English
English Indonesia Türkçe Deutsch Español Português Pусский Français Italiano Nederlands Polski العربية ไทย Tiếng Việt 繁體中文 简体中文 日本語 한국어

#danabot search results

the_yellow_fall's profile picture. Welcome to the Daily Cybersecurity site, your trusted source for cybersecurity news and insights since 2017!
Gray Hats
 @the_yellow_fall
May 15, 2024

Cybercriminals are becoming increasingly sophisticated in their tactics, employing deceptive job application emails as a new vector to distribute the dangerous #DanaBot #malware. Attackers use Word documents with external links to bypass security measures securityonline.info/danabot-malwar…

0
0
0
1
193
the_yellow_fall's profile picture. Welcome to the Daily Cybersecurity site, your trusted source for cybersecurity news and insights since 2017!
Gray Hats
 @the_yellow_fall
Jun 11

DanaBot's "DanaBleed" memory leak, active for 3 years, exposed C2 server data, aiding law enforcement in Operation Endgame takedown. #DanaBot #DanaBleed #Cybercrime #Malware #InfoSec securityonline.info/danableed-flaw…

the_yellow_fall's tweet card. DanaBot's "DanaBleed" memory leak, active for 3 years, exposed C2 server data, aiding law enforcement in Operation Endgame takedown.
"DanaBleed" Flaw Exposes DanaBot's Inner Workings for Three Years
Source: securityonline.info
0
1
0
1
298
Unit42_Intel's profile picture. The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
Unit 42
 @Unit42_Intel
Aug 4, 2023

2023-08-03 (Thursday): Malicious Google ad led to a fake TurboTax page pushing an installer package that led to #DanaBot. List of indicators available at bit.ly/3qfbEgL

Unit42_Intel's tweet image. 2023-08-03 (Thursday): Malicious Google ad led to a fake TurboTax page pushing an installer package that led to #DanaBot. List of indicators available at bit.ly/3qfbEgL
Unit42_Intel's tweet image. 2023-08-03 (Thursday): Malicious Google ad led to a fake TurboTax page pushing an installer package that led to #DanaBot. List of indicators available at bit.ly/3qfbEgL
Unit42_Intel's tweet image. 2023-08-03 (Thursday): Malicious Google ad led to a fake TurboTax page pushing an installer package that led to #DanaBot. List of indicators available at bit.ly/3qfbEgL
Unit42_Intel's tweet image. 2023-08-03 (Thursday): Malicious Google ad led to a fake TurboTax page pushing an installer package that led to #DanaBot. List of indicators available at bit.ly/3qfbEgL
0
38
72
10
14K
threatintel's profile picture. Symantec and Carbon Black's threat hunters bring you the latest threat intelligence from the IT security world.
Threat Intelligence
 @threatintel
Nov 14

#ThreatProtection New #Danabot #malware variant found in the wild, read more about Symantec's protection: broadcom.com/support/securi…

0
0
0
0
1K
ESETresearch's profile picture. Security research and breaking news straight from ESET Research Labs.
ESET Research
@ESETresearch
Jul 11

In May 2025, #ESET participated in operations that largely disrupted the infrastructure of two notorious infostealers: #LummaStealer and #Danabot. 1/6

2
13
38
6
8K
EHackerNews's profile picture. CySecurity News is one of the leading IT security news portal delivers news on #security #hacking #Exploit #CyberCrime & #infosec #Hacker. *
CySecurity News
 @EHackerNews
Nov 22

DanaBot Malware Resurfaces With New Variant After Operation Endgame Disruption cysecurity.news/2025/11/danabo… #CyberAttacks #CyberCrime #DanaBot

EHackerNews's tweet image. DanaBot Malware Resurfaces With New Variant After Operation Endgame Disruption cysecurity.news/2025/11/danabo… #CyberAttacks #CyberCrime #DanaBot
0
1
0
0
613
EHackerNews's profile picture. CySecurity News is one of the leading IT security news portal delivers news on #security #hacking #Exploit #CyberCrime & #infosec #Hacker. *
CySecurity News
 @EHackerNews
Jun 17

DanaBot Malware Network Disrupted After Researchers Discover Key Flaw cysecurity.news/2025/06/danabo… #cryptocurrency #DanaBot #DDOSAttacks

EHackerNews's tweet image. DanaBot Malware Network Disrupted After Researchers Discover Key Flaw cysecurity.news/2025/06/danabo… #cryptocurrency #DanaBot #DDOSAttacks
1
1
1
0
667
JAMESWT_WT's profile picture. #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
JAMESWT
 @JAMESWT_WT
Jul 24, 2024

#AgenziaEntrate #Danabot Samples bazaar.abuse.ch/browse/tag/83-… AnyRun app.any.run/tasks/70fe0874… 📛83.147.53.]197 📛104.194.148.]11

JAMESWT_WT's tweet image. #AgenziaEntrate #Danabot Samples bazaar.abuse.ch/browse/tag/83-… AnyRun app.any.run/tasks/70fe0874… 📛83.147.53.]197 📛104.194.148.]11
JAMESWT_WT's tweet image. #AgenziaEntrate #Danabot Samples bazaar.abuse.ch/browse/tag/83-… AnyRun app.any.run/tasks/70fe0874… 📛83.147.53.]197 📛104.194.148.]11
JAMESWT_WT's tweet image. #AgenziaEntrate #Danabot Samples bazaar.abuse.ch/browse/tag/83-… AnyRun app.any.run/tasks/70fe0874… 📛83.147.53.]197 📛104.194.148.]11
JAMESWT_WT's tweet image. #AgenziaEntrate #Danabot Samples bazaar.abuse.ch/browse/tag/83-… AnyRun app.any.run/tasks/70fe0874… 📛83.147.53.]197 📛104.194.148.]11
AgidCert's profile picture. Profilo ufficiale del CERT dell'Agenzia per l'Italia Digitale | Official account of the CERT of the Agency for Digital Italy @AgidGov Telegram: https://t.co/VqkIRFY4s9
Cert AgID
 @AgidCert
Jun 21, 2024

