The seven faces of darkness

The seven faces of darkness

A look into the seven popular malware families that have been or continue to be sold as a service on the darknet, and how they are used to attack Russian organizations
Download
The dangers of malware as a service
There are many threads on underground forums in which developers offer malware as a service. This model allows even the least skilled adversaries to conduct successful attacks.
Although the developers of such malicious software often prohibit its use in Russia and other CIS countries, cybercriminals find ways to circumvent all restrictions. In some recent cases, the vendors neglected to enforce them altogether. Consequently, this gave the hacker community the green light to distribute such software among themselves en masse.
100,000+
companies were attacked using the software described in the research
$15/month
cheapest subscription to any of the software explored in this paper
In this report
  • Descriptions of the seven malware families that are most often used to attack Russian organizations: Agent Tesla, FormBook, RedLine, DarkCrystal, White Snake, DarkGate, and SnakeKeylogger
  • Special features and distribution of each malware
  • Heat map based on MITRE ATT&CK: most and least common techniques
.banner-4__content { width: 50%; } .banner-4__image img { object-position: center; } @media screen and (max-width: 1024px) { .banner-4 { justify-content: flex-start; } .banner-4__content { width: 100%; } }

You might also need