Danabot: Analyzing a fallen empire

SUMMARY :

The infostealer Danabot has been disrupted in a multinational law enforcement operation. ESET has been tracking Danabot since 2018, contributing to the effort by providing technical analyses and identifying C&C servers. Danabot operates as a malware-as-a-service, offering various features like data theft, keylogging, and remote control. It has been used to distribute additional malware, including ransomware. The malware's authors promote their toolset through underground forums, providing affiliates with an administration panel, backconnect tool, and proxy server application. Distribution methods have included email spam, other malware, and misuse of Google Ads. Danabot employs a proprietary encrypted communication protocol and offers multiple build options for affiliates.

OPENCTI LABELS :

banking trojan,botnet,infostealer,danabot,malware-as-a-service


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Danabot: Analyzing a fallen empire