Date: 08/08/2025
Severity: Medium
Summary
In early July 2025, a new variant of the DarkCloud malware campaign was detected. This latest attack began with a phishing email containing a malicious RAR archive attachment. DarkCloud, first identified in 2022, is a stealthy Windows-based information stealer designed to harvest sensitive data such as login credentials, financial details, and contacts. This new variant continues the malware’s focus on covert data theft, highlighting ongoing threats to user security.
Indicators of Compromise (IOC) List
URL/Domain | https://archive.org/download/universe-1733359315202-8750/universe-1733359315202-8750.jpg http://paste.ee/d/0WhDakVP/0 |
Hash | 381AA445E173341F39E464E4F79B89C9ED058631BCBBB2792D9ECBDF9FFE027D
82BA4340BE2E07BB74347ADE0B7B43F12CF8503A8FA535F154D2E228EFBEF69C
|
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Detection Query 1 : | domainname like "https://archive.org/download/universe-1733359315202-8750/universe-1733359315202-8750.jpg" or siteurl like "https://archive.org/download/universe-1733359315202-8750/universe-1733359315202-8750.jpg" or url like "https://archive.org/download/universe-1733359315202-8750/universe-1733359315202-8750.jpg" or domainname like "http://paste.ee/d/0WhDakVP/0" or siteurl like "http://paste.ee/d/0WhDakVP/0" or url like "http://paste.ee/d/0WhDakVP/0" |
Detection Query 2 : | sha256hash IN ("381AA445E173341F39E464E4F79B89C9ED058631BCBBB2792D9ECBDF9FFE027D","82BA4340BE2E07BB74347ADE0B7B43F12CF8503A8FA535F154D2E228EFBEF69C")
|
Reference:
https://www.fortinet.com/blog/threat-research/unveiling-a-new-variant-of-the-darkcloud-campaign