🇮🇹 Nuova campagna #DanaBot a tema #AgenziaEntrate ⚔️ TTP: come precedente campagna del 18/06/2024 ➡️ Questa volta il codice HTML iniziale NON riporta più gli insulti in lingua italiana qualora l'IP sia censito in blocklist. 💣#IoC 👇 🔗t.me/certagid/682

0
4
6
0
3K
0
5
18
0
2K
club31337's profile picture. Threat Intelligence & Security Research • Telegram: https://t.co/dyJBoFbrgr
club1337
@club31337
May 22

16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide On May 22, 2025, the US Department of Justice announced federal charges against 16 individuals for their roles in developing and deploying the #DanaBot #malware, a

club31337's tweet image. 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide On May 22, 2025, the US Department of Justice announced federal charges against 16 individuals for their roles in developing and deploying the #DanaBot #malware, a
0
0
5
1
1K
JAMESWT_WT's profile picture. #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
JAMESWT
 @JAMESWT_WT
Aug 22, 2024

H/T @malwrhunterteam IP 91.92.242.]111 Some Samples bazaar.abuse.ch/browse/tag/91-… AnyRun #DanaBot app.any.run/tasks/503aecb4… C2 :443 176.117.68.]38 91.92.242.]111 45.80.158.]189 176.117.68.]39

JAMESWT_WT's tweet image. H/T @malwrhunterteam IP 91.92.242.]111 Some Samples bazaar.abuse.ch/browse/tag/91-… AnyRun #DanaBot app.any.run/tasks/503aecb4… C2 :443 176.117.68.]38 91.92.242.]111 45.80.158.]189 176.117.68.]39
JAMESWT_WT's tweet image. H/T @malwrhunterteam IP 91.92.242.]111 Some Samples bazaar.abuse.ch/browse/tag/91-… AnyRun #DanaBot app.any.run/tasks/503aecb4… C2 :443 176.117.68.]38 91.92.242.]111 45.80.158.]189 176.117.68.]39
1
6
7
1
2K
spamhaus's profile picture. Strengthening trust and safety across the Internet, by being the authority on IP and domain reputation. Mastodon: @spamhaus@infosec.exchange
Spamhaus
@spamhaus
May 23

🔥 Operation Endgame is BACK! This time targeting #BumbleBee, #Latrodectus, #DanaBot, #WarmCookie, #Qakbot and #Trickbot! Once again this is a HUGE win, with a truly international effort! 💪 As with phase one of #OperationEndgame, Spamhaus are providing remediation support -

Europol's profile picture. The European Union Agency for Law Enforcement Cooperation #MakingEuropeSafer (Account inactive)
Europol
 @Europol
May 23

💥 Ransomware kill chain broken – Operation Endgame strikes again 🔸 300 servers taken down 🔸 650 domains neutralised 🔸 €3.5M crypto seized 🔸 20 international arrest warrants Europol & partners deliver another blow to global cybercrime. More ⤵️ europol.europa.eu/media-press/ne…

Europol's tweet image. 💥 Ransomware kill chain broken – Operation Endgame strikes again 🔸 300 servers taken down 🔸 650 domains neutralised 🔸 €3.5M crypto seized 🔸 20 international arrest warrants Europol & partners deliver another blow to global cybercrime. More ⤵️ europol.europa.eu/media-press/ne…
15
91
191
9
22K
1
5
13
3
2K
wbmmfq's profile picture. Senior Security Operations Analyst @HuntressLabs | @tanner@infosec.exchange | Views my own, obv.
Tanner
@wbmmfq
Dec 5, 2024

Seeing lots of malicious Google ads being served to people trying to find their 401k. I suspect it's #Danabot being served from the domain usdepttreasury[.]org. Today the stage 2 downloader is various subdomains fo jacksoninternationalairport[.]org.

1
12
18
4
2K
Gi7w0rm's profile picture. Threat Intelligence Analyst | Projects: https://t.co/azRpNg9NJQ & https://t.co/SyvUfXpbmI | If I post false intel, contact me! Support me: https://t.co/5WgDqr0K8p 🇪🇺🇩🇪🇺🇦🌈
Gi7w0rm
 @Gi7w0rm
May 9, 2023

#DanaBot coming in via #SmokeLoader: hxxp://146.19.173.221/file24si.exe leads to the download of:

Gi7w0rm's tweet image. #DanaBot coming in via #SmokeLoader: hxxp://146.19.173.221/file24si.exe leads to the download of:
Gi7w0rm's tweet image. #DanaBot coming in via #SmokeLoader: hxxp://146.19.173.221/file24si.exe leads to the download of:
0
2
17
1
3K
GregSacco75's profile picture. 🎯 Directeur #Marketing #Communication @whaller_fr | Chef d'escadron (RC) @CyberGEND I #Tech #CyberSécurité #SouverainetéNumérique | Fondateur @communicant_le
🇫🇷 Gregory Saccomani 🇮🇹
@GregSacco75
Jun 16

300 000 PC infectés, un réseau mondial… et une erreur de débutant : les hackers de #DanaBot ont laissé une porte ouverte. Résultat : la justice a tout récupéré. Même les cybercriminels devraient penser à faire un audit de sécurité 😅 v/@01net ow.ly/bRvA30sNjgm

