ioc[.]one - OSINT Cyber Threat Intelligence Database

DarkGate malware campaign

Tags

cmtmf-attack-pattern:	Code Injection
country:	India Vietnam U.S. Virgin Islands
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Code Injection - T1540 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Dynamic Dns - T1311 Dynamic Dns - T1333 Hardware - T1592.001 Ip Addresses - T1590.005 Malicious File - T1204.002 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	e6f8d4a7-d47a-466c-a862-1e621a9513b2
Fingerprint	3c708a2365ef86b1
Analysis status	IN_PROGRESS
Considered CTI value	0
Text language
Published	Aug. 4, 2023, midnight
Added to db	Oct. 24, 2023, 1:06 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	DarkGate malware campaign
Title	DarkGate malware campaign
Detected Hints/Tags/Attributes	87/4/149

Source URLs

	Redirection	Url
Details	Source	https://labs.withsecure.com/publications/darkgate-malware-campaign

URL Provider

Details	Provider	Source level domain
Details	withsecure.com	labs.withsecure.com

Attributes

Details	Type	#Events	Value
Details	Domain	3	g2.by
Details	Domain	194	drive.google.com
Details	Domain	4	sanibroadbandcommunicton.duckdns.org
Details	Domain	3	alianzasuma.com
Details	Domain	29	duckdns.org
Details	Domain	1	repair.zip
Details	Domain	112	docs.google.com
Details	Domain	28	dl.dropboxusercontent.com
Details	Domain	1	new-products-and-detailed-project-information.18-7.zip
Details	Domain	2	public.boxcloud.com
Details	Domain	1	apisdata.xyz
Details	Domain	31	onedrive.live.com
Details	Domain	1	groww.zip
Details	Domain	1	rvth800.zip
Details	Domain	7	2023.zip
Details	Domain	1	documentation.13-7.zip
Details	File	12	4.zip
Details	File	93	curl.exe
Details	File	29	autoit3.exe
Details	File	3	products.txt
Details	File	45	1.zip
Details	File	6	products.pdf
Details	File	2	description.docx
Details	File	1	marshall.docx
Details	File	1	job-description.pdf
Details	File	34	license.txt
Details	File	1	redline.exe
Details	File	1	job_description_ecommerce_marketing_manager.pdf
Details	File	1	fbads.exe
Details	File	1	jd_digital_marketing_specialist.pdf
Details	File	11	www.exe
Details	File	2	no_halt_7891.msi
Details	File	1	no_sec_no_startup51.msi
Details	File	1	persist.msi
Details	File	1	startup_persist_no_halt2840.msi
Details	File	1	ais_to_sign.msi
Details	File	1	error_no_decoy_2840.msi
Details	File	1	all_enabled_vm_enabled7891.msi
Details	File	1	ais_binded_moderate_halt_vm_enabled_2840.msi
Details	File	1	twitter.msi
Details	File	1	no_halt_opts_enabled.msi
Details	File	3	2.jpeg
Details	File	1	lostitems_pictures_archive.zip
Details	File	7	1.jpeg
Details	File	1	c:\users\user\appdata\local\temp\u14xjkhe.ep
Details	File	1	new_kpi.pdf
Details	File	1	new_kpi.zip
Details	File	1	repair.zip
Details	File	4	2023.rar
Details	File	2125	cmd.exe
Details	File	1	pdf-salary-and-products.pdf
Details	File	1	18-7.zip
Details	File	1	agency.docx
Details	File	1	products_new_list_2023.zip
Details	File	1	groww.zip
Details	File	1	rvth800.zip
Details	File	9	2023.zip
Details	File	1	13-7.zip
Details	File	1	13-7.vbs
Details	File	1	04f4a0c40bc6c16441a1ca4c6.exe
Details	File	5	2.vbs
Details	File	1	c:\users\user\appdata\local\temp\fsvauhmm.msi
Details	File	1	c:\users\user\appdata\local\temp\wfmttqfapcohe.msi
Details	File	1	c:\users\user\appdata\local\temp\xzhgnxpf.vbs
Details	File	1	c:\windows\installer\598646.msi
Details	File	2	project.vbs
Details	File	2	new.vbs
Details	File	1	description.vbs
Details	File	1	description123.vbs
Details	File	1	oppyvyah.exe
Details	File	1	sussy.msi
Details	File	15	test.bat
Details	File	10	1.vbs
Details	File	1	8.vbs
Details	File	1	commission.vbs
Details	File	1	7.vbs
Details	md5	1	f5561472c4dfbfd7314c1c287683afd5
