From Document to Script: Insides of DarkGate's Campaign

May 21, 2024, 11:37 a.m.

Description

Forcepoint researchers identified a DarkGate malware campaign where victims were sent PDF lures impersonating Intuit QuickBooks invoices from a compromised email.

External References

https://community.riskiq.com/article/055cd342/indicators
https://otx.alienvault.com/pulse/664c86c51ea6312b9f830091
Tags
2024-05-21

Date

  • Created: May 21, 2024, 11:34 a.m.
  • Published: May 21, 2024, 11:34 a.m.
  • Modified: May 21, 2024, 11:37 a.m.

Indicators

  • smbeckwithlaw.com
  • amishwoods.com
  • amikamobile.com
  • affixio.com
  • affiliatebash.com
  • afcmanager.net
  • afarm.net
  • aerospaceavenue.com
  • adztrk.com
  • adventsales.co.uk
  • kindupdates.com
Download all indicators here!

Attack Patterns

  • DarkGate
  • T1055
  • T1566
  • T1059