101010.pl

Hackread.com🚨 Researchers warn of a surge in <a href="https://mstdn.social/tags/ClickFix" class="mention hashtag" rel="nofollow noopener" target="_blank">#ClickFix</a> scams impersonating <a href="https://mstdn.social/tags/Booking" class="mention hashtag" rel="nofollow noopener" target="_blank">#Booking</a>.com. Fake CAPTCHAs trick users into running malware like XWorm and DanaBot.Read: <a href="https://hackread.com/clickfix-email-scam-fake-booking-com-emails-malware/" rel="nofollow noopener" translate="no" target="_blank">https://hackread.com/clickfix-email-scam-fake-booking-com-emails-malware/</a><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mstdn.social/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://mstdn.social/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://mstdn.social/tags/XWorm" class="mention hashtag" rel="nofollow noopener" target="_blank">#XWorm</a> <a href="https://mstdn.social/tags/DanaBot" class="mention hashtag" rel="nofollow noopener" target="_blank">#DanaBot</a> <a href="https://mstdn.social/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#Scam</a>

Hackread.com⛔ <a href="https://mstdn.social/tags/OperationEndgame" class="mention hashtag" rel="nofollow noopener" target="_blank">#OperationEndgame</a>: Police takes down DanaBot malware network; 300 servers neutralized, €21.2M in crypto seized and 16 charged/Read: <a href="https://hackread.com/operation-endgame-danabot-malware-neutralizes-servers/" rel="nofollow noopener" translate="no" target="_blank">https://hackread.com/operation-endgame-danabot-malware-neutralizes-servers/</a><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mstdn.social/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberCrime</a> <a href="https://mstdn.social/tags/DanaBot" class="mention hashtag" rel="nofollow noopener" target="_blank">#DanaBot</a> <a href="https://mstdn.social/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://mstdn.social/tags/Europe" class="mention hashtag" rel="nofollow noopener" target="_blank">#Europe</a>

The New OilFeds Charge 16 Russians Allegedly Tied to Botnets Used in <a href="https://mastodon.thenewoil.org/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ransomware</a>, Cyberattacks, and Spying<a href="https://www.wired.com/story/us-charges-16-russians-danabot-malware/" rel="nofollow noopener" translate="no" target="_blank">https://www.wired.com/story/us-charges-16-russians-danabot-malware/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/botnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#botnet</a> <a href="https://mastodon.thenewoil.org/tags/DanaBot" class="mention hashtag" rel="nofollow noopener" target="_blank">#DanaBot</a> <a href="https://mastodon.thenewoil.org/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybercrime</a>

The Spamhaus Project🔥 Operation Endgame is BACK! This time targeting <a href="https://infosec.exchange/tags/BumbleBee" class="mention hashtag" rel="nofollow noopener" target="_blank">#BumbleBee</a>, <a href="https://infosec.exchange/tags/Latrodectus" class="mention hashtag" rel="nofollow noopener" target="_blank">#Latrodectus</a>, <a href="https://infosec.exchange/tags/DanaBot" class="mention hashtag" rel="nofollow noopener" target="_blank">#DanaBot</a>, <a href="https://infosec.exchange/tags/WarmCookie" class="mention hashtag" rel="nofollow noopener" target="_blank">#WarmCookie</a>, <a href="https://infosec.exchange/tags/Qakbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Qakbot</a> and <a href="https://infosec.exchange/tags/Trickbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trickbot</a>!Once again this is a HUGE win, with a truly international effort! 💪 As with phase one of <a href="https://infosec.exchange/tags/OperationEndgame" class="mention hashtag" rel="nofollow noopener" target="_blank">#OperationEndgame</a>, Spamhaus are providing remediation support - those affected will be contacted in due course with steps to take. For more information, read our write-up here: 👉 <a href="https://www.spamhaus.org/resource-hub/malware/botnets-disrupted-worldwide-operation-endgame-is-back/" rel="nofollow noopener" translate="no" target="_blank">https://www.spamhaus.org/resource-hub/malware/botnets-disrupted-worldwide-operation-endgame-is-back/</a>

