MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [tidal-software] remove duplicate from the API

pull/976/head
Alexandre Dulaunoy 2024-05-16 20:35:06 +02:00
parent 2fa94fad66
commit 1d5af5c245
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 0 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
clusters/tidal-software.json
View File

@ -5110,31 +5110,6 @@
"uuid": "39d81c48-8f7c-54cb-8fac-485598e31a55",
"value": "DarkGate"
},
{
"description": "*Operationalize this intelligence by pivoting to relevant defensive resources via the Techniques below. Alternatively, use the **Add to Matrix** button above, then overlay entire sets of capabilities from your own defensive stack to identify threat overlaps & potential gaps (watch a [60-second tutorial here](https://www.youtube.com/watch?v=4jBo3XLO01E)).*\n\nDarkGate is a commodity downloader. Researchers have often observed DarkGate samples making use of legitimate copies of AutoIt, a freeware BASIC-like scripting language, using it to run AutoIt scripts as part of its execution chain. Reports of DarkGate infections surged following the announcement of the disruption of the QakBot botnet by international authorities in late August 2023.<sup>[[Bleeping Computer DarkGate October 14 2023](/references/313e5558-d8f9-4457-9004-810d9fa5340c)]</sup> The delivery of DarkGate payloads via instant messaging platforms including Microsoft Teams and Skype was reported in September and October 2023.<sup>[[DarkGate Loader delivered via Teams - Truesec](/references/4222a06f-9528-4076-8037-a27012c2930c)]</sup><sup>[[Trend Micro DarkGate October 12 2023](/references/81650f5b-628b-4e76-80d6-2c15cf70d37a)]</sup>",
"meta": {
"owner": "TidalCyberIan",
"platforms": [
"Windows"
],
"software_attack_id": "S5266",
"source": "Tidal Cyber",
"tags": [
"84615fe0-c2a5-4e07-8957-78ebc29b4635"
],
"type": [
"malware"
]
},
"related": [
{
"dest-uuid": "28f3dbcc-b248-442f-9ff3-234210bb2f2a",
"type": "used-by"
}
],
"uuid": "7144b703-f471-4bde-bedc-e8b274854de5",
"value": "DarkGate"
},
{
"description": "[DarkTortilla](https://app.tidalcyber.com/software/35abcb6b-3259-57c1-94fc-50cfd5bde786) is a highly configurable .NET-based crypter that has been possibly active since at least August 2015. [DarkTortilla](https://app.tidalcyber.com/software/35abcb6b-3259-57c1-94fc-50cfd5bde786) has been used to deliver popular information stealers, RATs, and payloads such as [Agent Tesla](https://app.tidalcyber.com/software/304650b1-a0b5-460c-9210-23a5b53815a4), AsyncRat, [NanoCore](https://app.tidalcyber.com/software/db05dbaa-eb3a-4303-b37e-18d67e7e85a1), RedLine, [Cobalt Strike](https://app.tidalcyber.com/software/9b6bcbba-3ab4-4a4c-a233-cd12254823f6), and Metasploit.<sup>[[Secureworks DarkTortilla Aug 2022](https://app.tidalcyber.com/references/4b48cc22-55ac-5b61-b183-9008f7db37fd)]</sup>",
"meta": {