SMOKEDHAM

MITRE

Tipo Malware:
Other

Prima attivita:
Unknown

Ultima attivita:
Unknown

Dettagli:

[SMOKEDHAM](https://attack.mitre.org/software/S0649) is a Powershell-based .NET backdoor that was first reported in May 2021; it has been used by at least one ransomware-as-a-service affiliate.(Citation: FireEye Shining A Light on DARKSIDE May 2021)(Citation: FireEye SMOKEDHAM June 2021)

Tecniche Associate (21)

ID	ATT&CK	Tattiche
T1027.009	Embedded Payloads	-
T1033	System Owner/User Discovery	-
T1041	Exfiltration Over C2 Channel	-
T1056.001	Keylogging	-
T1059.001	PowerShell	-
T1071.001	Web Protocols	-
T1082	System Information Discovery	-
T1087.001	Local Account	-
T1090.004	Domain Fronting	-
T1098.007	Additional Local or Domain Groups	-
T1102	Web Service	-
T1105	Ingress Tool Transfer	-
T1112	Modify Registry	-
T1113	Screen Capture	-
T1132.001	Standard Encoding	-

Metadata

ID:	357
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00