{"id":54251,"date":"2023-10-20T18:15:00","date_gmt":"2023-10-20T18:15:00","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors"},"modified":"2023-10-20T18:15:00","modified_gmt":"2023-10-20T18:15:00","slug":"ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/","title":{"rendered":"Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt981b4246f98612fd\/64ee4ce7aa76fa716bec3e20\/duck-Daniel_Ladd-Alamy.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Cybersecurity researchers have uncovered a connection between the notorious DarkGate remote access trojan (RAT) and the Vietnam-based financial cybercrime operation behind the Ducktail infostealer.<\/p>\n<p>WithSecure&#8217;s researchers, who <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/ducktail-cyberattackers-whatsapp-facebook-business-attack-chain\" target=\"_blank\" rel=\"noopener\">spotted Ducktail&#8217;s activity in 2022<\/a>, started their investigation into DarkGate after detecting multiple infection attempts against organizations in the UK, US, and India.<\/p>\n<p>&#8220;It rapidly became apparent that the lure documents and targeting were very similar to recent Ducktail infostealer campaigns, and it was possible to pivot through open source data from the DarkGate campaign to multiple other infostealers which are very likely being used by the same actor\/group,&#8221; the report noted.<\/p>\n<h2 class=\"regular-text\">DarkGate&#8217;s Ties to Ducktail<\/h2>\n<p>DarkGate is <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/darkgate-operator-skype-teams-messages-distribute-malware\" target=\"_blank\" rel=\"noopener\">backdoor malware<\/a> capable of a wide range of malicious activities, including information stealing, cryptojacking, and using Skype, Teams, and Messages to distribute malware.<\/p>\n<p>The malware can steal a variety of data from infected devices, including usernames, passwords, credit card numbers, and other sensitive information and be used to mine cryptocurrency on infected devices without the user&#8217;s knowledge or consent.<\/p>\n<p>It can be used to deliver ransomware to infected devices, encrypting the user&#8217;s files and demanding a ransom payment to decrypt them.<\/p>\n<p>WithSecure senior threat intelligence analyst Stephen Robinson explains that at a high level, DarkGate malware functionality hasn\u2019t changed since the initial reporting in 2018.<\/p>\n<p>&#8220;It has always been a Swiss-army knife, multifunctional malware,&#8221; he says. &#8220;That said, it has been repeatedly updated and modified by the author since then, which we can assume has been to improve the implementation of those malicious functions, and to keep up with the AV\/Malware detection arms race.&#8221;<\/p>\n<p>He notes DarkGate campaigns (and the actors behind them) can be differentiated by who they are targeting, the lures and infection vectors they are using, and their actions on the target.<\/p>\n<p>&#8220;The specific Vietnamese cluster that the report focuses on used the same targeting, file names, and even lure files for multiple campaigns using multiple strains of malware,&#8221; Robinson says.<\/p>\n<p>They created PDF lure files using an online service that adds its own metadata to each file created; that metadata gave further strong links between the different campaigns.<\/p>\n<p>They also created multiple malicious LNK files on the same device and did not wipe the metadata, enabling further activity to be clustered.<\/p>\n<p>The correlation between DarkGate and Ducktail was determined from nontechnical markers such as lure files, targeting patterns, and delivery methods, collated in a 15-page <a href=\"https:\/\/labs.withsecure.com\/publications\/darkgate-malware-campaign\" target=\"_blank\" rel=\"noopener\">report<\/a>.<\/p>\n<p>&#8220;Nontechnical indicators like lure files and metadata are highly impactful forensic cues. Lure files, which act as bait to entice victims into executing the malware, offer invaluable insights into an attacker&#8217;s modus operandi, their potential targets, and their evolving techniques,&#8221; explains Callie Guenther, senior manager of cyber threat research at Critical Start.<\/p>\n<p>Similarly, metadata \u2014 information like &#8220;LNK Drive ID&#8221; or details from services like Canva \u2014 can leave discernible traces or patterns that might persist across different attacks or specific actors.<\/p>\n<p>&#8220;These consistent patterns, when analyzed, can bridge the gap between varied campaigns, enabling researchers to attribute them to a common perpetrator, even if the malware&#8217;s technical footprint differs,&#8221; she says.<\/p>\n<p>Ngoc Bui, cybersecurity expert at Menlo Security, says understanding the relationships between different malware families linked to the same threat actors is essential.<\/p>\n<p>&#8220;It helps in building a more comprehensive threat profile and identifying the tactics and motivations of these threat actors,&#8221; Bui says.