DarkGate
· Published 21/12/2025 01:58 · Modified 21/12/2025 04:30
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 01:58
- Modified
- 21/12/2025 04:30
- Updated at
- 21/12/2025 04:30
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 4 reports, 53 attack patterns (mitre), 2 malware, 3 sectors, 1 countries, 139 indicators, 2 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (4)
-
1 CVE 18 MITREs 1 Malware 37 Observables 1 APT
-
9 MITREs 1 Malware 12 Observables 1 APT
-
9 MITREs 1 Malware 11 Observables 1 APT
-
17 MITREs 1 Malware 15 Observables 1 APT
Attack patterns (MITRE) (53)
-
T1539 usesSteal Web Session Cookie MITRE
-
T1053.005 usesScheduled Task MITRE
-
T1003 usesOS Credential Dumping MITRE
-
T1484 usesDomain or Tenant Policy Modification MITRE
-
T1010 usesApplication Window Discovery MITRE
-
T1115 usesClipboard Data MITRE
-
T1071 usesApplication Layer Protocol MITRE
-
T1562.001 usesDisable or Modify Tools MITRE
-
T1041 usesExfiltration Over C2 Channel MITRE
-
T1219 usesRemote Access Tools MITRE
-
T1552 usesUnsecured Credentials MITRE
-
T1497.001 usesSystem Checks MITRE
Malware (2)
-
DarkGate usesFamily
-
DarkGate - S1111 usesFamily
Sectors (3)
-
Healthcare targets
-
Telecommunications targets
-
Technology targets
Countries (1)
-
United States of America targets
Indicators (139)
-
acad12dd611551ee4cdfd9fba7dd06c1f6a7c4d8cd8619cbbafa3d8f88bde910indicates -
stix 100/100 Revoked
VirTool:Win32/DelfInject.gen!CP
· Valid until 09/09/2025 · Source: AlienVault -
9a2a855b4ce30678d06a97f7e9f4edbd607f286d2a6ea1dde0a1c55a4512bb29indicates -
209c9c9bf25a922e62163f8d2d525b046b345d14c29bdfac0a05c83706052d93indicates -
2384abde79fae57568039ae33014184626a54409e38dee3cfb97c58c7f159e32indicates -
6bc0a512fa3d69c724c2a0aaea8f915795f9c0ef68617dbd32d3b78ee5cddc06indicates -
feeddfb2a7cc4945eaedd8f75907c42ff097252c3e38d7ef2006bd7a191f09aeindicates -
2bf6b1dcb11e7e32b353e0c135aca9c979177d14aa9834119cd8e4c1a5b08562indicates -
http://diveupdown.com/hlsxaifpindicates -
b15e4b4fcd9f0d23d902d91af9cc4e01417c426e55f6e0b4ad7256f72ac0231aindicates -
f8fcf37ab1e391d1809c4b5baf00d669c4263682d99230432c5199bde5914a60indicates
Vulnerabilities (CVE) (2)
10.0
Critical
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges …
- Attack vector
- Network
- Published
- 12/04/2024
- Modified
- 21/12/2025
8.8
High
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their …
- Attack vector
- Network
- Published
- 14/11/2023
- Modified
- 21/12/2025