DarkGate (7144b703-f471-4bde-bedc-e8b274854de5)
Operationalize this intelligence by pivoting to relevant defensive resources via the Techniques below. Alternatively, use the Add to Matrix button above, then overlay entire sets of capabilities from your own defensive stack to identify threat overlaps & potential gaps (watch a 60-second tutorial here).
DarkGate is a commodity downloader. Researchers have often observed DarkGate samples making use of legitimate copies of AutoIt, a freeware BASIC-like scripting language, using it to run AutoIt scripts as part of its execution chain. Reports of DarkGate infections surged following the announcement of the disruption of the QakBot botnet by international authorities in late August 2023.[Bleeping Computer DarkGate October 14 2023] The delivery of DarkGate payloads via instant messaging platforms including Microsoft Teams and Skype was reported in September and October 2023.[DarkGate Loader delivered via Teams - Truesec][Trend Micro DarkGate October 12 2023]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| TA577 (28f3dbcc-b248-442f-9ff3-234210bb2f2a) | Tidal Groups | DarkGate (7144b703-f471-4bde-bedc-e8b274854de5) | Tidal Software | 1 |