| Category | Details |
|---|---|
| Threat Actors | Not explicitly named; involved in DarkGate malware distribution using vishing and remote access tools. |
| Campaign Overview | Utilized vishing to impersonate IT support, instruct victims to download AnyDesk, and install DarkGate malware. |
| Target Regions (Or Victims) | Unspecified, but likely corporate entities targeted through phishing and social engineering tactics. |
| Methodology | Voice phishing (vishing), impersonation, AnyDesk installation, DLL side-loading, AutoIt scripts, PowerShell commands. |
| Product Targeted | MicrosoftEdgeUpdateCore.exe (used for injection), AnyDesk, Trend Micro Apex One™ targeted for evasion testing. |
| Malware Reference | DarkGate malware, AutoIt scripts, script.a3x, SystemCert.exe, and StaticSrv.exe. |
| Tools Used | AnyDesk, AutoIt3.exe, cmd.exe, PowerShell, cscript, Vision One XDR solutions. |
| Vulnerabilities Exploited | DLL side-loading technique to execute malicious payloads. |
| TTPs | Social engineering, vishing, persistence via registry, process injection, evasion of AV products, network reconnaissance. |
| Attribution | Not attributed to a specific group; focus on phishing and malware distribution through social engineering. |
| Recommendations | Vet third-party support, enforce MFA, whitelist remote tools, employee training, layered security approach. |
| Source | Trend Micro |
Read full article: https://www.trendmicro.com/en_us/research/24/l/darkgate-malware.html
The above summary has been generated by an AI language model
Related posts:
New PXA Stealer targets government and education sectors for sensitive information
Five alleged members of Scattered Spider cybercrime group charged for breaches, theft of $11 million
Threat Actor Abuses Cloudflare Tunnels to Deliver RATs
New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency
Leave a Reply