Unit 42: DarkGate: Dancing the Samba With Alluring Excel Files
Unit 42 provides a technical analysis for a DarkGate malware campaign from March-April 2024 that uses Microsoft Excel files to download a malicious software package from public-facing SMB file shares. "Threat actors can creatively abuse legitimate tools and services to distribute their malware." IOC provided.
#threatintel #DarkGate #malwareanalysis #IOC
Not Simon the Goat /
npub1ce…mclln
2024-07-10 20:27:27
Author Public Key
npub1cetfz9z5qtn3lly58p3t4hmxxqhy0vml22z5g8rve3vjesg5gzxs6mcllnSeen on
wss://relay.nostr.bandPublished at
2024-07-10 20:27:27Event JSON
{
"id": "7a29475af5d6cb8c5951ed7b1d19d04dbadaa293f22dabc0eb8073e36aaad181",
"pubkey": "c65691145402e71ffc943862badf66302e47b37f5285441c6ccc592cc114408d",
"created_at": 1720643247,
"kind": 1,
"tags": [
[
"t",
"threatintel"
],
[
"t",
"darkgate"
],
[
"t",
"malwareanalysis"
],
[
"t",
"ioc"
],
[
"proxy",
"https://infosec.exchange/users/screaminggoat/statuses/112764075882072414",
"activitypub"
]
],
"content": "Unit 42: DarkGate: Dancing the Samba With Alluring Excel Files\nUnit 42 provides a technical analysis for a DarkGate malware campaign from March-April 2024 that uses Microsoft Excel files to download a malicious software package from public-facing SMB file shares. \"Threat actors can creatively abuse legitimate tools and services to distribute their malware.\" IOC provided.\n\n#threatintel #DarkGate #malwareanalysis #IOC",
"sig": "d561a3d1f66d72d1fe92b52512ce653aed969ea3def99aacddebd41e9bf44472d4dbeb61a206a3963495830565b01a795dda6defc6c71e6c59347f2541a85675"
}