Rewterz Threat Alert – DarkCrystal RAT (DCRat) – Active IOCs
June 10, 2022Rewterz Threat Alert – DeadBolt Ransomware – Active IOCs
June 10, 2022Rewterz Threat Alert – DarkCrystal RAT (DCRat) – Active IOCs
June 10, 2022Rewterz Threat Alert – DeadBolt Ransomware – Active IOCs
June 10, 2022Severity
High
Analysis Summary
DanaBot is a persistent and ever-evolving threat that has been circulating in the wild since 2018. DanaBot was originally marketed as a Malware-as-a-Service (MaaS) offering primarily targeted banking fraud and data theft. It has, however, getting more advanced and intricate as time has progressed. DanaBot is a high-risk trojan-type malware that infiltrates the system and collects a variety of sensitive data. DanaBot is spread by developers through spam email campaigns. Users get unsolicited emails with false content encouraging them to open MS Office documents attached. When these attachments are accessed, DanaBot is secretly downloaded and installed. Infected email attachments, malicious online advertisements, social engineering, and software cracks are the distribution methods of this Trojan.
Impact
- Password & identity theft
- Data Exfiltration
- Information Theft
Indicators of Compromise
MD5
- ab4cf6181cfb102ec86c66d56af2d229
SHA-256
- f7c566ca7413a1259a7bcc120bc431a5ad129438b1e8b9b51c398d5eecfc51a5
SHA-1
- ac756cbff2887e804e9957898b0d6450a33a0aa1
Remediation
- Block all threat indicators at their respective controls
- Search for IOCs in your environment.