DanaBot C2 Server Memory Leak Bug

SUMMARY :

A critical vulnerability named DanaBleed was discovered in DanaBot's C2 server, causing memory leaks from June 2022 to early 2025. This bug, introduced in version 2380, exposed sensitive information including threat actor details, server data, and victim credentials. The leak resulted from uninitialized memory in the C2 protocol update. Researchers gained insights into DanaBot's operations, infrastructure, and affiliates. In May 2025, law enforcement dismantled DanaBot's infrastructure and indicted 16 individuals in Operation Endgame. The blog details the technical analysis of the vulnerability, its impact, and the type of data exposed through the memory leak.

OPENCTI LABELS :

vulnerability,c2 server,cybercrime,information theft,danabot,malware-as-a-service,smokeloader,operation endgame,danableed,banking fraud,memory leak


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


DanaBot C2 Server Memory Leak Bug