Tag: danabot

8 Attack Reports | 0 Vulnerabilities

Attack reports

Downloader Malware Written in JPHP Interpreter

A newly discovered malware utilizes JPHP, a PHP interpreter running on Java Virtual Machine, to create a downloader. The malware is distributed in a ZIP file containing Java Runtime Environment and libraries, enabling execution without a separate Java environment. It communicates with a C2 server, …
danabot
strrat
php
jphp
2025-04-17
Published: April 17, 2025
Downloadable IOCs: 4

Phishing campaign impersonates Booking.com, delivers a suite of credential-stealing malware

A phishing campaign targeting organizations in the hospitality industry has been identified, impersonating Booking.com and using the ClickFix social engineering technique to deliver multiple credential-stealing malware. The campaign, tracked as Storm-1865, targets individuals likely to work with Bo…
xworm
phishing
social engineering
lumma stealer
asyncrat
danabot
venomrat
clickfix
netsupport rat
booking.com
2025-03-13
credential-stealing
2025-04-13
Published: April 13, 2025
Downloadable IOCs: 0

Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape

Proofpoint researchers have identified a surge in the ClickFix social engineering technique across the threat landscape. This technique uses dialogue boxes with fake error messages to trick users into copying, pasting, and running malicious content on their computers. Multiple threat actors are emp…
xworm
phishing
social engineering
powershell
darkgate
lumma stealer
asyncrat
danabot
latrodectus
netsupport
cybersecurity
clickfix
threat actors
brute ratel c4
2024-11-18
malware delivery
lucky volunteer
recaptcha phish
threat landscape
Published: November 18, 2024
Downloadable IOCs: 0

Security Brief: Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware

A threat actor is targeting transportation and logistics companies in North America with malware campaigns. The actor uses compromised email accounts to inject malicious content into existing conversations, making messages appear legitimate. Campaigns primarily deliver Lumma Stealer, StealC, NetSup…
lumma stealer
danabot
2024-09-24
transportation
Published: September 24, 2024
Downloadable IOCs: 23

Exploring the D3F@ck Malware-as-a-Service Loader

This report analyzes the D3F@ck Loader, a malware-as-a-service (MaaS) offering orchestrated by an individual going by the alias Sergei Panteleevich. The loader utilizes various evasion techniques, including the use of Extended Validation certificates, Inno Setup installers with custom Pascal script…
malware
loader
obfuscation
stealer
danabot
metastealer
sectoprat
2024-08-19
raccoon stealer
certificates
d3f@ck loader
Published: August 19, 2024
Linked vulnerabilities : CVE-2024-7593 (CVSS 9.8)
Downloadable IOCs: 4

Campaign uses infostealers and clippers for financial gain

Kaspersky has uncovered a complex malware campaign orchestrated by Russian-speaking cybercriminals. The threat actors create sub-campaigns mimicking legitimate projects, using social media to enhance credibility. They host initial downloaders on Dropbox to deliver infostealers like Danabot and Stea…
phishing
evasion
infostealer
cryptocurrency
injection
danabot
stealc
russian
2024-08-16
clipper
Published: August 16, 2024
Downloadable IOCs: 68

D3F@ck Loader, the New MaaS Loader

In March 2024, eSentire's Threat Response Unit (TRU) discovered multiple instances of D3F@ck Loader infections being propagated via Google Ads. This new loader, which debuted on hacking forums in January 2024 (Figure 1), can allegedly bypass several key security features such as Google Chrome, Edge…
loader
phishing
danabot
2024-05-21
google ads
smartscreen
c2 server
figure
inno setup
microsoft
unit
cyber
fileswindows nt
threat response
Published: May 21, 2024
Linked vulnerabilities : CVE-2024-3400
Downloadable IOCs: 3

Distribution of DanaBot Malware via Word Files Detected

This analysis examines the infection process of the DanaBot malware, distributed through sophisticated spam emails containing malicious Word documents. The documents leverage external links to download and execute macro files, which subsequently fetch and run the DanaBot payload. The infection chai…
malware
evasion
data theft
spam
2024-05-09
macros
danabot
2024-05-14
2024-05-10
Published: May 14, 2024
Downloadable IOCs: 0
Click here to see more Attack Reports