

Rewterz Threat Alert – Phishing Campaign Targeting Bank Employees in Pakistan, Forging Zimbra
February 12, 2019
Rewterz Threat Advisory – Mozilla Releases Security Updates for Firefox
February 13, 2019
Rewterz Threat Alert – Phishing Campaign Targeting Bank Employees in Pakistan, Forging Zimbra
February 12, 2019
Rewterz Threat Advisory – Mozilla Releases Security Updates for Firefox
February 13, 2019Analysis Summary
DanaBot Trojan has been used in mutiple malware attacks in many countries. The Trojan has resurfaced with a new protocol for communications with C&C servers which uses AES and RSA encryption algorithms, making the existing rules used to detect C&C communications useless. A new loader has also been implemented which downloads the main module and all plugins to the victim system.
Impact
Malware Infection
Indicators of Compromise
IP(s) / Hostname(s)
- 84[.]54[.]37[.]102
- 89[.]144[.]25[.]243
- 89[.]144[.]25[.]104
- 178[.]209[.]51[.]211
- 185[.]92[.]222[.]238
- 192[.]71[.]249[.]51
- 47[.]74[.]249[.]106
- 95[.]179[.]227[.]160
- 185[.]158[.]249[.]144
Malware Hash (MD5/SHA1/SH256)
- 98C70361EA611BA33EE3A79816A88B2500ED7844
- 0DF17562844B7A0A0170C9830921C3442D59C73C
- B816E90E9B71C85539EA3BB897E4F234A0422F85
- 5F085B19657D2511A89F3172B7887CE29FC70792
- 4075375A08273E65C223116ECD2CEF903BA97B1E
- 28139782562B0E4CAB7F7885ECA75DFCA5E1D570
- B1FF7285B49F36FE8D65E7B896FCCDB1618EAA4B
- 890B5473B419057F89802E0B6DA011B315F3EF94
- E50A03D12DDAC6EA626718286650B9BB858B2E69
- 9B0EC454401023DF6D3D4903735301BA669AADD1
- DBFD8553C66275694FC4B32F9DF16ADEA74145E6
- E0880DCFCB1724790DFEB7DFE01A5D54B33D80B6
- 73A5B0BEE8C9FB4703A206608ED277A06AA1E384
Remediation
- Block the threat indicators at their respective controls.
- Keep anti-virus and other software up to date.
- Keep applications and operating systems updated with latest security patches.