mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 14:57:18 +00:00
chg [tool] Add DarkGate
Source: https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
This commit is contained in:
parent
a32b5eb666
commit
37954a84f1
1 changed files with 23 additions and 1 deletions
|
@ -10601,7 +10601,29 @@
|
|||
],
|
||||
"uuid": "7b002b6e-442c-4c0a-b173-873820c7c731",
|
||||
"value": "VENOMBITE"
|
||||
},
|
||||
{
|
||||
"description": "First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. DarkGate makes use of legitimate AutoIt files and typically runs multiple AutoIt scripts. New versions of DarkGate have been advertised on a Russian language eCrime forum since May 2023.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://0xtoxin.github.io/threat%20breakdown/DarkGate-Camapign-Analysis/",
|
||||
"https://www.aon.com/cyber-solutions/aon_cyber_labs/darkgate-keylogger-analysis-masterofnone/",
|
||||
"https://securelist.com/emotet-darkgate-lokibot-crimeware-report/110286/",
|
||||
"https://www.zerofox.com/blog/the-underground-economist-volume-3-issue-12/",
|
||||
"https://decoded.avast.io/janrubin/meh-2-2/",
|
||||
"https://decoded.avast.io/janrubin/complex-obfuscation-meh/",
|
||||
"https://www.fortinet.com/blog/threat-research/enter-the-darkgate-new-cryptocurrency-mining-and-ransomware-campaign"
|
||||
],
|
||||
"synonyms": [
|
||||
"Meh"
|
||||
],
|
||||
"type": [
|
||||
"Loader"
|
||||
]
|
||||
},
|
||||
"uuid": "978e5adc-e6e4-49a9-822f-0c130ac983a3",
|
||||
"value": "DarkGate"
|
||||
}
|
||||
],
|
||||
"version": 168
|
||||
"version": 169
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue