Operation Endgame 2.0

SUMMARY :

International law enforcement agencies have taken additional actions in Operation Endgame, targeting cybercriminal organizations, particularly those behind DanaBot. DanaBot is a powerful modular malware family written in Delphi, capable of keylogging, capturing screenshots, recording desktop videos, exfiltrating files, injecting content into web browsers, and deploying second-stage malware. It operates as a Malware-as-a-Service platform, enabling various attacks. DanaBot has been used in targeted attacks against government officials in the Middle East and Eastern Europe, and for DDoS attacks against Ukrainian servers. The malware implements a custom binary protocol encrypted with RSA and AES, and uses hardcoded C2 servers with Tor as a backup communication channel. Over 50 nicknames have been associated with DanaBot affiliates.

OPENCTI LABELS :

keylogger,espionage,lumma,darkgate,ddos,danabot,malware-as-a-service,smokeloader,operation endgame,targeted attacks,hijackloader,globeimposter,cactus


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Operation Endgame 2.0