DarkWatchman

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
DarkWatchman is a sophisticated malware known for its capabilities of keylogging, collecting system information, and deploying secondary payloads. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, and even deploy additional harmful software. The malware has been associated with recent cyberattacks on Russian banks, telecom operators, logistics, and tech companies. These attacks were recorded by F.A.C.C.T., and involved hackers disguising a phishing email as a newsletter from a Russian courier delivery service. This strategy aligns with previous campaigns conducted by Hive0117, a group known for imitating official correspondence from the Russian government in their phishing emails to deliver DarkWatchman. IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117, which delivered the fileless malware DarkWatchman. This campaign was directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. The use of phishing emails mimicking conscription summons suggests a significant effort to induce a sense of urgency, further enhancing the effectiveness of the attack.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Downloader
Payload
Phishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the DarkWatchman Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
DarkWatchman: A new evolution in fileless techniques. - Prevailion
SecurityIntelligence.com
6 months ago
Hive0117 Continues Fileless Malware Delivery in Eastern Europe
CERT-EU
a year ago
遠端存取木馬
CERT-EU
a year ago
Протоколу RUSTP/UDTP обещана господдержка в рамках импортозамещения
CERT-EU
a year ago
RuTube 9 мая снова атаковали
SecurityIntelligence.com
6 months ago
CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations
CERT-EU
7 months ago
Cyber experts applaud White House cybersecurity plan
CERT-EU
8 months ago
How the FBI Fights Back Against Worldwide Cyberattacks
CERT-EU
8 months ago
Email campaigns leverage updated DBatLoader to deliver RATs, stealers
CERT-EU
8 months ago
How NIST Cybersecurity Framework 2.0 Tackles Risk Management
CERT-EU
8 months ago
Why keep the dual-hat arrangement between Cybercom and NSA?
SecurityIntelligence.com
6 months ago
ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups
CERT-EU
8 months ago
Hive0117 Group Attacking Employees of Energy, Finance, & Software Industries
SecurityIntelligence.com
6 months ago
New wiper malware used against Ukranian organizations - Security Intelligence
SecurityIntelligence.com
6 months ago
Where Everything Old is New Again: Operational Technology and Ghost of Malware Past
CERT-EU
a year ago
В России может появиться программа защиты КИИ от нейросетевых
CERT-EU
6 months ago
XDSpy hackers attack military-industrial companies in Russia