BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates [Friday, December 22, 2023]

BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates [Friday, December 22, 2023]
Report

BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates

Description :
Throughout the summer and fall of 2023, DarkGate entered the ring competing for the top spot in the remote access trojan (RAT) and loader category. It was observed in use by multiple cybercrime actors and was spread via many methods such as email, Microsoft Teams, Skype, malvertising and fake updates.

Published Created Modified
2023-12-22 09:53:14 2023-12-22 09:53:14 2023-12-22 10:04:53

Tags

Indicators

IPv4s :
  • 79.110.62.96
  • 161.35.113.58
  • 5.181.159.29
URLs :
  • http://79.110.62.96:80/Downloads/bye.zip/bye.vbs
  • http://searcherbigdealk.com:2351/msizjbicvmd
  • http://5.181.159.29:80/Downloads/evervendor.zip/evervendor.exe
  • http://searcherbigdealk.com:2351/zjbicvmd
  • https://kairoscounselingmi.com/wp-content/uploads/astra/help/pr-nv28-2023.url
  • http://5.181.159.29:80/Downloads/12.url
  • https://heilee.com/qxz3l
Domains :
  • searcherbigdealk.com
  • kairoscounselingmi.com
  • zxcdota2huysasi.com
  • heilee.com
  • nathumvida.org
Hashes :
  • 96ca146b6bb95de35f61289c2725f979a2957ce54761aff5f37726a85f2f9e77
  • 2f5af97b13b077a00218c60305b4eee5d88d14a9bd042beed286434c3fc6e084
  • 7562c213f88efdb119a9bbe95603946ba3beb093c326c3b91e7015ae49561f0f
  • ea8f893c080159a423c9122b239ec389939e4c3c1f218bdee16dde744e08188f
  • fce452bcf10414ece8eee6451cf52b39211eb65ecaa02a15bc5809c8236369a4
  • e2a8a53e117f1dda2c09e5b83a13c99b848873a75b14d20823318840e84de243
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.