otx.alienvault.com
Open in
urlscan Pro
18.66.248.31
Public Scan
URL:
https://otx.alienvault.com/pulse/65a90dfc19a9d37bfaeb52fb
Submission: On January 19 via api from DE — Scanned from DE
Submission: On January 19 via api from DE — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× Loading... * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (260924) Suggest Edit Clone Embed Download Report Spam DETAILED ANALYSIS OF DARKGATE; INVESTIGATING NEW TOP-TREND BACKDOOR MALWARE * Created 21 hours ago by AlienVault * Public * TLP: White DarkGate is a malware that has been developed since 2017 and sold as Malware-as-a-Service. The blog looks into the malware, analysing its capabilities and how it has regained popularity due to its loader and botnet capabilities. Reference: https://medium.com/s2wblog/detailed-analysis-of-darkgate-investigating-new-top-trend-backdoor-malware-0545ecf5f606 Tags: DarkGate, backdoor, RastaFarEye Malware Family: DarkGate Att&ck IDs: T1005 - Data from Local System , T1041 - Exfiltration Over C2 Channel , T1055 - Process Injection , T1056 - Input Capture , T1057 - Process Discovery , T1068 - Exploitation for Privilege Escalation , T1070 - Indicator Removal on Host , T1071 - Application Layer Protocol , T1082 - System Information Discovery , T1083 - File and Directory Discovery , T1132 - Data Encoding , T1134 - Access Token Manipulation , T1204 - User Execution , T1217 - Browser Bookmark Discovery , T1219 - Remote Access Software , T1528 - Steal Application Access Token , T1529 - System Shutdown/Reboot , T1539 - Steal Web Session Cookie , T1547 - Boot or Logon Autostart Execution , T1555 - Credentials from Password Stores , T1560 - Archive Collected Data , T1566 - Phishing , T1496 - Resource Hijacking Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (273) * Related Pulses (138) * Comments (0) * History (0) URL (1)Other (22)IPv4 (13)FileHash-SHA256 (121)FileHash-MD5 (56)FileHash-SHA1 (56) TYPES OF INDICATORS Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses IPv4149.248.0.82command_and_controlDarkGateJan 18, 2024, 11:39:41 AM43URLhttps://s2w.incphishingJan 18, 2024, 11:39:41 AM4IPv4185.143.223.64scanning_hostJan 18, 2024, 11:39:41 AM37IPv45.188.87.58scanning_hostJan 18, 2024, 11:39:41 AM44FileHash-MD50de798cbf3bc2353f8641e5f5b138845trojanW32/InjectorJan 18, 2024, 11:39:41 AM3FileHash-MD5394f500a708c457b2a5eb4e839896c22trojanW32/InjectorJan 18, 2024, 11:39:41 AM6FileHash-MD59f3a752331bb865a82498b80ec23cdfdtrojanDarkGateJan 18, 2024, 11:39:41 AM0FileHash-SHA1d25e55d1eed18e55557ee9da7d195748dd2814f0trojanDarkGateJan 18, 2024, 11:39:41 AM0FileHash-SHA1e6b5d09de211a0e6e4f2246c14233a28851aa796trojanW32/InjectorJan 18, 2024, 11:39:41 AM3FileHash-SHA1edc5d0dc190dcd0e031e2c5b43026fd3a61caed0trojanW32/InjectorJan 18, 2024, 11:39:41 AM6 SHOWING 1 TO 10 OF 273 ENTRIES 1 2 3 4 5 ... 28 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2024 AlienVault, Inc. * Legal * Status