Details	sha256	1	2c6af12f603743fcc3effdc24783c969c906816960fbfbf012974fc04722a679
Details	sha256	1	e0d1b1b166ba025c918335b3733d908bb89ecbce776ee273941bfa38acbba765
Details	sha256	1	e877f6398a85e428256352d6a82f4219eed939404a00aaeec9a98eb35a3e518f
Details	sha256	1	810e332e43e812aeb8aabca6bd0d00b693d20cbb61f486be28ce1287a337a4fa
Details	sha256	1	e5b8de9d983f635947c25183efc9b490cf185388634cf937426e3cd1235b250e
Details	sha256	1	ed362c7417996deec5ba3b2f41e0b0f907d701aea8b403cf3fa4050cbe3a21b6
Details	sha256	1	86717824da845b1537fb24583dd9825be1ea8e032d3f5758357d1da615e82567
Details	sha256	1	12b5711ace38966a9a6767fc331f835a3ee5b68d0f901aabf2c5d069d46f7b44
Details	sha256	1	a959814cc4017c5c14969addb80c6967c8ad20650896005e4dd22d5dc54da614
Details	sha256	1	876ec4b014e5779d81af67d04fbb50ccfd965dcb8ea3283cdcb3817e8543c593
Details	sha256	1	d80213cf11a387d8a443c022a8e46e1c881f319c966113a2d3cc565af665ca2c
Details	sha256	1	cfc2a67960e2195ec06fc923122bf4a4ce6f4c734801914b1ff250abb564b398
Details	sha256	1	f7cdbc96f1841f378706d0d609b29999d202801403807c23ac89c63224314d09
Details	sha256	1	2f2f9dc5b8dcce5c9f1261b8d693218017cf348240284820359cd8e86794b282
Details	sha256	1	a5cccdf086c63bea47a509c683e7b4214d1a2be0522fc835788887117e92d41a
Details	IPv4	1	103.14.48.247
Details	IPv4	1	10.0.51.0
Details	IPv4	6	80.66.88.145
Details	IPv4	2	162.243.71.6
Details	IPv4	4	5.34.178.21
Details	IPv4	4	149.248.0.82
Details	IPv4	4	179.60.149.3
Details	IPv4	3	185.143.223.64
Details	IPv4	6	5.188.87.58
Details	IPv4	1	117.0.194.195
Details	IPv4	1	144.76.111.91
Details	IPv4	1	158.160.81.26
Details	IPv4	2	167.114.199.65
Details	IPv4	2	178.33.94.35
Details	IPv4	1	185.141.60.18
Details	IPv4	1	46.173.215.132
Details	IPv4	1	66.42.63.27
Details	IPv4	1	82.117.252.140
Details	IPv4	4	89.248.193.66
Details	IPv4	2	94.228.169.123
Details	IPv4	2	94.228.169.143
Details	Url	2	https://g2.by/jd-corsair
Details	Url	2	http://80.66.88.145:7891
Details	Url	1	http://80.66.88.145:9999
Details	Url	2	http://162.243.71.6/no_halt_7891.msi
Details	Url	1	http://162.243.71.6/no_sec_no_startup51.msi
Details	Url	1	http://162.243.71.6/persist.msi
Details	Url	1	http://162.243.71.6/startup_persist_no_halt2840.msi
Details	Url	1	http://80.66.88.145:2840
Details	Url	1	http://162.243.71.6/ais_to_sign.msi
Details	Url	1	http://80.66.88.145:2351
Details	Url	1	http://80.66.88.145:2841
Details	Url	1	http://162.243.71.6/error_no_decoy_2840.msi
Details	Url	1	http://162.243.71.6/all_enabled_vm_enabled7891.msi
Details	Url	1	http://162.243.71.6/ais_binded_moderate_halt_vm_enabled_2840.msi
Details	Url	1	http://5.34.178.21:2351
Details	Url	1	http://5.34.178.21:81/files/twitter.msi
Details	Url	1	http://5.34.178.21:9999
Details	Url	1	http://149.248.0.82:2351
Details	Url	1	http://149.248.0.82:9999
Details	Url	1	http://162.243.71.6/no_halt_opts_enabled.msi
Details	Url	1	http://179.60.149.3:9999
Details	Url	1	http://179.60.149.3:2351
Details	Url	1	http://185.143.223.64:2351
Details	Url	1	http://sanibroadbandcommunicton.duckdns.org:5864
Details	Url	1	http://sanibroadbandcommunicton.duckdns.org:9999
Details	Url	1	https://alianzasuma.com/wzxfh
Details	Url	1	http://alianzasuma.com/wzxfh
Details	Url	2	http://5.188.87.58:2351
Details	Url	7	https://docs.google.com
Details	Url	1	https://dl.dropboxusercontent.com/[…]/pdf-salary-and-products.pdf?[
Details	Url	1	https://dl.dropboxusercontent.com/[…]/new-products-and-detailed-project-information.18-7.zip?[
Details	Url	14	https://drive.google.com
Details	Url	1	https://dl.dropboxusercontent.com
Details	Url	1	http://149.248.0.82:2351/msiyfucokvo
Details	Url	1	http://149.248.0.82:2351/yfucokvo
Details	Url	1	http://149.248.0.82