← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Microsoft Teams Phishing Attack Using Darkgate Malware
WHITE cryptocti 2023-10-05 Modified: 2023-11-04
83
IOCs
HIGH VOLUME
microsoft teamstruesecdarkgatedarkgate loaderjunemicrosoftzerofoxaugustofficezip fileautoitchatscreenshottersophoslinuxblogresponsecybersecurityautoit scriptstronglnk filesharepointvirustotalmalspamemotetteammalwareteams malspamtisifipe filec2 serverwindowsxor keymsi filedelphittpsdiscordnirsoftstubjumpsecmax corbridgetom ellsonred teamcorbridgeclientjumpsec redteamsphisherteamspost requestandrea santesekanbach
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Sophos Linux Teams Malspam Emotet Microsoft Teams Tisifi DarkGate
Indicators of Compromise (83)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL email hostname domain
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2022-40684 2023-10-05
FileHash-MD5 850a5b42f4d228d6e8a30933d86edcec MD5 of bcd449470626f4f34a15be00812f850c5e032723e35776fb4b9be6c7be6c8913 2023-10-05
FileHash-MD5 aff562f83effcbea96568037516d742e MD5 of 4c21711de81bb5584d35e744394eed2f36fef0d93474dfc5685665a9e159eef1 2023-10-05
FileHash-MD5 c7a8d36e367812d298b4abc13fa03c96 MD5 of 0c59f568da43731e3212b6461978e960644be386212cc448a715dbf3f489d758 2023-10-05
FileHash-MD5 deec192a82b84a683fd0ff4449699f88 MD5 of 09904d65e59f3fbbbf38932ae7bff9681ac73b0e30b8651ec567f7032a94234f 2023-10-05
FileHash-SHA1 5b070fa4cab960e10d562a2d67a463dfe6b8b0e7 SHA1 of bcd449470626f4f34a15be00812f850c5e032723e35776fb4b9be6c7be6c8913 2023-10-05
FileHash-SHA1 6a6f9ea7f16fea5a24597937d8ba51e39479c863 SHA1 of 09904d65e59f3fbbbf38932ae7bff9681ac73b0e30b8651ec567f7032a94234f 2023-10-05
FileHash-SHA1 a33d7c5de81a77ee76b4f873176eb194bc0f30fd SHA1 of 4c21711de81bb5584d35e744394eed2f36fef0d93474dfc5685665a9e159eef1 2023-10-05
FileHash-SHA1 b79b60124b1c7231f359d011465d72ad9f3c0246 SHA1 of 0c59f568da43731e3212b6461978e960644be386212cc448a715dbf3f489d758 2023-10-05
FileHash-SHA256 09904d65e59f3fbbbf38932ae7bff9681ac73b0e30b8651ec567f7032a94234f 2023-10-05
FileHash-SHA256 0c59f568da43731e3212b6461978e960644be386212cc448a715dbf3f489d758 2023-10-05
FileHash-SHA256 1bcde4d4613f046b63e970aa10ea2662d8aa7d326857128b59cb88484cce9a2d 2023-10-05
FileHash-SHA256 4c21711de81bb5584d35e744394eed2f36fef0d93474dfc5685665a9e159eef1 2023-10-05
FileHash-SHA256 bcd449470626f4f34a15be00812f850c5e032723e35776fb4b9be6c7be6c8913 2023-10-05
URL http://5.188.87.58:2351 2023-10-05
URL http://5.188.87.58:2351/msiwbzadczl 2023-10-05
URL http://5.188.87.58:2351/wbzadczl 2023-10-05
email 63090101@my.buu.ac.th 2023-10-05
email adriverar@unadvirtual.edu.co 2023-10-05
hostname www.winitor.com 2023-10-05
URL http://a-1bcdn.com 2023-10-05
URL http://intranet.mcasavaya.com 2023-10-05
FileHash-MD5 247a8cc39384e93d258360a11381000f MD5 of 6e068b9dcd8df03fd6456faeb4293c036b91a130a18f86a945c8964a576c1c70 2023-10-05
FileHash-SHA1 23893f035f8564dfea5030b9fdd54120d96072bb SHA1 of 6e068b9dcd8df03fd6456faeb4293c036b91a130a18f86a945c8964a576c1c70 2023-10-05
FileHash-SHA256 6e068b9dcd8df03fd6456faeb4293c036b91a130a18f86a945c8964a576c1c70 2023-10-05
URL http://80.66.88.145 2023-10-05
domain a-1bcdn.com 2023-10-05
domain drkgatevservicceoffice.net 2023-10-05
domain onlysportsfitnessam.com 2023-10-05
domain reactervnamnat.com 2023-10-05
domain xfirecovery.pro 2023-10-05
email coding_guru@exploit.im 2023-10-05
hostname intranet.mcasavaya.com 2023-10-05
hostname sanibroadbandcommunicton.duckdns.org 2023-10-05
