DarkWatchman

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

DarkWatchman is a sophisticated malware known for its capabilities of keylogging, collecting system information, and deploying secondary payloads. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, and even deploy additional harmful software. The malware has been associated with recent cyberattacks on Russian banks, telecom operators, logistics, and tech companies. These attacks were recorded by F.A.C.C.T., and involved hackers disguising a phishing email as a newsletter from a Russian courier delivery service. This strategy aligns with previous campaigns conducted by Hive0117, a group known for imitating official correspondence from the Russian government in their phishing emails to deliver DarkWatchman. IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117, which delivered the fileless malware DarkWatchman. This campaign was directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. The use of phishing emails mimicking conscription summons suggests a significant effort to induce a sense of urgency, further enhancing the effectiveness of the attack.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Payload

Phishing

Downloader

Ransomware

Reconnaissance

Rat

Espionage

Ibm

Russia

Backdoor

Windows

Chrome

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Pony	Unspecified	1	Pony is a type of malware, which is malicious software designed to infiltrate and damage computers or devices without the user's knowledge. It can be spread through suspicious downloads, emails, or websites, and once installed, it can steal personal information, disrupt operations, or even hold data

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the DarkWatchman Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	8 months ago	XDSpy hackers attack military-industrial companies in Russia
SecurityIntelligence.com	8 months ago	ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups
SecurityIntelligence.com	8 months ago	Where Everything Old is New Again: Operational Technology and Ghost of Malware Past
SecurityIntelligence.com	8 months ago	Hive0117 Continues Fileless Malware Delivery in Eastern Europe
SecurityIntelligence.com	8 months ago	New wiper malware used against Ukranian organizations - Security Intelligence
SecurityIntelligence.com	8 months ago	CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations
CERT-EU	9 months ago	Cyber experts applaud White House cybersecurity plan
CERT-EU	10 months ago	How the FBI Fights Back Against Worldwide Cyberattacks
CERT-EU	10 months ago	How NIST Cybersecurity Framework 2.0 Tackles Risk Management
CERT-EU	10 months ago	Email campaigns leverage updated DBatLoader to deliver RATs, stealers
CERT-EU	10 months ago	Why keep the dual-hat arrangement between Cybercom and NSA?
CERT-EU	10 months ago	Hive0117 Group Attacking Employees of Energy, Finance, & Software Industries
MITRE	a year ago	DarkWatchman: A new evolution in fileless techniques. - Prevailion
CERT-EU	a year ago	遠端存取木馬
CERT-EU	a year ago	Протоколу RUSTP/UDTP обещана господдержка в рамках импортозамещения
CERT-EU	a year ago	RuTube 9 мая снова атаковали
CERT-EU	a year ago	В России может появиться программа защиты КИИ от нейросетевых