chg [tool] Add DarkGate

Source: https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
pull/859/head
Jürgen Löhel 2023-08-23 11:53:25 +02:00
parent a32b5eb666
commit 37954a84f1
No known key found for this signature in database
GPG Key ID: 54E44C4D345DD098
1 changed files with 23 additions and 1 deletions

View File

@ -10601,7 +10601,29 @@
], ],
"uuid": "7b002b6e-442c-4c0a-b173-873820c7c731", "uuid": "7b002b6e-442c-4c0a-b173-873820c7c731",
"value": "VENOMBITE" "value": "VENOMBITE"
},
{
"description": "First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. DarkGate makes use of legitimate AutoIt files and typically runs multiple AutoIt scripts. New versions of DarkGate have been advertised on a Russian language eCrime forum since May 2023.",
"meta": {
"refs": [
"https://0xtoxin.github.io/threat%20breakdown/DarkGate-Camapign-Analysis/",
"https://www.aon.com/cyber-solutions/aon_cyber_labs/darkgate-keylogger-analysis-masterofnone/",
"https://securelist.com/emotet-darkgate-lokibot-crimeware-report/110286/",
"https://www.zerofox.com/blog/the-underground-economist-volume-3-issue-12/",
"https://decoded.avast.io/janrubin/meh-2-2/",
"https://decoded.avast.io/janrubin/complex-obfuscation-meh/",
"https://www.fortinet.com/blog/threat-research/enter-the-darkgate-new-cryptocurrency-mining-and-ransomware-campaign"
],
"synonyms": [
"Meh"
],
"type": [
"Loader"
]
},
"uuid": "978e5adc-e6e4-49a9-822f-0c130ac983a3",
"value": "DarkGate"
} }
], ],
"version": 168 "version": 169
} }