<\/p>\n<p>For example, if researchers find connections between DarkGate, Ducktail, Lobshot, and Redline Stealer, they may be able to conclude that a single actor or group is involved in multiple campaigns, which suggests a high level of sophistication.<\/p>\n<p>&#8220;It may also help analysts determine if more than one threat group is working together as we see with ransomware campaigns and efforts,&#8221; Bui adds.<\/p>\n<h2 class=\"regular-text\">MaaS Impacts Cyber-Threat Landscape<\/h2>\n<p>Bui points out the availability of DarkGate as a service has significant implications for the cybersecurity landscape.<\/p>\n<p>&#8220;It lowers the entry barrier for aspiring cybercriminals who may lack technical expertise,&#8221; Bui explains. &#8220;As a result, more individuals or groups can access and deploy sophisticated malware like DarkGate, increasing the overall threat level.&#8221;<\/p>\n<p>Bui adds that malware-as-a-service (MaaS) offerings provide cybercriminals with a convenient and cost-effective means to conduct attacks.<\/p>\n<p>For a cybersecurity analyst, this poses a challenge because they must continually adapt to new threats and consider the possibility of multiple threat actors using the same malware service.<\/p>\n<p>It also can make tracking the threat actor using the malware a little more difficult as the malware itself may cluster back to the developer and not the threat actor using the malware.<\/p>\n<h2 class=\"regular-text\">Paradigm Shift in Defense<\/h2>\n<p>Guenther says that to better comprehend the modern, ever-evolving cyber-threat landscape, a paradigm shift in defense strategies is overdue.<\/p>\n<p>&#8220;Embracing behavior-based detection sequences, as well as leveraging AI and ML, allows for the identification of anomalous network behaviors, surpassing the previous limitations of signature-based methods,&#8221; she says.<\/p>\n<p>Furthermore, pooling threat intelligence and fostering communication about emergent threats and tactics across industry verticals can catalyze early detection and mitigation.<\/p>\n<p>&#8220;Regular audits, encompassing network configurations and penetration tests, can preemptively unearth vulnerabilities,&#8221; Guenther adds. &#8220;Moreover, a well-informed workforce, trained in recognizing contemporary threats and phishing vectors, becomes an organization&#8217;s first line of defense, reducing the risk quotient substantially.&#8221;<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Vietnamese cybercrime groups are using multiple different MaaS infostealers and RATs to target the digital marketing sector.Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-54251","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-20T18:15:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt981b4246f98612fd\/64ee4ce7aa76fa716bec3e20\/duck-Daniel_Ladd-Alamy.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors\",\"datePublished\":\"2023-10-20T18:15:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\\\/\"},\"wordCount\":877,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt981b4246f98612fd\\\/64ee4ce7aa76fa716bec3e20\\\/duck-Daniel_Ladd-Alamy.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\\\/\",\"name\":\"Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt981b4246f98612fd\\\/64ee4ce7aa76fa716bec3e20\\\/duck-Daniel_Ladd-Alamy.jpg\",\"datePublished\":\"2023-10-20T18:15:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt981b4246f98612fd\\\/64ee4ce7aa76fa716bec3e20\\\/duck-Daniel_Ladd-Alamy.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt981b4246f98612fd\\\/64ee4ce7aa76fa716bec3e20\\\/duck-Daniel_Ladd-Alamy.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/","og_locale":"en_US","og_type":"article","og_title":"Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-10-20T18:15:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt981b4246f98612fd\/64ee4ce7aa76fa716bec3e20\/duck-Daniel_Ladd-Alamy.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors","datePublished":"2023-10-20T18:15:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/"},"wordCount":877,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt981b4246f98612fd\/64ee4ce7aa76fa716bec3e20\/duck-Daniel_Ladd-Alamy.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/","url":"https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/","name":"Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt981b4246f98612fd\/64ee4ce7aa76fa716bec3e20\/duck-Daniel_Ladd-Alamy.jpg","datePublished":"2023-10-20T18:15:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt981b4246f98612fd\/64ee4ce7aa76fa716bec3e20\/duck-Daniel_Ladd-Alamy.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt981b4246f98612fd\/64ee4ce7aa76fa716bec3e20\/duck-Daniel_Ladd-Alamy.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/ducktail-infostealer-darkgate-rat-linked-to-same-threat-actors\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54251"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54251\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}