-eg.com
holisticfacades.com.ng
smtp.darnfoss.com
cartillawetaxi.com
lifehackingcoach.com
ns2.wrsc.org
yadavarionline.ir
extintoresadok.com
jaautotrade.com
www.moldstones.com
webmail.syindac.com
golositalia.ae
advancesimpley1.com
formbold.com
fresherlights.com
xisac.com
dkgmobiles.com
frwx.ml
baocaosubacninh.com
www.ontexz.online
www.loudesios.com
furnitureplus.com.pk
signswarehouse.co.uk
satursuions.cc
joewhitepsychology.com
glowflective.com
amhcdgroup.com
www.1dglabel.com
azilominehostz.xyz
mupsin.ru
clipper.guru
alemadistones.com
imperatoria.ro
www.cunnters.com
simplyadvanced4.com
sempersim.su
o391tckjywmtj0.com
meta-zone-1.ru
www.dupaxi.xyz
mail.pumaelektrik.com
tavares.re
mail.vrgenergy.com
real-enter-solutions.xyz
simplyadvanced1.com
acacaca.org
skinndia.com
c3g6gx853u6j.xyz
soccerbin.com
delhi-escorts-services.in
symantecuptimehost.com
www.laserowakasia.pl
ascentech.co
cletonmy.com
spaldingcompanies.com
metazone1.com
www.ytorly.xyz
martinamilligan.co.business
www.nrwolff.com.br
file-coin-host-12.com
furubujjul.net
mail.impressive-edge.com
ppp-gl.biz
mail.expostore.pk
reosio.com
kartonskekutije.net
legalpath.in
mail.mdist.us
www.hurloic.xyz
soryytlic4.net
www.blendeqes.com
www.fdtyop.xyz
uaery.top
linkboosterz.com
huntingfieldlodge.com.au
instelator-center.co.il
www.delxom.xyz
vertexspor.com
www.notbokin.online
lettercreate.com
entecene.co.kr
download.pro
mail.bosphoreqroup.com
appwebstat.biz
connectini.net
www.seculw.xyz
www.fluttering.info
ginta.link
www.dom.lk
noblecreativeaz.com
www.potifitz.site
patchlinks.com
guvnorsnyc.com
gc-distribution.biz
www.trademart.life
alpatrik.com
www.userflo.top
www.lastsummercog.com
www.usmarketing.top
host-file-host6.com
host-host-file8.com
www.eroptik.online
islamic-city.com
kokoko-24.online
nvulukuluir.net
www.nasvour.top
mail.elec-qatar.com
design.com
tagveam.ml
antonellatraino.com
www.urivancy.xyz
112building.com
licensingplans.com
www.cvbiop.xyz
vatra.at
geoandeanlog.com
racyroyalcoin.com
highlandhillsmc.net
www.mawelk.xyz
meta-zone-1.online
latinballroom.com.au
gojobs.in
heliumsolar.in
smartbubox.com
www.urvap.online
gulutina49org.org
koreamonitoring.com
dinizpneus.com.br
reoseio.com
remik-franchise.ru
all-mobile-pa1ments.com.mx
www.tacosmina.info
cracker.biz
www.hexopb.xyz
gamer-shop.hu
privacy-tools-for-you-791.com
www.superios.info
www.ftgam.xyz
www.blemchi.xyz
ftp.valvulasthermovalve.cl
qhuxon.gq
www.slebuild.com
hevital.fun
1603.one

APT Groups2

SMOKY SPIDER
TA505Russian Federation
Gold EvergreenChimborazoATK 103Gold TahoeGraceful SpiderSpandex TempestSectorJ04TA505Hive0065TEMP.Warlock

Campaign Guidance

Remediation, mitigation, notes, history and related intelligence

Remediations
Security experts have determined that Smoke Loader is a trojan (malware). It gets dropped on your system or downloaded while you browse the internet. This security threat can perform a number of malicious actions on your machine at the manufacturer's choice.

If you are still not sure that your computer is infected with malware, check your computer for common signs of this infection:
your browser shows ads you've never seen before; Chrome, MS Edge, Internet Explorer and Firefox show lots of unwanted ads; browser settings such as homepage and search engine were hijacked; your antivirus detects an infection; Internet connection can be slow.

