Date: 07/12/2024
Severity: High
Summary
In early 2024, a DarkGate malware campaign employed Microsoft Excel files to retrieve malicious software via public SMB file shares. This short-lived incident highlights the adaptability of threat actors in leveraging legitimate tools for malware distribution. DarkGate, initially reported in 2018, has since developed into a malware-as-a-service (MaaS) platform, with increased activity following disruptions to Qakbot infrastructure in August 2023.
Indicators of Compromise (IOC) List
Hash |
378b000edf3bfe114e1b7ba8045371080a256825f25faaea364cf57fa6d898d7
ba8f84fdc1678e133ad265e357e99dba7031872371d444e84d6a47a022914de9
a01672db8b14a2018f760258cf3ba80cda6a19febbff8db29555f46592aedea6
02acf78048776cd52064a0adf3f7a061afb7418b3da21b793960de8a258faf29
2384abde79fae57568039ae33014184626a54409e38dee3cfb97c58c7f159e32
4b45b01bedd0140ced78e879d1c9081cecc4dd124dcf10ffcd3e015454501503
08d606e87da9ec45d257fcfc1b5ea169b582d79376626672813b964574709cba
4b45b01bedd0140ced78e879d1c9081cecc4dd124dcf10ffcd3e015454501503
08d606e87da9ec45d257fcfc1b5ea169b582d79376626672813b964574709cba
585e52757fe9d54a97ec67f4b2d82d81a547ec1bd402d609749ba10a24c9af53
51f1d5d41e5f5f17084d390e026551bc4e9a001aeb04995aff1c3a8dbf2d2ff3
44a54797ca1ee9c896ce95d78b24d6b710c2d4bcb6f0bcdc80cd79ab95f1f096
b28473a7e5281f63fd25b3cb75f4e3346112af6ae5de44e978d6cf2aac1538c1 |
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Hash |
sha256hash IN ("a01672db8b14a2018f760258cf3ba80cda6a19febbff8db29555f46592aedea6","4b45b01bedd0140ced78e879d1c9081cecc4dd124dcf10ffcd3e015454501503","378b000edf3bfe114e1b7ba8045371080a256825f25faaea364cf57fa6d898d7","08d606e87da9ec45d257fcfc1b5ea169b582d79376626672813b964574709cba","585e52757fe9d54a97ec67f4b2d82d81a547ec1bd402d609749ba10a24c9af53","02acf78048776cd52064a0adf3f7a061afb7418b3da21b793960de8a258faf29","44a54797ca1ee9c896ce95d78b24d6b710c2d4bcb6f0bcdc80cd79ab95f1f096","b28473a7e5281f63fd25b3cb75f4e3346112af6ae5de44e978d6cf2aac1538c1","51f1d5d41e5f5f17084d390e026551bc4e9a001aeb04995aff1c3a8dbf2d2ff3","ba8f84fdc1678e133ad265e357e99dba7031872371d444e84d6a47a022914de9") |
Reference:
https://unit42.paloaltonetworks.com/darkgate-malware-uses-excel-files/