GregSacco75's tweet image. 300 000 PC infectés, un réseau mondial… et une erreur de débutant : les hackers de #DanaBot ont laissé une porte ouverte. Résultat : la justice a tout récupéré. Même les cybercriminels devraient penser à faire un audit de sécurité 😅 v/@01net ow.ly/bRvA30sNjgm
0
0
2
0
30
JAMESWT_WT's profile picture. #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
JAMESWT
 @JAMESWT_WT
Feb 14, 2024

"Comunicazione Importante dall'Agenzia delle Entrate" spam email spread #DanaBot Urls redirect > content.servepics.[com/login.php portfolio.serveirc.[com/login.php >JS > dll http://soundata.]top/resources.dll Samples bazaar.abuse.ch/browse/tag/age… AnyRun app.any.run/tasks/a059217b…

JAMESWT_WT's tweet image. "Comunicazione Importante dall'Agenzia delle Entrate" spam email spread #DanaBot Urls redirect > content.servepics.[com/login.php portfolio.serveirc.[com/login.php >JS > dll http://soundata.]top/resources.dll Samples bazaar.abuse.ch/browse/tag/age… AnyRun app.any.run/tasks/a059217b…
JAMESWT_WT's tweet image. "Comunicazione Importante dall'Agenzia delle Entrate" spam email spread #DanaBot Urls redirect > content.servepics.[com/login.php portfolio.serveirc.[com/login.php >JS > dll http://soundata.]top/resources.dll Samples bazaar.abuse.ch/browse/tag/age… AnyRun app.any.run/tasks/a059217b…
JAMESWT_WT's tweet image. "Comunicazione Importante dall'Agenzia delle Entrate" spam email spread #DanaBot Urls redirect > content.servepics.[com/login.php portfolio.serveirc.[com/login.php >JS > dll http://soundata.]top/resources.dll Samples bazaar.abuse.ch/browse/tag/age… AnyRun app.any.run/tasks/a059217b…
JAMESWT_WT's tweet image. "Comunicazione Importante dall'Agenzia delle Entrate" spam email spread #DanaBot Urls redirect > content.servepics.[com/login.php portfolio.serveirc.[com/login.php >JS > dll http://soundata.]top/resources.dll Samples bazaar.abuse.ch/browse/tag/age… AnyRun app.any.run/tasks/a059217b…
1
10
34
2
10K
ESET_de's profile picture. ESET ist ein europäischer IT-Sicherheitshersteller. Unser Motto: Wo Technologie Fortschritt ermöglicht, macht ESET ihn sicher. Impressum: https://t.co/XeP4g3EYjo
ESET DACH
 @ESET_de
Jul 30

🚨 Threat Check 3/5: #Infostealer im Visier ESET & Behörden schlagen zurück:📉 #LummaStealer (-21 %) & #Danabot (-52 %) stark getroffen. Hotspots: 🇺🇸 USA (44 %), 🇵🇱 Polen (29 %) 🔗 Mehr im ESET #ThreatReport: welivesecurity.com/de/eset-resear… #ESET #CyberSecurity #ProgressProtected

ESET_de's tweet image. 🚨 Threat Check 3/5: #Infostealer im Visier ESET & Behörden schlagen zurück:📉 #LummaStealer (-21 %) & #Danabot (-52 %) stark getroffen. Hotspots: 🇺🇸 USA (44 %), 🇵🇱 Polen (29 %) 🔗 Mehr im ESET #ThreatReport: welivesecurity.com/de/eset-resear… #ESET #CyberSecurity #ProgressProtected
0
1
1
0
133
ESET's profile picture. Technology improves our lives and how business is done more than anyone might have imagined. When that technology enables progress, ESET is here to protect it.
ESET
 @ESET
Jul 23

ESET Experts often collaborate with external parties and joined global law enforcement agencies to disrupt #LummaStealer, which had grown 21% in early 2025, and #Danabot, which surged 52% with attacks hitting the US (44%) and Poland (29%).

ESET's tweet image. ESET Experts often collaborate with external parties and joined global law enforcement agencies to disrupt #LummaStealer, which had grown 21% in early 2025, and #Danabot, which surged 52% with attacks hitting the US (44%) and Poland (29%).
1
3
9
0
1K
ESETresearch's profile picture. Security research and breaking news straight from ESET Research Labs.
ESET Research
@ESETresearch
Jul 11

In May 2025, #ESET participated in operations that largely disrupted the infrastructure of two notorious infostealers: #LummaStealer and #Danabot. 1/6

2
13
38
6
8K
EHackerNews's profile picture. CySecurity News is one of the leading IT security news portal delivers news on #security #hacking #Exploit #CyberCrime & #infosec #Hacker. *
CySecurity News
 @EHackerNews
Jun 28

DanaBot Malware Enables Data Breaches and Russian Espionage cysecurity.news/2025/06/danabo… #CrowdStrikeoutage #DanaBot #DataBreaches

EHackerNews's tweet image. DanaBot Malware Enables Data Breaches and Russian Espionage cysecurity.news/2025/06/danabo… #CrowdStrikeoutage #DanaBot #DataBreaches
1
2
1
0
708
musectech's profile picture. it-sec
raido
 @musectech
Jun 19

fascinating story in the latest @hackedpodcast about the #danabot operation - how an infection with their own malware exposed the malware creators 👏 justice.gov/usao-cdca/pr/1…

musectech's tweet card. A federal grand jury indictment and criminal complaint unsealed today charge 16 defendants who allegedly developed and deployed the DanaBot malware which a Russia-based cybercrime organization...
16 Defendants Federally Charged in Connection with DanaBot Malware
Source: justice.gov
0
0
2
0
63
EHackerNews's profile picture. CySecurity News is one of the leading IT security news portal delivers news on #security #hacking #Exploit #CyberCrime & #infosec #Hacker. *
CySecurity News
 @EHackerNews
Jun 17

DanaBot Malware Network Disrupted After Researchers Discover Key Flaw cysecurity.news/2025/06/danabo… #cryptocurrency #DanaBot #DDOSAttacks

EHackerNews's tweet image. DanaBot Malware Network Disrupted After Researchers Discover Key Flaw cysecurity.news/2025/06/danabo… #cryptocurrency #DanaBot #DDOSAttacks
1
1
1
0
667
erwandf's profile picture. Co-founder & VP @whaller_fr -- Courir plus pour manger plus --
Erwan de FERRIERES
@erwandf
Jun 16

300 000 PC infectés, un réseau mondial… et une erreur de débutant : les hackers de #DanaBot ont laissé une porte ouverte. Résultat : la justice a tout récupéré. Même les cybercriminels devraient penser à faire un audit de sécurité 😅 v/@01net ow.ly/1qgW30sNjiA

erwandf's tweet image. 300 000 PC infectés, un réseau mondial… et une erreur de débutant : les hackers de #DanaBot ont laissé une porte ouverte. Résultat : la justice a tout récupéré. Même les cybercriminels devraient penser à faire un audit de sécurité 😅 v/@01net ow.ly/1qgW30sNjiA
0
0
2
0
27
Alexpinsard's profile picture. Co-fondateur- CTO chez @whaller_fr
Alexandre
 @Alexpinsard
Jun 16

300 000 PC infectés, un réseau mondial… et une erreur de débutant : les hackers de #DanaBot ont laissé une porte ouverte. Résultat : la justice a tout récupéré. Même les cybercriminels devraient penser à faire un audit de sécurité 😅 v/@01net ow.ly/Fpj530sNjh0

Alexpinsard's tweet image. 300 000 PC infectés, un réseau mondial… et une erreur de débutant : les hackers de #DanaBot ont laissé une porte ouverte. Résultat : la justice a tout récupéré. Même les cybercriminels devraient penser à faire un audit de sécurité 😅 v/@01net ow.ly/Fpj530sNjh0
0
0
1
0
16
GregSacco75's profile picture. 🎯 Directeur #Marketing #Communication @whaller_fr | Chef d'escadron (RC) @CyberGEND I #Tech #CyberSécurité #SouverainetéNumérique | Fondateur @communicant_le
🇫🇷 Gregory Saccomani 🇮🇹
@GregSacco75
Jun 16

300 000 PC infectés, un réseau mondial… et une erreur de débutant : les hackers de #DanaBot ont laissé une porte ouverte. Résultat : la justice a tout récupéré. Même les cybercriminels devraient penser à faire un audit de sécurité 😅 v/@01net ow.ly/bRvA30sNjgm

GregSacco75's tweet image. 300 000 PC infectés, un réseau mondial… et une erreur de débutant : les hackers de #DanaBot ont laissé une porte ouverte. Résultat : la justice a tout récupéré. Même les cybercriminels devraient penser à faire un audit de sécurité 😅 v/@01net ow.ly/bRvA30sNjgm
0
0
2
0
30
proofpoint's profile picture. We secure how people, data and AI agents connect across email, cloud and collaboration tools. Follow @threatinsight for updates on the threat landscape.
Proofpoint
@proofpoint
Jun 12

The U.S. DoJ announced criminal charges against 16 individuals law enforcement authorities have linked to #DanaBot, a #malware operation first identified and named by Proofpoint @threatinsight in May 2018. Read on in @ArsTechnica: brnw.ch/21wTme0

proofpoint's tweet card. An example of how a single malware operation can enable both criminal and state-sponsored hacking.
Feds charge 16 Russians allegedly tied to botnets used in cyberattacks and spying
Source: arstechnica.com
0
0
2
0
264
antonioierano's profile picture. married, no money for scammers🤣 security, cyber and privacy freack. Tweets are mine and does not represent any company view or affiliation.
antonio ierano
 @antonioierano
Jun 12

#DanaBot, a malware that a Russia-based #cybercrime organization controlled and deployed, infecting more than 300,000 victim computers around the world, has been disrupted. Read this @Proofpoint blog for the details. bit.ly/446lD86

0
1
1
0
30
Shift6Security's profile picture. Dedicated cyber experts safeguarding industry ecosystems. Crafting strong, strategic defenses.Stay informed with top insights 👉 https://t.co/Yn6eoitfyQ
ShiftSix Security
 @Shift6Security
Jun 12

A simple coding error led to the takedown of DanaBot a major malware-as-a-service platform active from 2018 to 2025. Researchers quietly monitored the operation for 3+ years after discovering a critical memory leak in its C2 protocol. #CyberSecurity #DanaBot

Shift6Security's tweet image. A simple coding error led to the takedown of DanaBot a major malware-as-a-service platform active from 2018 to 2025. Researchers quietly monitored the operation for 3+ years after discovering a critical memory leak in its C2 protocol. #CyberSecurity #DanaBot
0
2
2
0
178
fishpassenger's profile picture. Programming. UI/UX Design. Algorithms. Cyber Security… and everything nice! #buildinpublic
fipa 🚀
 @fishpassenger
Jun 11

Oops! 😬 A coding blunder in a June 2022 update of the DanaBot malware actually helped law enforcement take down the whole operation! Read about the C2 bug that exposed the bad guys: [URL] #DanaBot #Malware #Cybersecurity #LawEnforcement #BugHunt bleepingcomputer.com/news/security/…

fishpassenger's tweet card. A vulnerability in the DanaBot malware operation introduced in June 2022 update led to the identification, indictment, and dismantling of their operations in a recent law enforcement action.
DanaBot malware operators exposed via C2 bug added in 2022
Source: bleepingcomputer.com
0
0
0
0
16
the_yellow_fall's profile picture. Welcome to the Daily Cybersecurity site, your trusted source for cybersecurity news and insights since 2017!
Gray Hats
 @the_yellow_fall
Jun 11

