Darkrace

Malware updated 3 hours ago (2024-11-21T10:32:24.911Z)
Download STIX
Preview STIX
DarkRace, a malicious software (malware), emerged in mid-2023 as a ransomware variant using tactics similar to the LockBit lineage. This was after the LockBit source code was leaked by a developer from the ransomware group in September 2022. DarkRace employed a double extortion method, holding stolen files for ransom while also demanding a ransom for a decryption tool. The malware specifically targeted data sources storing administrative files like PDFs and document scans, which often contained sensitive personal and financial information. This intensified the pressure on victims, as reported by cybersecurity firm Cyble in June 2023. In May 2023, the malware underwent rebranding and adopted the name DarkRace. It was observed that DarkRace used a very similar ransom note and had the same configuration file as its predecessor, indicating a possible link between the two. However, it remains unclear whether the same developers or operators were behind both variants. By February 2024, DarkRace may have been rebranded again under the name DoNex, according to findings reported by the SANS Institute. DoNex first appeared in the threat landscape in April 2022, and it closely resembled samples previously used by the DarkRace group, suggesting a potential connection. Despite these developments, by early 2024, DarkRace's data leak site had gone dark, listing only two victims. The continuous evolution and rebranding of this malware strain underline the persistent and evolving threat posed by ransomware to data security.
Description last updated: 2024-11-21T10:29:40.647Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Donex is a possible alias for Darkrace. DoNex is a form of malware, specifically ransomware, known for its harmful effects on computer systems and data. This malicious software infiltrates systems often through suspicious downloads, emails, or websites, subsequently stealing personal information, disrupting operations, or holding data hos
5
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Darkrace. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit Unspecified
4
The Helldown Malware is associated with Darkrace. Helldown, a malware intrusion set that first surfaced in August 2024, is causing significant concern in the cybersecurity community. Initially known for targeting Windows systems, the Helldown group has expanded its operations to include VMware ESX servers and Linux environments. According to a repoUnspecified
2
Source Document References
Information about the Darkrace Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more