chg [tool] Add DarkGate

Source: https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-08-23 11:53:25 +02:00 · 2023-08-23 11:53:25 +02:00 · 37954a84f1
parent a32b5eb666
commit 37954a84f1
1 changed files with 23 additions and 1 deletions
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -10601,7 +10601,29 @@
      ],
      "uuid": "7b002b6e-442c-4c0a-b173-873820c7c731",
      "value": "VENOMBITE"
+    },
+    {
+      "description": "First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. DarkGate makes use of legitimate AutoIt files and typically runs multiple AutoIt scripts. New versions of DarkGate have been advertised on a Russian language eCrime forum since May 2023.",
+      "meta": {
+        "refs": [
+          "https://0xtoxin.github.io/threat%20breakdown/DarkGate-Camapign-Analysis/",
+          "https://www.aon.com/cyber-solutions/aon_cyber_labs/darkgate-keylogger-analysis-masterofnone/",
+          "https://securelist.com/emotet-darkgate-lokibot-crimeware-report/110286/",
+          "https://www.zerofox.com/blog/the-underground-economist-volume-3-issue-12/",
+          "https://decoded.avast.io/janrubin/meh-2-2/",
+          "https://decoded.avast.io/janrubin/complex-obfuscation-meh/",
+          "https://www.fortinet.com/blog/threat-research/enter-the-darkgate-new-cryptocurrency-mining-and-ransomware-campaign"
+        ],
+        "synonyms": [
+          "Meh"
+        ],
+        "type": [
+          "Loader"
+        ]
+      },
+      "uuid": "978e5adc-e6e4-49a9-822f-0c130ac983a3",
+      "value": "DarkGate"
    }
  ],
-  "version": 168
+  "version": 169
 }