DanaBot's "DanaBleed" memory leak, active for 3 years, exposed C2 server data, aiding law enforcement in Operation Endgame takedown. #DanaBot #DanaBleed #Cybercrime #Malware #InfoSec securityonline.info/danableed-flaw…

the_yellow_fall's tweet card. DanaBot's "DanaBleed" memory leak, active for 3 years, exposed C2 server data, aiding law enforcement in Operation Endgame takedown.
"DanaBleed" Flaw Exposes DanaBot's Inner Workings for Three Years
Source: securityonline.info
0
1
0
1
298
TonyB04402580's profile picture.
TonyB
 @TonyB04402580
May 30

U.S. authorities have charged 16 defendants in a massive global operation to disrupt the Russia-based #cybercrime group behind the #DanaBot malware. @CyberSecDive spoke with Selena Larson of @Proofpoint to learn more details. Read her commentary here. bit.ly/43EDXVk

TonyB04402580's tweet card. Authorities said malware linked to Russia-based cybercrime group infected more than 300,000 computers around the world with the malicious code.
US authorities charge 16 in operation to disrupt DanaBot malware
Source: cybersecuritydive.com
0
0
0
0
16
antonioierano's profile picture. married, no money for scammers🤣 security, cyber and privacy freack. Tweets are mine and does not represent any company view or affiliation.
antonio ierano
 @antonioierano
May 30

U.S. authorities have charged 16 defendants in a massive global operation to disrupt the Russia-based #cybercrime group behind the #DanaBot malware. @CyberSecDive spoke with Selena Larson of @Proofpoint to learn more details. Read her commentary here. bit.ly/4dPs97t

0
0
0
0
15
gogodinez's profile picture.
Carlos Godinez
 @gogodinez
May 30

U.S. authorities have charged 16 defendants in a massive global operation to disrupt the Russia-based #cybercrime group behind the #DanaBot malware. @CyberSecDive spoke with Selena Larson of @Proofpoint to learn more details. Read her commentary here. bit.ly/44VcUHK

0
0
0
0
14
HoomanMinai's profile picture. Cybersecurity Solution Expert -Enabling channel partners to become cybersecurity advisors
Hooman Minai
 @HoomanMinai
May 29

#DanaBot, "a juggernaut of the e-crime landscape” according to threat research expert at Proofpoint Selena Larson, has been disrupted by law enforcement. This @WIRED article highlights the impact of the takedown. bit.ly/4jpNy8i

HoomanMinai's tweet card. A new US indictment against a group of Russian nationals offers a clear example of how, authorities say, a single malware operation can enable both criminal and state-sponsored hacking.
Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware, Cyberattacks, and Spying
Source: wired.com
0
0
0
0
7
JAMESWT_WT's profile picture. #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
JAMESWT
 @JAMESWT_WT
Jul 24, 2024

#AgenziaEntrate #Danabot Samples bazaar.abuse.ch/browse/tag/83-… AnyRun app.any.run/tasks/70fe0874… 📛83.147.53.]197 📛104.194.148.]11

JAMESWT_WT's tweet image. #AgenziaEntrate #Danabot Samples bazaar.abuse.ch/browse/tag/83-… AnyRun app.any.run/tasks/70fe0874… 📛83.147.53.]197 📛104.194.148.]11
JAMESWT_WT's tweet image. #AgenziaEntrate #Danabot Samples bazaar.abuse.ch/browse/tag/83-… AnyRun app.any.run/tasks/70fe0874… 📛83.147.53.]197 📛104.194.148.]11
JAMESWT_WT's tweet image. #AgenziaEntrate #Danabot Samples bazaar.abuse.ch/browse/tag/83-… AnyRun app.any.run/tasks/70fe0874… 📛83.147.53.]197 📛104.194.148.]11
JAMESWT_WT's tweet image. #AgenziaEntrate #Danabot Samples bazaar.abuse.ch/browse/tag/83-… AnyRun app.any.run/tasks/70fe0874… 📛83.147.53.]197 📛104.194.148.]11
AgidCert's profile picture. Profilo ufficiale del CERT dell'Agenzia per l'Italia Digitale | Official account of the CERT of the Agency for Digital Italy @AgidGov Telegram: https://t.co/VqkIRFY4s9
Cert AgID
 @AgidCert
Jun 21, 2024

🇮🇹 Nuova campagna #DanaBot a tema #AgenziaEntrate ⚔️ TTP: come precedente campagna del 18/06/2024 ➡️ Questa volta il codice HTML iniziale NON riporta più gli insulti in lingua italiana qualora l'IP sia censito in blocklist. 💣#IoC 👇 🔗t.me/certagid/682

0
4
6
0
3K
0
5
18
0
2K
JAMESWT_WT's profile picture. #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
JAMESWT
 @JAMESWT_WT
Aug 22, 2024

H/T @malwrhunterteam IP 91.92.242.]111 Some Samples bazaar.abuse.ch/browse/tag/91-… AnyRun #DanaBot app.any.run/tasks/503aecb4… C2 :443 176.117.68.]38 91.92.242.]111 45.80.158.]189 176.117.68.]39

