mirror of https://github.com/MISP/misp-galaxy
chg [tool] Add DarkGate
Source: https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>pull/859/head
parent
a32b5eb666
commit
37954a84f1
|
@ -10601,7 +10601,29 @@
|
||||||
],
|
],
|
||||||
"uuid": "7b002b6e-442c-4c0a-b173-873820c7c731",
|
"uuid": "7b002b6e-442c-4c0a-b173-873820c7c731",
|
||||||
"value": "VENOMBITE"
|
"value": "VENOMBITE"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. DarkGate makes use of legitimate AutoIt files and typically runs multiple AutoIt scripts. New versions of DarkGate have been advertised on a Russian language eCrime forum since May 2023.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://0xtoxin.github.io/threat%20breakdown/DarkGate-Camapign-Analysis/",
|
||||||
|
"https://www.aon.com/cyber-solutions/aon_cyber_labs/darkgate-keylogger-analysis-masterofnone/",
|
||||||
|
"https://securelist.com/emotet-darkgate-lokibot-crimeware-report/110286/",
|
||||||
|
"https://www.zerofox.com/blog/the-underground-economist-volume-3-issue-12/",
|
||||||
|
"https://decoded.avast.io/janrubin/meh-2-2/",
|
||||||
|
"https://decoded.avast.io/janrubin/complex-obfuscation-meh/",
|
||||||
|
"https://www.fortinet.com/blog/threat-research/enter-the-darkgate-new-cryptocurrency-mining-and-ransomware-campaign"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"Meh"
|
||||||
|
],
|
||||||
|
"type": [
|
||||||
|
"Loader"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "978e5adc-e6e4-49a9-822f-0c130ac983a3",
|
||||||
|
"value": "DarkGate"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 168
|
"version": 169
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue