Alias Description | Votes |
---|---|
Darkcasino is a possible alias for Darkgate. DarkCasino is a threat actor that has recently emerged in the cybersecurity landscape. As a malicious entity, it's responsible for executing actions with potentially harmful intent. The nature of such entities can range from individual hackers to more organized groups affiliated with private compani | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The QakBot Malware is associated with Darkgate. Qakbot is a type of malware, or malicious software, that infiltrates computer systems to exploit and damage them. This harmful program can infect devices through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt ope | Unspecified | 6 |
The Ducktail Malware is associated with Darkgate. "Ducktail" is a malicious software (malware) first observed in 2022, specifically designed to target Facebook business accounts. The malware was discovered by Zscaler, a leading cybersecurity firm, and it's suspected to originate from threat actors based in Vietnam. Ducktail not only infiltrates sys | Unspecified | 5 |
The Pikabot Malware is associated with Darkgate. Pikabot is a malicious software (malware) that has been used extensively by various threat groups to exploit and damage computer systems. Initially, the BlackBasta group used phishing and vishing to deliver malware types such as DarkGate and Pikabot but quickly sought alternatives for further malici | Unspecified | 5 |
The Netsupport Malware is associated with Darkgate. NetSupport is a legitimate remote access software that has been repurposed as malware by various cybercriminal groups. It has been observed in several high-profile cyber-attacks, including the Royal ransomware attack and operations conducted by former ITG23 members. The malware can infiltrate system | Unspecified | 3 |
The Lobshot Malware is associated with Darkgate. Lobshot is a stealthy remote access malware that has been used by cybercriminals, notably Russian threat actors, in various malicious campaigns. It was featured alongside other well-known malware samples like DarkGate infostealer, Ducktail, and Redline in deceptive campaigns where it was embedded in | Unspecified | 3 |
The Redline Malware is associated with Darkgate. RedLine is a type of malware, or malicious software, designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for | Unspecified | 3 |
The IcedID Malware is associated with Darkgate. IcedID is a malicious software (malware) that has been implicated in numerous cybercrime campaigns. It has been associated with other notable malware such as Qakbot, BazarLoader, CobaltStrike, Conti, Gozi, Trickbot, Quantum, Emotet, Pikabot, and SystemBC. Its distribution often involves the use of d | Unspecified | 3 |
The Lokibot Malware is associated with Darkgate. LokiBot is a malicious software, or malware, that was first reported on October 24, 2020. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, LokiBot steals personal information | Unspecified | 2 |
The Black Basta Malware is associated with Darkgate. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defenses | Unspecified | 2 |
The Qbot Malware is associated with Darkgate. Qbot, also known as Qakbot or Pinkslipbot, is a sophisticated malware that initially emerged in 2007 as a banking trojan. It has since evolved into an advanced strain used by various cybercriminal groups to infiltrate networks and prepare them for ransomware attacks. The first known use of an ITG23 | Unspecified | 2 |
The Redline Stealer Malware is associated with Darkgate. The RedLine Stealer is a formidable malware that specializes in stealthily stealing credentials and sensitive information. First documented in 2020, it has since evolved to use the Windows Communication Foundation (WCF) framework and later a REST API for network communication. This malware infects s | Unspecified | 2 |
The Emotet Malware is associated with Darkgate. Emotet is a notorious malware, short for malicious software, that is designed to exploit and damage computers or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, | Unspecified | 2 |
The Autoit Malware is associated with Darkgate. AutoIt is a type of malware, a malicious software designed to exploit and damage computers or devices. It infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, AutoIt can steal personal information, disrupt operations, or even hold data h | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Battleroyal Threat Actor is associated with Darkgate. BattleRoyal, a threat actor group, has been observed using a variety of attack channels to deliver the DarkGate remote access trojan (RAT). These include phishing emails, fake browser updates, traffic distribution systems (TDSs), malicious VBScript, steganography, and notably, a Windows SmartScreen | Unspecified | 4 |
The Water Hydra Threat Actor is associated with Darkgate. Water Hydra, also known as DarkCasino, is a threat actor group that has been exploiting the Windows SmartScreen vulnerability CVE-2024-21412 since mid-January 2024. This group has demonstrated a sophisticated attack chain, using this zero-day exploit to bypass Microsoft Defender SmartScreen and infe | Unspecified | 3 |
The UNC3944 Threat Actor is associated with Darkgate. UNC3944, also known as Scattered Spider or 0ktapus, is a notable threat actor in the cybersecurity landscape. This group primarily targets telecommunication firms and tech companies, but has expanded its operations to hospitality, retail, media, and financial services sectors. The group's modus oper | Unspecified | 2 |
The Sangria Tempest Threat Actor is associated with Darkgate. Sangria Tempest, also known as Carbon Spider, Elbrus, and FIN7, is a threat actor that has been active since 2013. In mid-November 2023, Microsoft observed Sangria Tempest using Storm-1113's EugenLoader delivered through malicious MSIX package installations. The group frequently targets the restaura | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The CVE-2024-21412 Vulnerability is associated with Darkgate. CVE-2024-21412 is a security feature bypass vulnerability in the Microsoft Windows Internet Shortcut SmartScreen. The flaw, which was exploited as a zero-day, allows attackers to bypass the SmartScreen feature that typically warns users about running unrecognized apps and files from the internet. Th | Unspecified | 4 |
The CVE-2023-36025 Vulnerability is associated with Darkgate. CVE-2023-36025 is a significant vulnerability identified in the Windows SmartScreen security feature. It was one of three zero-day vulnerabilities discovered, with the others being CVE-2023-36033, a privilege escalation vulnerability in the Windows DWM Core Library, and CVE-2023-36036, another privi | Unspecified | 2 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
InfoSecurity-magazine | a month ago | ||
DARKReading | 3 months ago | ||
Securityaffairs | 4 months ago | ||
Securityaffairs | 4 months ago | ||
DARKReading | 4 months ago | ||
DARKReading | 4 months ago | ||
Securityaffairs | 5 months ago | ||
Securityaffairs | 5 months ago | ||
Securityaffairs | 5 months ago | ||
Securityaffairs | 5 months ago | ||
Unit42 | 5 months ago | ||
Securityaffairs | 5 months ago | ||
Securityaffairs | 5 months ago | ||
Securityaffairs | 5 months ago | ||
DARKReading | 6 months ago | ||
Securityaffairs | 6 months ago | ||
Securityaffairs | 6 months ago | ||
Fortinet | 7 months ago | ||
Securityaffairs | 7 months ago | ||
Securityaffairs | 7 months ago |