DarkGate Operators (RastaFarEye)
According to public reporting, DarkGate is a Malware-as-a-Service offering by a forum user named RastaFarEye.
The DarkGate Loader includes exploitation of vulnerabilities, cryptocurrency mining, remote access and continues to evolve over time. DarkGate has been picked up by multiple financially motivated groups, including those associated with ransomware.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
DarkGate Operators (RastaFarEye) Threat Reports
Detailed Analysis of DarkGate
This post on Medium by S2W presents a technical analysis of DarkGate malware and the operator behind it. According to the report, DarkGate is a ...
CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
This report by TrendMicro's Zero Day Initiative describes a campaign associated with the DarkGate ransomware. According to the post, DarkGate ...
References
blog.eclecticiq.com
https://blog.eclecticiq.com/darkgate-opening-gates-for-financially-motivated-threat-actorswww.trendmicro.com
https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma.htmlwww.trendmicro.com
https://www.trendmicro.com/en_us/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.htmlsocradar.io
https://socradar.io/darkgate-malware-exploring-threats-and-countermeasures/medium.com
https://medium.com/s2wblog/detailed-analysis-of-darkgate-investigating-new-top-trend-backdoor-malware-0545ecf5f606MITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use by this intrusion set.