DarkWatchman (Malware Family)

DarkWatchman

Prevailion found this RAT written in JavaScript, which dynamically compiles an accompanying keylogger written in C# and uses a DGA for C&C.

References

2025-11-26 ⋅ Intrinsec ⋅ CTI Intrinsec, David Sardinha
Trouble in the air: A spree of campaigns targeting the aerospace industry in Russia
DarkWatchman CloudEyE Formbook PhantomCore Remcos

2023-09-07 ⋅ SecurityIntelligence ⋅ Claire Zaboeva, Golo Mühr, Melissa Frydrych
New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware
DarkWatchman

2023-05-05 ⋅ cyble ⋅ Cyble
Sophisticated DarkWatchMan RAT Spreads Through Phishing Sites
DarkWatchman

2022-04-26 ⋅ IBM ⋅ Claire Zaboeva, David Bryant, Melissa Frydrych
Hive0117 Continues Fileless Malware Delivery in Eastern Europe
DarkWatchman Hive0117

2021-12-14 ⋅ Prevailion ⋅ Matt Stafford, Sherman Smith
DarkWatchman: A new evolution in fileless techniques
DarkWatchman

There is no Yara-Signature yet.

DarkWatchman Propose Change

References

DarkWatchman