JAMESWT_WT's tweet image. H/T @malwrhunterteam IP 91.92.242.]111 Some Samples bazaar.abuse.ch/browse/tag/91-… AnyRun #DanaBot app.any.run/tasks/503aecb4… C2 :443 176.117.68.]38 91.92.242.]111 45.80.158.]189 176.117.68.]39
JAMESWT_WT's tweet image. H/T @malwrhunterteam IP 91.92.242.]111 Some Samples bazaar.abuse.ch/browse/tag/91-… AnyRun #DanaBot app.any.run/tasks/503aecb4… C2 :443 176.117.68.]38 91.92.242.]111 45.80.158.]189 176.117.68.]39
1
6
7
1
2K
evanderburg's profile picture. Cybersecurity, Privacy, and Tech Leader, Author, Consultant, and Speaker, Opinions are my own.
Eric Vanderburg
 @evanderburg
Sep 22, 2018

#DanaBot banking Trojan evolves and now targets European countries i.securitythinkingcap.com/Ql1yNW

evanderburg's tweet image. #DanaBot banking Trojan evolves and now targets European countries i.securitythinkingcap.com/Ql1yNW
0
0
2
0
0
JAMESWT_WT's profile picture. #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
JAMESWT
 @JAMESWT_WT
Jan 20, 2025

"A few questions" #booking #danabot 👇 ⛔️feedbackinnguest999214[.world 👇 ⛔️31.177.110.]99/ 👇 verification.hta.mp4 antibot.hta.mp4 AWLYURLX.exe ⛔️88.151.192[.8 ⛔️178.253.55[.80 👉Samples bazaar.abuse.ch/browse/tag/boo… 👉Urls urlhaus.abuse.ch/browse/tag/boo… 👉AnyRun app.any.run/tasks/3ae8fa99…

JAMESWT_WT's tweet image. "A few questions" #booking #danabot 👇 ⛔️feedbackinnguest999214[.world 👇 ⛔️31.177.110.]99/ 👇 verification.hta.mp4 antibot.hta.mp4 AWLYURLX.exe ⛔️88.151.192[.8 ⛔️178.253.55[.80 👉Samples bazaar.abuse.ch/browse/tag/boo… 👉Urls urlhaus.abuse.ch/browse/tag/boo… 👉AnyRun app.any.run/tasks/3ae8fa99…
JAMESWT_WT's tweet image. "A few questions" #booking #danabot 👇 ⛔️feedbackinnguest999214[.world 👇 ⛔️31.177.110.]99/ 👇 verification.hta.mp4 antibot.hta.mp4 AWLYURLX.exe ⛔️88.151.192[.8 ⛔️178.253.55[.80 👉Samples bazaar.abuse.ch/browse/tag/boo… 👉Urls urlhaus.abuse.ch/browse/tag/boo… 👉AnyRun app.any.run/tasks/3ae8fa99…
JAMESWT_WT's tweet image. "A few questions" #booking #danabot 👇 ⛔️feedbackinnguest999214[.world 👇 ⛔️31.177.110.]99/ 👇 verification.hta.mp4 antibot.hta.mp4 AWLYURLX.exe ⛔️88.151.192[.8 ⛔️178.253.55[.80 👉Samples bazaar.abuse.ch/browse/tag/boo… 👉Urls urlhaus.abuse.ch/browse/tag/boo… 👉AnyRun app.any.run/tasks/3ae8fa99…
3
7
18
6
3K
BlackBerry's profile picture. BlackBerry provides enterprises and governments the intelligent software and services to power the world around us.
BlackBerry
@BlackBerry
Nov 21, 2021

ICYMI: #DanaBot: Coming to a malspam campaign near you This Malware-as-a-Service (MaaS) offering is gaining traction as a flexible platform to launch everything from bank fraud to DDos attacks. Learn more in this week's #ThreatThursday: bddy.me/3HBEE6h

BlackBerry's tweet image. ICYMI: #DanaBot: Coming to a malspam campaign near you This Malware-as-a-Service (MaaS) offering is gaining traction as a flexible platform to launch everything from bank fraud to DDos attacks. Learn more in this week's #ThreatThursday: bddy.me/3HBEE6h
1
5
32
0
0
James_inthe_box's profile picture.
James
 @James_inthe_box
Apr 27, 2019

An interesting #danabot sample found by @malwrhunterteam c2 is https://frezyderm-orders[.]gr/sites/all/notused/not/ponto.php traffic is interesting...note the PLUG1M hash 4dd8d8778c7fb45a189a5759771c08c37de1fa4fb722f265c4d78e3c826610e7 on @mal_share

James_inthe_box's tweet image. An interesting #danabot sample found by @malwrhunterteam c2 is https://frezyderm-orders[.]gr/sites/all/notused/not/ponto.php traffic is interesting...note the PLUG1M hash 4dd8d8778c7fb45a189a5759771c08c37de1fa4fb722f265c4d78e3c826610e7 on @mal_share
3
8
32
0
0
JAMESWT_WT's profile picture. #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
JAMESWT
 @JAMESWT_WT
Jan 20, 2025

"Has this problem been addressed?" #booking spam email spread #ClickFix #DanaBot ✅Samples bazaar.abuse.ch/browse/tag/pnp… ❇️AnyRun app.any.run/tasks/eed5f44b… ⛔️Urls reportguest4895921[.world/ gitlab.[com/pnp30/svn/-/raw/main/ deploy. md deps .zip

