From Document to Script: Insides of DarkGate's Campaign

May 21, 2024, 11:37 a.m.

External References

https://community.riskiq.com/
https://otx.alienvault.com/

Description

Forcepoint researchers identified a DarkGate malware campaign where victims were sent PDF lures impersonating Intuit QuickBooks invoices from a compromised email.

Date

Published: May 21, 2024, 11:34 a.m.

Created: May 21, 2024, 11:34 a.m.

Modified: May 21, 2024, 11:37 a.m.

Indicators

smbeckwithlaw.com

amishwoods.com

amikamobile.com

affixio.com

affiliatebash.com

afcmanager.net

afarm.net

aerospaceavenue.com

adztrk.com

adventsales.co.uk

kindupdates.com

Download all indicators here!

Attack Patterns

DarkGate

T1055

T1566

T1059