Lmst

Operation Endgame 2: 15 Millionen E-Mail-Adressen und 43 Millionen Passwörter | Security https://www.heise.de/news/Operation-Endgame-2-15-Millionen-E-Mail-Adressen-und-43-Millionen-Passwoerter-10396199.html #HaveIBeenPwned #Malware #Ransomware #Hacking #CyberCrime #Bumblebee #Latrodectus #Qakbot #DanaBot #HijackLoader #Warmcookie #Trickbot #Prolock #Doppelpaymer #REvil #Conti #BlackBasta #Cactus #OperationEndgame2

Global operation dismantles DanaBot malware network, indicting 16 and recovering $50M+ in losses. #Cybersecurity #DanaBot #OperationEndgame

More details: https://cyberscoop.com/danabot-malware-botnet-seizure-takedown - https://www.flagthis.com/news/15679

Danabot: Analyzing a fallen empire

ESET Research shares insights into Danabot, an infostealer recently disrupted by law enforcement. The malware, tracked since 2018, evolved from a banking trojan to a versatile tool for data theft and malware distribution. Operated as a malware-as-a-service, Danabot offered features like data stealing, keylogging, and remote control. Its infrastructure included C&C servers, an administration panel, and proxy servers. Distribution methods varied from email spam to Google Ads misuse. The takedown operation involved multiple cybersecurity companies and law enforcement agencies, leading to the identification of individuals responsible for Danabot's development and operations.

Pulse ID: 683357a6f329fa7aedccd8a8
Pulse Link: https://otx.alienvault.com/pulse/683357a6f329fa7aedccd8a8
Pulse Author: AlienVault
Created: 2025-05-25 17:47:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #CandC #CyberSecurity #DanaBot #DataTheft #ESET #Email #Google #InfoSec #InfoStealer #LawEnforcement #Malware #MalwareAsAService #OTX #OpenThreatExchange #Proxy #RAT #RCE #Spam #Trojan #bot #AlienVault

El #gobierno de EE. UU. desmanteló la red de malware #DanaBot y acusa a 16 personas en una operación global de ciberdelincuencia de 50 millones de dólares
https://blogs.masterhacks.net/noticias/hacking-y-ciberdelitos/ee-uu-desmantela-la-red-de-malware-danabot-y-acusa-a-16-personas-en-una-operacion-global-de-ciberdelincuencia-de-50-mdd/

#DanaBot botnet disrupted, #QakBot leader indicted: #OperationEndgame, mounted by law enforcement and judicial authorities from the US, Canada and the EU, continues to deliver positive results by disrupting the DanaBot botnet and indicting the leaders of both the DanaBot and Qakbot Malware-as-a-Service operations. (May 2025)

https://www.helpnetsecurity.com/2025/05/23/operation-endgame-danabot-botnet-disrupted-qakbot-leader-indicted

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #21/2025 is out!

It includes the following and much more:

🇦🇪 🇺🇸 UAE Recruiting US Personnel Displaced by #DOGE to Work on #AI for its Military;

🇺🇸 Madhu Gottumukkala New Deputy Director of #CISA;

📊 New metric called Likely Exploited Vulnerabilities (LEV) introduced;

🇪🇺 European Union sanctions Stark Industries for enabling #cyberattacks;

❌ 📸 @signalapp now blocks #Microsoft Recall screenshots on #Windows 11;

🇺🇸 🇪🇺 The #FBI and #Europol have disrupted the Lumma Stealer #malware network;

❌ 🦠 #DanaBot malware operation taken down;

📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-21-2025

Operation Endgame 2.0: 20 Haftbefehle, Hunderte Server außer Gefecht gesetzt | Security https://www.heise.de/news/Operation-Endgame-2-0-20-Haftbefehle-Hunderte-Server-ausser-Gefecht-gesetzt-10394215.html #OperationEndgame #OperationEndgame2 #Malware #Ranswomware #Hacking #CyberCrime #Bumblebee #Latrodectus #Qakbot #DanaBot #HijackLoader #Warmcookie #Trickbot #Prolock #Doppelpaymer #REvil #Conti #BlackBasta #Cactus

16 indicted in global DanaBot malware scheme causing $50M+ in damages. #Cybercrime #DanaBot #Malware

More details: https://cyberscoop.com/danabot-malware-botnet-seizure-takedown - https://www.flagthis.com/news/15513

Danabot: Analyzing a fallen empire

The infostealer Danabot has been disrupted in a multinational law enforcement operation. ESET has been tracking Danabot since 2018, contributing to the effort by providing technical analyses and identifying C&C servers. Danabot operates as a malware-as-a-service, offering various features like data theft, keylogging, and remote control. It has been used to distribute additional malware, including ransomware. The malware's authors promote their toolset through underground forums, providing affiliates with an administration panel, backconnect tool, and proxy server application. Distribution methods have included email spam, other malware, and misuse of Google Ads. Danabot employs a proprietary encrypted communication protocol and offers multiple build options for affiliates.