JAMESWT_WT's tweet image. "Has this problem been addressed?" #booking spam email spread #ClickFix #DanaBot ✅Samples bazaar.abuse.ch/browse/tag/pnp… ❇️AnyRun app.any.run/tasks/eed5f44b… ⛔️Urls reportguest4895921[.world/ gitlab.[com/pnp30/svn/-/raw/main/ deploy. md deps .zip
JAMESWT_WT's tweet image. "Has this problem been addressed?" #booking spam email spread #ClickFix #DanaBot ✅Samples bazaar.abuse.ch/browse/tag/pnp… ❇️AnyRun app.any.run/tasks/eed5f44b… ⛔️Urls reportguest4895921[.world/ gitlab.[com/pnp30/svn/-/raw/main/ deploy. md deps .zip
JAMESWT_WT's tweet image. "Has this problem been addressed?" #booking spam email spread #ClickFix #DanaBot ✅Samples bazaar.abuse.ch/browse/tag/pnp… ❇️AnyRun app.any.run/tasks/eed5f44b… ⛔️Urls reportguest4895921[.world/ gitlab.[com/pnp30/svn/-/raw/main/ deploy. md deps .zip
JAMESWT_WT's tweet image. "Has this problem been addressed?" #booking spam email spread #ClickFix #DanaBot ✅Samples bazaar.abuse.ch/browse/tag/pnp… ❇️AnyRun app.any.run/tasks/eed5f44b… ⛔️Urls reportguest4895921[.world/ gitlab.[com/pnp30/svn/-/raw/main/ deploy. md deps .zip
1
9
14
5
3K
BlackBerry's profile picture. BlackBerry provides enterprises and governments the intelligent software and services to power the world around us.
BlackBerry
@BlackBerry
Nov 18, 2021

#DanaBot: Coming to a malspam campaign near you This Malware-as-a-Service (MaaS) offering is gaining traction as a flexible platform to launch everything from bank fraud to DDos attacks. Learn more in this week's #ThreatThursday: bddy.me/3FxR2SV

BlackBerry's tweet image. #DanaBot: Coming to a malspam campaign near you This Malware-as-a-Service (MaaS) offering is gaining traction as a flexible platform to launch everything from bank fraud to DDos attacks. Learn more in this week's #ThreatThursday: bddy.me/3FxR2SV
0
4
13
0
0
EHackerNews's profile picture. CySecurity News is one of the leading IT security news portal delivers news on #security #hacking #Exploit #CyberCrime & #infosec #Hacker. *
CySecurity News
 @EHackerNews
Nov 22

DanaBot Malware Resurfaces With New Variant After Operation Endgame Disruption cysecurity.news/2025/11/danabo… #CyberAttacks #CyberCrime #DanaBot

EHackerNews's tweet image. DanaBot Malware Resurfaces With New Variant After Operation Endgame Disruption cysecurity.news/2025/11/danabo… #CyberAttacks #CyberCrime #DanaBot
0
1
0
0
613
JAMESWT_WT's profile picture. #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
JAMESWT
 @JAMESWT_WT
Feb 14, 2024

"Comunicazione Importante dall'Agenzia delle Entrate" spam email spread #DanaBot Urls redirect > content.servepics.[com/login.php portfolio.serveirc.[com/login.php >JS > dll http://soundata.]top/resources.dll Samples bazaar.abuse.ch/browse/tag/age… AnyRun app.any.run/tasks/a059217b…

JAMESWT_WT's tweet image. "Comunicazione Importante dall'Agenzia delle Entrate" spam email spread #DanaBot Urls redirect > content.servepics.[com/login.php portfolio.serveirc.[com/login.php >JS > dll http://soundata.]top/resources.dll Samples bazaar.abuse.ch/browse/tag/age… AnyRun app.any.run/tasks/a059217b…
JAMESWT_WT's tweet image. "Comunicazione Importante dall'Agenzia delle Entrate" spam email spread #DanaBot Urls redirect > content.servepics.[com/login.php portfolio.serveirc.[com/login.php >JS > dll http://soundata.]top/resources.dll Samples bazaar.abuse.ch/browse/tag/age… AnyRun app.any.run/tasks/a059217b…
JAMESWT_WT's tweet image. "Comunicazione Importante dall'Agenzia delle Entrate" spam email spread #DanaBot Urls redirect > content.servepics.[com/login.php portfolio.serveirc.[com/login.php >JS > dll http://soundata.]top/resources.dll Samples bazaar.abuse.ch/browse/tag/age… AnyRun app.any.run/tasks/a059217b…
JAMESWT_WT's tweet image. "Comunicazione Importante dall'Agenzia delle Entrate" spam email spread #DanaBot Urls redirect > content.servepics.[com/login.php portfolio.serveirc.[com/login.php >JS > dll http://soundata.]top/resources.dll Samples bazaar.abuse.ch/browse/tag/age… AnyRun app.any.run/tasks/a059217b…
1
10
34
2
10K
Unit42_Intel's profile picture. The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
Unit 42
 @Unit42_Intel
Aug 4, 2023

2023-08-03 (Thursday): Malicious Google ad led to a fake TurboTax page pushing an installer package that led to #DanaBot. List of indicators available at bit.ly/3qfbEgL

Unit42_Intel's tweet image. 2023-08-03 (Thursday): Malicious Google ad led to a fake TurboTax page pushing an installer package that led to #DanaBot. List of indicators available at bit.ly/3qfbEgL
Unit42_Intel's tweet image. 2023-08-03 (Thursday): Malicious Google ad led to a fake TurboTax page pushing an installer package that led to #DanaBot. List of indicators available at bit.ly/3qfbEgL
Unit42_Intel's tweet image. 2023-08-03 (Thursday): Malicious Google ad led to a fake TurboTax page pushing an installer package that led to #DanaBot. List of indicators available at bit.ly/3qfbEgL
Unit42_Intel's tweet image. 2023-08-03 (Thursday): Malicious Google ad led to a fake TurboTax page pushing an installer package that led to #DanaBot. List of indicators available at bit.ly/3qfbEgL
0
38
72
10
14K
Gi7w0rm's profile picture. Threat Intelligence Analyst | Projects: https://t.co/azRpNg9NJQ & https://t.co/SyvUfXpbmI | If I post false intel, contact me! Support me: https://t.co/5WgDqr0K8p 🇪🇺🇩🇪🇺🇦🌈
Gi7w0rm
 @Gi7w0rm
May 9, 2023

