December 3, 2023
Severity High Analysis Summary A new and sophisticated Android malware, named FjordPhantom, has been disclosed by cybersecurity researchers. The malware targets users in Southeast Asian countries, […]
Rewterz Threat Update – World’s Largest Book Distributors Baker & Taylor Suffered A Ransomware Attack
August 31, 2022Rewterz Threat Alert – Hive Ransomware – Active IOCs
August 31, 2022Rewterz Threat Update – World’s Largest Book Distributors Baker & Taylor Suffered A Ransomware Attack
August 31, 2022Rewterz Threat Alert – Hive Ransomware – Active IOCs
August 31, 2022
Severity
High
Analysis Summary
DanaBot is a persistent and ever-evolving threat that has been circulating in the wild since 2018. DanaBot was originally marketed as a Malware-as-a-Service (MaaS) offering primarily targeted banking fraud and data theft. It has, however, getting more advanced and intricate as time has progressed. DanaBot is a high-risk trojan-type malware that infiltrates the system and collects a variety of sensitive data. DanaBot is spread by developers through spam email campaigns. Users get unsolicited emails with false content encouraging them to open MS Office documents attached. When these attachments are accessed, DanaBot is secretly downloaded and installed. Infected email attachments, malicious online advertisements, social engineering, and software cracks are the distribution methods of this Trojan.
Impact
- Password & identity theft
- Data Exfiltration
- Information Theft
Indicators of Compromise
MD5
- aed1e5ec3c9ce8a67bc44a3f68857ab7
- 7af6d7432c1c28fd0e838cf284992168
SHA-256
- 8f09335527418007f56d1664c91b1584c1d150ce3b7258653c538c7f7bf1f5b0
- 02e953aa7944d6b08f4084331f938cda0d6ffc2a62ec1b5fd7daa80ae0128d1e
SHA-1
- be93b755addfe949fe1a7804d4f804d7faf8c592
- d1ff6844b5e4281dfa9ca3ebd6748a9cc5b57024
Remediation
- Block all the threat indicators at your respective controls.
- Search for IOCs in your environment.