diff --git a/clusters/tidal-software.json b/clusters/tidal-software.json index 2325240d..53003865 100644 --- a/clusters/tidal-software.json +++ b/clusters/tidal-software.json @@ -5110,31 +5110,6 @@ "uuid": "39d81c48-8f7c-54cb-8fac-485598e31a55", "value": "DarkGate" }, - { - "description": "*Operationalize this intelligence by pivoting to relevant defensive resources via the Techniques below. Alternatively, use the **Add to Matrix** button above, then overlay entire sets of capabilities from your own defensive stack to identify threat overlaps & potential gaps (watch a [60-second tutorial here](https://www.youtube.com/watch?v=4jBo3XLO01E)).*\n\nDarkGate is a commodity downloader. Researchers have often observed DarkGate samples making use of legitimate copies of AutoIt, a freeware BASIC-like scripting language, using it to run AutoIt scripts as part of its execution chain. Reports of DarkGate infections surged following the announcement of the disruption of the QakBot botnet by international authorities in late August 2023.[[Bleeping Computer DarkGate October 14 2023](/references/313e5558-d8f9-4457-9004-810d9fa5340c)] The delivery of DarkGate payloads via instant messaging platforms including Microsoft Teams and Skype was reported in September and October 2023.[[DarkGate Loader delivered via Teams - Truesec](/references/4222a06f-9528-4076-8037-a27012c2930c)][[Trend Micro DarkGate October 12 2023](/references/81650f5b-628b-4e76-80d6-2c15cf70d37a)]", - "meta": { - "owner": "TidalCyberIan", - "platforms": [ - "Windows" - ], - "software_attack_id": "S5266", - "source": "Tidal Cyber", - "tags": [ - "84615fe0-c2a5-4e07-8957-78ebc29b4635" - ], - "type": [ - "malware" - ] - }, - "related": [ - { - "dest-uuid": "28f3dbcc-b248-442f-9ff3-234210bb2f2a", - "type": "used-by" - } - ], - "uuid": "7144b703-f471-4bde-bedc-e8b274854de5", - "value": "DarkGate" - }, { "description": "[DarkTortilla](https://app.tidalcyber.com/software/35abcb6b-3259-57c1-94fc-50cfd5bde786) is a highly configurable .NET-based crypter that has been possibly active since at least August 2015. [DarkTortilla](https://app.tidalcyber.com/software/35abcb6b-3259-57c1-94fc-50cfd5bde786) has been used to deliver popular information stealers, RATs, and payloads such as [Agent Tesla](https://app.tidalcyber.com/software/304650b1-a0b5-460c-9210-23a5b53815a4), AsyncRat, [NanoCore](https://app.tidalcyber.com/software/db05dbaa-eb3a-4303-b37e-18d67e7e85a1), RedLine, [Cobalt Strike](https://app.tidalcyber.com/software/9b6bcbba-3ab4-4a4c-a233-cd12254823f6), and Metasploit.[[Secureworks DarkTortilla Aug 2022](https://app.tidalcyber.com/references/4b48cc22-55ac-5b61-b183-9008f7db37fd)]", "meta": {