2021-12-21

DarkWatchman - Fileless Malware

Level: 
Tactical
  |  Source: 
Prevailion
Share:

DarkWatchman - Fileless Malware

Industry: N/A | Level: Tactical | Source: Prevailion

Research from Prevailion’s Adversarial Counterintelligence Team (PACT) shared findings of a javascript-based RAT dubbed, “DarkWatchman,” that uses Domain Generation Algorithms (DGA) for its Command and Control (C2) infrastructure achieving fileless persistence. The malware is distributed via email in a zip archive and uses the registry for essentially all temporary and permanent storage to avoid having the need to write to disk. The RAT is paired with a C# keylogger and utilizes LOLbins, and if the user has admin permission it deletes shadow copies.

  • Anvilogic Scenario: DarkWatchman - Behaviors

Chat with our team to receive a free maturity assessment

Get in Touch