DarkWatchman

Malware updated 2 months ago (2024-11-29T13:35:44.301Z)

Download STIX

Preview STIX

DarkWatchman is a sophisticated malware known for its capabilities of keylogging, collecting system information, and deploying secondary payloads. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, and even deploy additional harmful software. The malware has been associated with recent cyberattacks on Russian banks, telecom operators, logistics, and tech companies. These attacks were recorded by F.A.C.C.T., and involved hackers disguising a phishing email as a newsletter from a Russian courier delivery service. This strategy aligns with previous campaigns conducted by Hive0117, a group known for imitating official correspondence from the Russian government in their phishing emails to deliver DarkWatchman. IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117, which delivered the fileless malware DarkWatchman. This campaign was directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. The use of phishing emails mimicking conscription summons suggests a significant effort to induce a sense of urgency, further enhancing the effectiveness of the attack.

Description last updated: 2024-05-04T16:17:22.553Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Downloader

Payload

Phishing

Keylogging

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the DarkWatchman Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	XDSpy hackers attack military-industrial companies in Russia
SecurityIntelligence.com	a year ago	ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups
SecurityIntelligence.com	a year ago	Where Everything Old is New Again: Operational Technology and Ghost of Malware Past
SecurityIntelligence.com	a year ago	Hive0117 Continues Fileless Malware Delivery in Eastern Europe
SecurityIntelligence.com	a year ago	New wiper malware used against Ukranian organizations - Security Intelligence
SecurityIntelligence.com	a year ago	CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations
CERT-EU	a year ago	Cyber experts applaud White House cybersecurity plan
CERT-EU	a year ago	How the FBI Fights Back Against Worldwide Cyberattacks
CERT-EU	a year ago	How NIST Cybersecurity Framework 2.0 Tackles Risk Management
CERT-EU	a year ago	Email campaigns leverage updated DBatLoader to deliver RATs, stealers
CERT-EU	a year ago	Why keep the dual-hat arrangement between Cybercom and NSA?
CERT-EU	a year ago	Hive0117 Group Attacking Employees of Energy, Finance, & Software Industries
MITRE	2 years ago	DarkWatchman: A new evolution in fileless techniques. - Prevailion
CERT-EU	2 years ago	遠端存取木馬
CERT-EU	2 years ago	Протоколу RUSTP/UDTP обещана господдержка в рамках импортозамещения
CERT-EU	2 years ago	RuTube 9 мая снова атаковали
CERT-EU	2 years ago	В России может появиться программа защиты КИИ от нейросетевых