The Spamhaus Project<p>🔥 Operation Endgame is BACK! This time targeting <a href="https://infosec.exchange/tags/BumbleBee" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BumbleBee</span></a>, <a href="https://infosec.exchange/tags/Latrodectus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Latrodectus</span></a>, <a href="https://infosec.exchange/tags/DanaBot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DanaBot</span></a>, <a href="https://infosec.exchange/tags/WarmCookie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WarmCookie</span></a>, <a href="https://infosec.exchange/tags/Qakbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Qakbot</span></a> and <a href="https://infosec.exchange/tags/Trickbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trickbot</span></a>!</p><p>Once again this is a HUGE win, with a truly international effort! 💪 </p><p>As with phase one of <a href="https://infosec.exchange/tags/OperationEndgame" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OperationEndgame</span></a>, Spamhaus are providing remediation support - those affected will be contacted in due course with steps to take. </p><p>For more information, read our write-up here:<br>👉 <a href="https://www.spamhaus.org/resource-hub/malware/botnets-disrupted-worldwide-operation-endgame-is-back/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">spamhaus.org/resource-hub/malw</span><span class="invisible">are/botnets-disrupted-worldwide-operation-endgame-is-back/</span></a></p>
lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.
Administered by:
Server stats:
60active users
lingo.lol: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.4
#danabot
0 posts · 0 participants · 0 posts today
ESET Research<p>The <a href="https://infosec.exchange/tags/FBI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FBI</span></a> and <a href="https://infosec.exchange/tags/DCIS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DCIS</span></a> disrupted <a href="https://infosec.exchange/tags/Danabot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Danabot</span></a>. <a href="https://infosec.exchange/tags/ESET" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ESET</span></a> was one of several companies that cooperated in this effort. <a href="https://www.welivesecurity.com/en/eset-research/danabot-analyzing-fallen-empire/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">welivesecurity.com/en/eset-res</span><span class="invisible">earch/danabot-analyzing-fallen-empire/</span></a><br><a href="https://infosec.exchange/tags/ESETresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ESETresearch</span></a> has been involved in this operation since 2018. Our contribution included providing technical analyses of the malware and its backend infrastructure, as well as identifying Danabot’s C&C servers. Danabot is a <a href="https://infosec.exchange/tags/MaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MaaS</span></a> <a href="https://infosec.exchange/tags/infostealer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infostealer</span></a> that has also been seen pushing additional malware – even <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a>, such as <a href="https://infosec.exchange/tags/LockBit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LockBit</span></a>, <a href="https://infosec.exchange/tags/Buran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Buran</span></a>, and <a href="https://infosec.exchange/tags/Crisis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Crisis</span></a> – to compromised systems. <br>We have analyzed Danabot campaigns all around the world and found a substantial number of distinct samples of the malware, as well as identified more than 1,000 C&Cs. <br>This infostealer is frequently promoted on underground forums. The affiliates are offered an administration panel application, a backconnect tool for real-time control of bots, and a proxy server application that relays the communication between the bots and the C&C server. <br>IoCs are available in our GitHub repo. You can expect updates with more details in the coming days. <a href="https://github.com/eset/malware-ioc/tree/master/danabot" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/eset/malware-ioc/tr</span><span class="invisible">ee/master/danabot</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload