Some sharp increases and decreases may have other internal explanations requiring us to corroborate sources. DarkGate related IOCs taper off quite aggressively after their October peak, though there are no conclusive reasons for this. One hypothesis is the noted difficulty in crypting DarkGate – obfuscating the malware so that it may be delivered to target systems undetected – on underground forums. This issue came to light in December 2023, which resulted in the DarkGate’s developer offering to crypt the malware for customers at the cost of USD 5000 and recommending a crypting service costing upwards of an impressive USD 10000. These additional costs to an otherwise very expensive malware (a monthly license easily costs USD 15000) may have influenced the ongoing operations and sourcing of additional customers.
Several threat intelligence providers have observed and reported on small-scale campaigns involving Qakbot in December, indicating the project may be severely hamstrung but perhaps not down for the count. As no arrests were made it is possible that the development team behind Qakbot were able to set up their infrastructure and resume operations. If this were the case, it would account for the November and December uptick in samples and IOCs seen in figures 26 and 28.
Figure 28: Command & Control Servers for H2 2023
66
Made with FlippingBook - PDF hosting