#DanaBot coming in via #SmokeLoader: hxxp://146.19.173.221/file24si.exe leads to the download of:

Gi7w0rm's tweet image. #DanaBot coming in via #SmokeLoader: hxxp://146.19.173.221/file24si.exe leads to the download of:
Gi7w0rm's tweet image. #DanaBot coming in via #SmokeLoader: hxxp://146.19.173.221/file24si.exe leads to the download of:
0
2
17
1
3K
James_inthe_box's profile picture.
James
 @James_inthe_box
Oct 17, 2019

A bunch of #danabot zip -> zip -> vbs thanks to @FewAtoms pastebin.com/p9BDUjh5 and cc @apple as one of the c2's appears to be in your netblock?

James_inthe_box's tweet image. A bunch of #danabot zip -> zip -> vbs thanks to @FewAtoms pastebin.com/p9BDUjh5 and cc @apple as one of the c2's appears to be in your netblock?
2
6
13
0
0
anyrun_app's profile picture. Empowering businesses with proactive security solutions: Interactive Sandbox, TI Lookup and Feeds. Sign up: https://t.co/8hIX0QhDCc
ANY.RUN
@anyrun_app
Apr 11, 2019

#Danabot is interesting in using different techniques to infect and hold on in a system. Let's take a detailed view of it! Downloader > 2 DLLs x86/x64 in ProgramData > Stealing data > Bypass UAC (WUSA) > Creates Service > Injects to system processes app.any.run/tasks/44f91d51…

anyrun_app's tweet image. #Danabot is interesting in using different techniques to infect and hold on in a system. Let's take a detailed view of it! Downloader > 2 DLLs x86/x64 in ProgramData > Stealing data > Bypass UAC (WUSA) > Creates Service > Injects to system processes app.any.run/tasks/44f91d51…
0
9
9
1
0
CERT_Polska's profile picture. Oficjalny profil zespołu CERT Polska | Zgłoszenie incydentu: https://t.co/NNUSNq61UT | O nas: https://t.co/mv9SshTgzy
CERT Polska
@CERT_Polska
Jul 2, 2019

Ostrzegamy przed dużą kampanią spamową podszywającą się pod fakturę z Orange. Do wiadomości o tytule "E-Faktura Orange" dołączony jest #brushaloader, który pobierze trojana bankowego #danabot atakującego obecnie m.in. klientów polskich banków.

CERT_Polska's tweet image. Ostrzegamy przed dużą kampanią spamową podszywającą się pod fakturę z Orange. Do wiadomości o tytule "E-Faktura Orange" dołączony jest #brushaloader, który pobierze trojana bankowego #danabot atakującego obecnie m.in. klientów polskich banków.
2
18
17
0
0
Artilllerie's profile picture. Security Alchemist (France / Bordeaux)
Artilllerie ☣
 @Artilllerie
Aug 3, 2022

#Danabot This is what the recent 2052 version of the control panel looks like @malwrhunterteam

Artilllerie's tweet image. #Danabot This is what the recent 2052 version of the control panel looks like @malwrhunterteam
Artilllerie's tweet image. #Danabot This is what the recent 2052 version of the control panel looks like @malwrhunterteam
Artilllerie's tweet image. #Danabot This is what the recent 2052 version of the control panel looks like @malwrhunterteam
Artilllerie's tweet image. #Danabot This is what the recent 2052 version of the control panel looks like @malwrhunterteam
1
10
35
6
0
F5Labs's profile picture. We process application threat data from @F5 and our partners into actionable intelligence. We analyze and share information to benefit the security community.
F5 Labs
 @F5Labs
Oct 28, 2019

[In Review] #danabot is everywhere! Many samples we’ve recently investigated deliver malicious client-side code that’s removed milliseconds after injection. Targets include large financial institutions in Poland and Australia, popular social networks, and adult sites.

F5Labs's tweet image. [In Review] #danabot is everywhere! Many samples we’ve recently investigated deliver malicious client-side code that’s removed milliseconds after injection. Targets include large financial institutions in Poland and Australia, popular social networks, and adult sites.
F5Labs's tweet image. [In Review] #danabot is everywhere! Many samples we’ve recently investigated deliver malicious client-side code that’s removed milliseconds after injection. Targets include large financial institutions in Poland and Australia, popular social networks, and adult sites.
F5Labs's tweet image. [In Review] #danabot is everywhere! Many samples we’ve recently investigated deliver malicious client-side code that’s removed milliseconds after injection. Targets include large financial institutions in Poland and Australia, popular social networks, and adult sites.
0
7
8
1
0
hatching_io's profile picture. Cybersecurity specialists focused on malware sandboxing. Hatching Triage Unlimited, free, and state-of-the-art sandboxing at https://t.co/Z0pc40OMYO
Hatching
 @hatching_io
Aug 6, 2021

In yesterday's updates we made some improvements to our #Danabot configuration extractor. Check out recent samples here: tria.ge/s/family:danab… If you missed it catch up on this week's changes in our latest Triage Thursday blogpost - hatching.io/blog/tt-2021-0…

hatching_io's tweet image. In yesterday's updates we made some improvements to our #Danabot configuration extractor. Check out recent samples here: tria.ge/s/family:danab… If you missed it catch up on this week's changes in our latest Triage Thursday blogpost - hatching.io/blog/tt-2021-0…
0
3
7
0
0

Something went wrong.


Something went wrong.


United States Trends