Security researchers said that the latest version includes several new features such as audio recording, mouse control, and keyboard management. However, it also lacks some of the features that were present in previous versions such as privilege escalation, cryptomining, and hidden virtual network computing (HVAC). This may be an effort to cut out features that could enable detection or it may be that the customers who are buying DarkGate simply do not need these features.

Cybercriminals are also abusing DocuSign by selling legitimate-looking customizable phishing templates on underground forums. These templates are designed to look like real DocuSign requests and they can be used to trick victims into clicking on malicious links or divulging sensitive information.

DocuSign is a service that allows people to electronically sign documents and it is a popular target for phishers because it is a trusted brand. This fully-featured remote access trojan (RAT) grants attackers extensive control over infected devices enabling them to steal credentials, log keystrokes, capture screenshots, and even control the victim's desktop remotely.

Impact

• Credential Theft
• Keylogging
• Sensitive Data Theft
• Unauthorized Access

Indicators of Compromise

MD5

• dba804844021e02c3261e1f3551c3cbc
• f5ca9be3c78a9ac4e8bd1e7ad2f6601d
• 814370d88c1976a68bcc40bbfbc6a5db
• 084204268a6964e8227e3b5ad94c29ce
• 72062a8fb5ed36154d0d75b0136d022e
• 23a07d9c346b3b70edbc50343b18fb72
• 302fd0ab4bf6bce4aedbafbb5f327448
• 92510eff30850b413b1142df4fbaa06b
• ace67f099683c4360f442c58da66aeba
• 3f67465549b26ea1d1387437fbea9c01
• c89e36e2491ae7a9ed156304583f32d2
• bbaded0a8091b76257dc4880c9ef59dc
• b371387b0b5551c936c94bdf36c2e2f5
• 33186abd8e55b840e1f42e67f98bfb61
• cf502f6de2b3c1e72f951f6eb7ee0a13
• f1c7fc2ffe233c956f7adfea4acdfdac

SHA-256

• 9c9e93fae0cb9bd2075b01f48b6720749747502b73e5f97d5ec00c1ea6c82c4a
• 9f3f3c6c174a9e27476634a945279026139152063067903546171a3e5e41adf6
• 232ceea592951167725cf41a139e2f61e8865efe156e3ba89f92c7d1258bf0ba
• 29b2724635fac3d158901d883eb67ecf881ee4b68305ae40e325c0ba686cedd8
• 5b7952398a0b75ef5e1af34eed7766098da0f075460b9a280b55aa8357b494d6
• 189957f4a63fa039f291825b7f3fd62f6123b7e9d75dca78a69c75a5fda21552
• 2cf7f7d15138f3ff899ea8620bb42c9bd12cdb665c17677bd5a14e7553bededb
• 6e72e76d60990669b323f976897820f4341d0bf8fe7744f69f71ca11a0b2226b
• 196bb36f7d63c845afd40c5c17ce061e320d110f28ebe8c7c998b9e6b3fe1005
• 4b2f5af41ebb9b12e2890ea11c6377ca9b619b9d3fd0afc1ce7530ce81384b16
• 7543eb88a74a54a38602af9426049621bd64460ecb36c6b1cf08d7c221038974
• 2d960acdda45cd77a0590c6f652d8496eba30e1b2b263f6a083ac5b27512d1c6
• 038db3b838d0cd437fa530c001c9913a1320d1d7ac0fd3b35d974a806735c907
• c96eb2b8f524b2be4e1801445e7f5e542d34cd7033482560712b12d76ea69da9
• b4d9ec5ffbc05bdbdd73a7ece3aead129e0dce0631d97e40f716a909773bf928
• 11667b53618af41795c53fec397e9a76799b1ca0d3c3dc1f7ea2da9feb1394c9

SHA1

• 21106db3f24f0cae4ce78a1afa76575703fd9ac0
• 8c28ea69f52d3b3d301da2e37f7e010ad4703ecd
• 83f530634ff48775583582808c6376520fb710ee
• e2a6aed02ed840c6e316ef19c6f841a75433b840
• 0af36a46cfc997dd6ce410949a97fb022ffd2597
• e8b115768e04b59a7a628b9eaa25e80f94657193
• 0da030237dd9f39fd16860341f5656833b45de8d
• 762cb216fb170574de41e71576fef0780a90092c
• 2b90f1398b79331e8f853ddb004dcc87a1daf540
• 3101fa2c9f3cc94ba8ed49713b0df60566d04d73
• eba762de3f1e182c8d157efc16a39e30a4022d87
• ecae806439418202758a1011005f726a57399032
• 2f40590d998688bd681ea0afcea615b6a348cb31
• 94c7819749e116bcf96303783e08d73ee6160a19
• 6cf09ab2c53c0e9b5acc573163b152d234b9f416
• 82314962946c1e712a42b9900fdfaf479376e343

Remediation

• Block all threat indicators at your respective controls.
• Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
• Never trust or open links and attachments received from unknown sources/senders.
• Implement multi-factor authentication to add an extra layer of security to login processes.
• Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
• Organizations need to stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
• Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
• Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
• Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
• Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
• Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
• Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.