Pulse ID: 6830d7d901805bebfd4e9d74
Pulse Link: https://otx.alienvault.com/pulse/6830d7d901805bebfd4e9d74
Pulse Author: AlienVault
Created: 2025-05-23 20:17:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CandC #CyberSecurity #DanaBot #DataTheft #ESET #Email #Google #InfoSec #InfoStealer #LawEnforcement #Malware #MalwareAsAService #OTX #OpenThreatExchange #Proxy #RAT #RCE #RansomWare #Spam #bot #AlienVault

Inside DanaBot's Infrastructure: In Support of Operation Endgame II

DanaBot, a versatile and persistent threat since 2018, has evolved from a banking trojan to a multi-purpose malware platform. It maintained an average of 150 active C2 servers daily, with 1,000 daily victims across 40+ countries. The malware's stealth and multi-tiered architecture contributed to its success. Operated likely from Russia, DanaBot's infrastructure includes Tier 1, Tier 2, and Tier 3 C2 servers. The botnet's size peaked during high-profile events, with Mexico and the US among the most impacted countries. Despite its longevity, only 25% of its C2 servers had detectable malicious signatures. Operation Endgame II, a collaborative effort between security firms and law enforcement, dealt a significant blow to DanaBot's operations.

Pulse ID: 6830c33591b2e16fa30806c3
Pulse Link: https://otx.alienvault.com/pulse/6830c33591b2e16fa30806c3
Pulse Author: AlienVault
Created: 2025-05-23 18:49:25

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #CyberSecurity #DanaBot #InfoSec #LawEnforcement #Malware #Mexico #OTX #OpenThreatExchange #RAT #RCE #Russia #Trojan #bot #botnet #AlienVault

⛔ #OperationEndgame: Police takes down DanaBot malware network; 300 servers neutralized, €21.2M in crypto seized and 16 charged/

Read: https://hackread.com/operation-endgame-danabot-malware-neutralizes-servers/

#CyberSecurity #CyberCrime #DanaBot #Malware #Europe

Inside DanaBot’s Infrastructure: In Support of Operation Endgame II
#DanaBot
https://blog.lumen.com/inside-danabots-infrastructure-in-support-of-operation-endgame-ii/

More 📰! @ESETresearch participated in global disruption of notorious infostealer #Danabot by the US DOJ, DOD and FBI, and others. Since 2018, @ESET Research has tracked the evolution of this powerful malware-as-a-service operation. 🔎💻

More👀: https://www.welivesecurity.com/en/eset-research/danabot-analyzing-fallen-empire/

Feds Charge 16 Russians Allegedly Tied to Botnets Used in #Ransomware, Cyberattacks, and Spying

https://www.wired.com/story/us-charges-16-russians-danabot-malware/

#cybersecurity #botnet #DanaBot #cybercrime

Happy Friday everyone!

With the news breaking that the #DanaBot was disrupted, it got me thinking: How do these pieces of malware function and how do they stay on the victim's machines? And when you think of what a botnet operator really needs is repeated access to the compromised machine which gets me thinking about persistence. So, I poked around my favorite resources, the MITRE ATT&CK Matrix, looked at as many bot malware they have, and looked at what they had in common from a perspective of persistence. Two of the most common techniques used were T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder and T1053.005 - Scheduled Task/Job: Scheduled Task. So, if you are hunting for bots, you may want to start there! Enjoy the read and Happy Hunting!

DanaBot malware disrupted, threat actors named
https://intel471.com/blog/danabot-malware-disrupted-threat-actors-named

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Operation Endgame 2.0

International law enforcement agencies have taken additional actions in Operation Endgame, targeting cybercriminal organizations, particularly those behind DanaBot. DanaBot is a powerful modular malware family written in Delphi, capable of keylogging, capturing screenshots, recording desktop videos, exfiltrating files, injecting content into web browsers, and deploying second-stage malware. It operates as a Malware-as-a-Service platform, enabling various attacks. DanaBot has been used in targeted attacks against government officials in the Middle East and Eastern Europe, and for DDoS attacks against Ukrainian servers. The malware implements a custom binary protocol encrypted with RSA and AES, and uses hardcoded C2 servers with Tor as a backup communication channel. Over 50 nicknames have been associated with DanaBot affiliates.

Pulse ID: 683046e8073360953a9307d2
Pulse Link: https://otx.alienvault.com/pulse/683046e8073360953a9307d2
Pulse Author: AlienVault
Created: 2025-05-23 09:59:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #CyberSecurity #DDoS #DanaBot #Delphi #DoS #EasternEurope #Europe #Government #InfoSec #LawEnforcement #Malware #MalwareAsAService #MiddleEast #OTX #OpenThreatExchange #RAT #RCE #UK #Ukr #Ukrainian #bot #AlienVault

🔥 Operation Endgame is BACK! This time targeting #BumbleBee, #Latrodectus, #DanaBot, #WarmCookie, #Qakbot and #Trickbot!

Once again this is a HUGE win, with a truly international effort! 💪

As with phase one of #OperationEndgame, Spamhaus are providing remediation support - those affected will be contacted in due course with steps to take.

For more information, read our write-up here:
👉 https://www.spamhaus.org/resource-hub/malware/botnets-disrupted-worldwide-operation-endgame-is-back/

🚨 A major cybercrime network just got knocked offline.

The U.S. DOJ has announced the takedown of DanaBot, a long-running malware platform used in:
💵 Banking fraud
🧑‍💻 Ransomware delivery
🎣 Credential harvesting

What makes this takedown notable:
🌍 It involved law enforcement from multiple countries
🧑‍⚖️ Indictments have been unsealed against five developers, not just operators
🔄 DanaBot has been active since 2016, constantly evolving through modular upgrades

Remember, persistent, well-coordinated threats don’t vanish on their own — and that real deterrence starts with attribution and action.

#CyberSecurity #DanaBot #DOJ #LawEnforcement #CyberCrime

https://www.databreachtoday.com/us-takes-down-danabot-malware-indicts-developers-a-28466