hostname www.exemsi.com 2023-10-05
hostname avayacloud.com.global.prod.fastly.net 2023-10-05
domain exploit.in 2023-10-05
domain joagfhreetdsa.com 2023-10-05
URL http://5.188.87.58/fthgobn 2023-10-05
URL http://5.188.87.58:2351/ 2023-10-05
URL http://5.188.87.58:2351/bvfvnoqg 2023-10-05
URL http://5.188.87.58:2351/fthgobnz:jkcrrpohkwl=WINHTTP.WinHTTPRequest.5.1:fviolbi 2023-10-05
URL http://5.188.87.58:2351/msibioltwfg 2023-10-05
URL http://5.188.87.58:2351/msidclftfiz 2023-10-05
URL http://5.188.87.58:2351/msivumuxcze 2023-10-05
URL http://5.188.87.58:2351/msizcwtxwod 2023-10-05
URL http://5.188.87.58:2351/vumuxcze":vkxpwb="WINHTTP.WinHTTPRequest.5.1":pichlpmr 2023-10-05
URL http://5.188.87.58:2351/wbzadczl:eypawy=WINHTTP.WinHTTPRequest.5.1:xalqavicdbkco 2023-10-05
URL http://5.188.87.58:3389 2023-10-05
FileHash-SHA256 0d97da0fa97209f747212e5d8a89540c1bc9486ddd8243c4d8cd12cc2bfbe518 2023-10-05
FileHash-SHA256 0e37705b07def87dca997dcb9234c94f46689a80b660fc280634e52d2554f7cc 2023-10-05
FileHash-SHA256 175b41dbf4fd9c36d98f28c2455ec1a5741db32e954203a89f1056da6f56e32b 2023-10-05
FileHash-SHA256 27a8549201c18a482ac92ecb991d92e03fdb9eef9de40b430ce93d52a0a3ee86 2023-10-05
FileHash-SHA256 28be0dcd0d50417e7ede44fd08cb464df381b0999200e13a0715a34faf7c887e 2023-10-05
FileHash-SHA256 3a81d643bfae74b98cb884066a0b40c2b6825c7c2071dbefa05e09aeeea07820 2023-10-05
FileHash-SHA256 5fc89cdf89371dfe330a9b6a1429a7fe78b9a07be875e781e7e9845d425f20e1 2023-10-05
FileHash-SHA256 64113d46f28ca07c858f5c3697edac5815018cbb8483b060dc0296ec7385dbe4 2023-10-05
FileHash-SHA256 9cc5c3718165b60ef320b6b5c393eab5188f689f55b3e11d8678fcb400ab26f8 2023-10-05
FileHash-SHA256 cd0cf639c50fe0ab816306fbbc432e9f26beb06f8ea3ef81ae277942a41eb8a7 2023-10-05
FileHash-SHA256 eaf00c647c5e6a534a56eb7d3a7e1a3de848395d26781f22f6a45da190683049 2023-10-05
FileHash-SHA256 f06a5ea73d82d3255a8670164db62fb76ab2e4ba2470d98d7055d2bad1bf91eb 2023-10-05
FileHash-SHA256 fabfed980647f8a222bf46f103f39ada62566fa705858e58d42e3acbcbeabb44 2023-10-05
FileHash-SHA256 ffb002d79a47b6a44bdfbc4dfb5cfb5fc3146820ac27d035ba971c00efe3fbc5 2023-10-05
URL http://www.winitor.com/tools/pestudio/changes.log 2023-10-05
URL https://www.winitor.com/A 2023-10-05
URL https://www.winitor.com/binaries.htmlB 2023-10-05
URL https://www.winitor.com/binaries.htmlpestudiomoc.rotiniw.www. 2023-10-05
URL https://www.winitor.com/donwload 2023-10-05
URL https://www.winitor.com/download 2023-10-05
URL https://www.winitor.com/download/ 2023-10-05
URL https://www.winitor.com/download2 2023-10-05
URL https://www.winitor.com/favicon.ico 2023-10-05
URL https://www.winitor.com/favicon.icoBM6 2023-10-05
URL https://www.winitor.com/features/ 2023-10-05
URL https://www.winitor.com/pdf/DynamicLinkLibraries.pdf 2023-10-05
URL https://www.winitor.com/pdf/Malware-Analysis-Fundamentals-Files-Tools.pdf 2023-10-05
URL https://www.winitor.com/pdf/Windows 2023-10-05
URL https://www.winitor.com/pdf/WindowsServices.pdf 2023-10-05
URL https://www.winitor.com/pdf/pestudio.pdf 2023-10-05
URL https://www.winitor.com/pestudiomoc.rotiniw.www. 2023-10-05
URL https://www.winitor.com/tools/2a6a5dea-1426-48f3-8f2f-f593d23edc1c/* 2023-10-05
URL https://www.winitor.com/tools/pestudio/current/pestudio 2023-10-05
URL https://www.winitor.com/tools/pestudio/current/pestudio.zipC 2023-10-05
References (1)
↗ September 10th 2023 - CryptoGen Cyber Threat Intelligence - #3215 - Microsoft Teams Phishing Attack Using Darkgate Malware