ioc[.]one - OSINT Cyber Threat Intelligence Database

DarkGate Opens Organizations for Attack via Skype, Teams

Tags

cmtmf-attack-pattern:	Trusted Relationship
country:	Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Keylogging - T1056.001 Keylogging - T1417.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Tool - T1588.002 Remote Access Tools - T1219 Remote Desktop Protocol - T1076 Scripting - T1064 Trusted Relationship - T1199 Scripting

Show in Graph

Common Information

Type	Value
UUID	4cae5237-2ae4-48dd-8633-5a2b54fe4932
Fingerprint	b4a2b99985b7a74d
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 12, 2023, midnight
Added to db	Nov. 19, 2023, 12:11 a.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	DarkGate Opens Organizations for Attack via Skype, Teams
Title	DarkGate Opens Organizations for Attack via Skype, Teams
Detected Hints/Tags/Attributes	79/4/29

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_us/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Details	Source	https://www.trendmicro.com/en_se/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Details	Source	https://www.trendmicro.com/en_hk/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Details	Source	https://www.trendmicro.com/en_th/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Details	Source	https://www.trendmicro.com/en_dk/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Details	Source	https://www.trendmicro.com/en_ae/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Details	Source	https://www.trendmicro.com/en_be/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Details	Source	https://www.trendmicro.com/en_nl/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Details	Source	https://www.trendmicro.com/en_ph/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Details	Source	https://www.trendmicro.com/en_id/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Details	Source	https://www.trendmicro.com/en_ie/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Details	Source	https://www.trendmicro.com/en_ca/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Details	Source	https://www.trendmicro.com/en_gb/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Details	Source	https://www.trendmicro.com/en_no/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Details	Source	https://www.trendmicro.com/en_fi/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	119	✔	Trend Micro Research, News and Perspectives	https://feeds.feedburner.com/TrendMicroSimplySecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	4	www.skype
Details	Domain	7	reactervnamnat.com
Details	Domain	3	september.zip
Details	File	9	filename.pdf
Details	File	93	curl.exe
Details	File	376	wscript.exe
Details	File	2126	cmd.exe
Details	File	409	c:\windows\system32\cmd.exe
Details	File	14	c:\windows\system32\curl.exe
Details	File	3	zohn.exe
Details	File	29	autoit3.exe
Details	File	3	september.zip
Details	File	5	company_transformations.pdf
Details	File	2	revamped_organizational_structure.pdf
Details	File	3	position_guidelines.pdf
Details	File	4	fresh_mission_and_core_values.pdf
Details	File	5	employees_affected_by_transition.pdf
Details	File	3	hm3.vbs
Details	File	263	iexplore.exe
Details	File	2	googleupdatebroker.exe
Details	File	2	uilauncher.exe
Details	File	2	folkevognsrugbrd.exe
Details	File	2	logbackup_0.exe
Details	File	2	sdvbs.exe
Details	File	2	vaabenstyringssystem.exe
Details	File	2	sdvaners.exe
Details	File	15	dropper.exe
Details	Url	4	http://reactervnamnat.com:80
Details	Url	3	http://reactervnamnat.com:80/msimqrqcjpz