{
  "name": "From Document to Script: Insides of DarkGate's Campaign",
  "slug": "from-document-to-script-insides-of-darkgates-campaign",
  "description": "Forcepoint researchers identified a DarkGate malware campaign where victims were sent PDF lures impersonating Intuit QuickBooks invoices from a compromised email.",
  "published": "2024-05-21T09:34:29+00:00",
  "created_at": "2024-05-21T09:34:29+00:00",
  "modified_at": "2024-05-21T09:37:56+00:00",
  "created_at_opencti": "2024-05-21T09:34:29+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-05-21"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "smbeckwithlaw.com"
      },
      {
        "id": "",
        "name": "amishwoods.com"
      },
      {
        "id": "",
        "name": "amikamobile.com"
      },
      {
        "id": "",
        "name": "affixio.com"
      },
      {
        "id": "",
        "name": "affiliatebash.com"
      },
      {
        "id": "",
        "name": "afcmanager.net"
      },
      {
        "id": "",
        "name": "afarm.net"
      },
      {
        "id": "",
        "name": "aerospaceavenue.com"
      },
      {
        "id": "",
        "name": "adztrk.com"
      },
      {
        "id": "",
        "name": "adventsales.co.uk"
      },
      {
        "id": "",
        "name": "kindupdates.com"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:05cd583aadd9b90a",
        "name": "DarkGate",
        "slug": "darkgate"
      }
    ],
    "attack_patterns": [
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ]
  },
  "external_refs": [
    "https://community.riskiq.com/article/055cd342/indicators",
    "https://otx.alienvault.com/pulse/664c86c51ea6312b9f830091"
  ]
}