Darkmoon

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Darkmoon, also known as Poison Ivy, is a notorious malware often employed in targeted attacks. As a remote access Trojan (RAT), it infiltrates systems to exploit and damage them, typically without the user's knowledge. Darkmoon can infect computers or devices through suspicious downloads, emails, or websites, subsequently stealing personal information, disrupting operations, or even holding data hostage for ransom. This malicious software has been used in numerous high-profile attacks, including those related to the G20 Summit and the Sochi Olympics. The Darkmoon malware has been identified by several codes such as Win.Trojan.DarkMoon, 7816, 7815, 7814, 7813, 12715, and 12724. Its versatility and adaptability have made it a favored tool among various groups, each of which has implemented their own modifications to the Trojan. These tailored versions of Darkmoon have been utilized in an array of cyber-attacks, demonstrating its broad applicability and potential for harm. To counteract the threats posed by Darkmoon, Symantec offers specific detections designed to protect users from this malware. By employing these defenses, individuals and organizations can safeguard their systems against the damaging effects of Darkmoon. It's crucial to remain vigilant and proactive in cybersecurity efforts, given the ever-evolving landscape of threats like Darkmoon.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Symantec
Malware
Trojan
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
PoisonIvyUnspecified
1
PoisonIvy is a malicious software (malware) known for its damaging capabilities, including stealing personal information and disrupting system operations. The malware can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it maintai
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Darkmoon Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Threat Spotlight: Group 72
MITRE
a year ago
Endpoint Protection - Symantec Enterprise