The Smoke Loader virus can steal your private information such as your IP address, what web page you are currently viewing, what you search for on the Internet, which links you click, and much more. This virus can monetize its functionality by collecting data from your browsing sessions and selling it to third-party companies. This puts your personal information at security risk.

Reports & References1

Observed Countries250

AD (153)
AE (546)
AF (713)
AG (38)
AI (88)
AL (885)
AM (969)
AO (937)
AQ (440)
AR (181)
AS (919)
AT (925)
AU (248)
AW (305)
AX (170)
AZ (443)
BA (631)
BB (191)
BD (952)
BE (667)
BF (607)
BG (549)
BH (516)
BI (813)
BJ (216)
BL (841)
BM (593)
BN (89)
BO (638)
BQ (15)
BR (432)
BS (896)
BT (499)
BV (672)
BW (90)
BY (890)
BZ (342)
CA (602)
CC (758)
CD (783)
CF (219)
CG (245)
CH (80)
CI (77)
CK (486)
CL (766)
CM (857)
CN (736)
CO (430)
CR (950)
CU (691)
CV (217)
CW (327)
CX (285)
CY (492)
CZ (192)
DE (447)
DJ (152)
DK (881)
DM (334)
DO (967)
DZ (561)
EC (172)
EE (174)
EG (422)
EH (14)
ER (927)
ES (678)
ET (668)
FI (594)
FJ (807)
FK (542)
FM (614)
FO (831)
FR (378)
GA (809)
GB (859)
GD (161)
GE (195)
GF (818)
GG (180)
GH (673)
GI (235)
GL (470)
GM (210)
GN (344)
GP (311)
GQ (911)
GR (184)
GS (142)
GT (154)
GU (734)
GW (131)
GY (372)
HK (990)
HM (545)
HN (497)
HR (740)
HT (553)
HU (72)
ID (903)
IE (634)
IL (796)
IM (315)
IN (24)
IO (389)
IQ (109)
IR (563)
IS (907)
IT (850)
JE (340)
JM (113)
JO (879)
JP (155)
KE (780)
KG (619)
KH (511)
KI (593)
KM (617)
KN (679)
KP (415)
KR (25)
KW (714)
KY (167)
KZ (340)
LA (680)
LB (776)
LC (1)
LI (894)
LK (894)
LR (580)
LS (164)
LT (710)
LU (381)
LV (956)
LY (608)
MA (75)
MC (861)
MD (421)
ME (124)
MF (281)
MG (508)
MH (113)
MK (145)
ML (684)
MM (19)
MN (199)
MO (836)
MP (651)
MQ (694)
MR (53)
MS (573)
MT (340)
MU (225)
MV (666)
MW (212)
MX (677)
MY (812)
MZ (420)
NA (251)
NC (375)
NE (626)
NF (646)
NG (224)
NI (166)
NL (293)
NO (690)
NP (9)
NR (608)
NU (996)
NZ (641)
OM (490)
PA (44)
PE (210)
PF (316)
PG (665)
PH (556)
PK (424)
PL (765)
PM (33)
PN (632)
PR (553)
PS (902)
PT (416)
PW (858)
PY (348)
QA (975)
RE (829)
RO (108)
RS (40)
RU (299)
RW (634)
SA (977)
SB (72)
SC (257)
SD (135)
SE (143)
SG (266)
SH (642)
SI (740)
SJ (225)
SK (617)
SL (48)
SM (685)
SN (772)
SO (950)
SR (388)
SS (526)
ST (816)
SV (339)
SX (97)
SY (94)
SZ (797)
TC (7)
TD (561)
TF (313)
TG (227)
TH (355)
TJ (673)
TK (236)
TL (580)
TM (950)
TN (758)
TO (577)
TR (88)
TT (275)
TV (382)
TW (25)
TZ (795)
UA (630)
UG (362)
UM (806)
US (994)
UY (528)
UZ (840)
VA (768)
VC (114)
VE (881)
VG (301)
VI (114)
VN (489)
VU (733)
WF (606)
WS (867)
XK (979)
YE (778)
YT (421)
ZA (791)
ZM (624)
ZW (366)