Pulse Detail — Threat Intelligence

PULSE NAME

BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates | Proofpoint US

WHITE CyberHunter_NL 2023-12-22 Modified: 2024-01-21

IOCs

MEDIUM VOLUME

Find out more about Proofpoint’s solutions to protect your people, data and brand from cyber attacks and the growing threat posed by cybercriminals, who are increasingly targeting individuals and businesses.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1187 T1204 T1055 T1105

MALWARE FAMILIES

DarkGate

Indicators of Compromise (16)

All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
CVE	CVE-2023-36025	—	2023-12-22
FileHash-MD5	c56b5f0201a3b3de53e561fe76912bfd	MD5 of 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d	2023-12-22
FileHash-SHA1	2a4062e10a5de813f5688221dbeb3f3ff33eb417	SHA1 of 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d	2023-12-22
FileHash-SHA256	237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d	—	2023-12-22
FileHash-SHA256	2f5af97b13b077a00218c60305b4eee5d88d14a9bd042beed286434c3fc6e084	—	2023-12-22
FileHash-SHA256	7562c213f88efdb119a9bbe95603946ba3beb093c326c3b91e7015ae49561f0f	—	2023-12-22
FileHash-SHA256	96ca146b6bb95de35f61289c2725f979a2957ce54761aff5f37726a85f2f9e77	—	2023-12-22
FileHash-SHA256	e2a8a53e117f1dda2c09e5b83a13c99b848873a75b14d20823318840e84de243	—	2023-12-22
FileHash-SHA256	ea8f893c080159a423c9122b239ec389939e4c3c1f218bdee16dde744e08188f	—	2023-12-22
FileHash-SHA256	fce452bcf10414ece8eee6451cf52b39211eb65ecaa02a15bc5809c8236369a4	—	2023-12-22
URL	http://161.35.113.58:443	—	2023-12-22
domain	heilee.com	—	2023-12-22
domain	kairoscounselingmi.com	—	2023-12-22
domain	nathumvida.org	—	2023-12-22
domain	searcherbigdealk.com	—	2023-12-22
domain	zxcdota2huysasi.com	—	2023-12-22

References (1)

↗ https://www.proofpoint.com/us/blog/threat-insight/battleroyal-darkgate-cluster-spreads-email-and-fake-browser-updates