ESET ResearchThe <a href="https://infosec.exchange/tags/FBI" class="mention hashtag" rel="nofollow noopener" target="_blank">#FBI</a> and <a href="https://infosec.exchange/tags/DCIS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DCIS</a> disrupted <a href="https://infosec.exchange/tags/Danabot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Danabot</a>. <a href="https://infosec.exchange/tags/ESET" class="mention hashtag" rel="nofollow noopener" target="_blank">#ESET</a> was one of several companies that cooperated in this effort. <a href="https://www.welivesecurity.com/en/eset-research/danabot-analyzing-fallen-empire/" rel="nofollow noopener" translate="no" target="_blank">https://www.welivesecurity.com/en/eset-research/danabot-analyzing-fallen-empire/</a> <a href="https://infosec.exchange/tags/ESETresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#ESETresearch</a> has been involved in this operation since 2018. Our contribution included providing technical analyses of the malware and its backend infrastructure, as well as identifying Danabot’s C&C servers. Danabot is a <a href="https://infosec.exchange/tags/MaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#MaaS</a> <a href="https://infosec.exchange/tags/infostealer" class="mention hashtag" rel="nofollow noopener" target="_blank">#infostealer</a> that has also been seen pushing additional malware – even <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#ransomware</a>, such as <a href="https://infosec.exchange/tags/LockBit" class="mention hashtag" rel="nofollow noopener" target="_blank">#LockBit</a>, <a href="https://infosec.exchange/tags/Buran" class="mention hashtag" rel="nofollow noopener" target="_blank">#Buran</a>, and <a href="https://infosec.exchange/tags/Crisis" class="mention hashtag" rel="nofollow noopener" target="_blank">#Crisis</a> – to compromised systems. We have analyzed Danabot campaigns all around the world and found a substantial number of distinct samples of the malware, as well as identified more than 1,000 C&Cs. This infostealer is frequently promoted on underground forums. The affiliates are offered an administration panel application, a backconnect tool for real-time control of bots, and a proxy server application that relays the communication between the bots and the C&C server. IoCs are available in our GitHub repo. You can expect updates with more details in the coming days. <a href="https://github.com/eset/malware-ioc/tree/master/danabot" rel="nofollow noopener" translate="no" target="_blank">https://github.com/eset/malware-ioc/tree/master/danabot</a>

BradFrom a social media post I wrote for my employer at <a href="https://www.linkedin.com/posts/unit42_malvertising-matanbuchus-danabot-activity-7208934021207113728-Tc05" rel="nofollow noopener" translate="no" target="_blank">https://www.linkedin.com/posts/unit42_malvertising-matanbuchus-danabot-activity-7208934021207113728-Tc05</a> and <a href="https://x.com/Unit42_Intel/status/1803168396755820812" rel="nofollow noopener" translate="no" target="_blank">https://x.com/Unit42_Intel/status/1803168396755820812</a>2024-06-17 (Monday) <a href="https://infosec.exchange/tags/Malvertising" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malvertising</a>: Google ad leads to fake funds claim site, which leads to <a href="https://infosec.exchange/tags/Matanbuchus" class="mention hashtag" rel="nofollow noopener" target="_blank">#Matanbuchus</a> infection with <a href="https://infosec.exchange/tags/Danabot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Danabot</a>. Nearly identical infection chain seen in March 2024. Indicators for this week's activity available at <a href="https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-06-17-IOCs-from-Matanbuchus-infection-with-Danabot.txt" rel="nofollow noopener" translate="no" target="_blank">https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-06-17-IOCs-from-Matanbuchus-infection-with-Danabot.txt</a>A <a href="https://infosec.exchange/tags/pcap" class="mention hashtag" rel="nofollow noopener" target="_blank">#pcap</a> of the infection and the associated malware/artifacts are available at <a href="https://malware-traffic-analysis.net/2024/06/17/index.html" rel="nofollow noopener" translate="no" target="_blank">https://malware-traffic-analysis.net/2024/06/17/index.html</a>I also posted a Youtube video showing how I found and downloaded the initial zip archive at: <a href="https://www.youtube.com/watch?v=0Uxpq0mq-OM" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=0Uxpq0mq-OM</a>The video shows how it's not a straight-forward download, and a victim needs to enter information, go through a captcha, and click some buttons along the way.

🛡 H3lium@infosec.exchange/:~# :blinking_cursor:🤖 DanaBot Strikes: Threat actors are misusing Google Ads 🩸🦠🔍 Webex Google Ads Malware AlertThreat actors are misusing Google Ads to create fake Webex ads that lead users to malware-infested sites. <a href="https://www.malwarebytes.com/blog/threat-intelligence/2023/09/ongoing-webex-malvertising-drops-batloader" rel="nofollow noopener" target="_blank">Malwarebytes discovered</a> this scheme, with the perpetrators likely based in Mexico. These deceptive ads, appearing genuine with the official Webex logo and URL, exploit a Google Ad platform loophole to redirect users.Clicking the ad takes users to a site that screens out researchers. Targeted users are then led to a malware site. If they download from this site, they get the BatLoader malware, which subsequently installs the DanaBot trojan. DanaBot can steal passwords and provide attackers direct system access.For safety, avoid promoted Google Search results and always download from trusted sources.📌 Indicators of CompromiseCloaking infrastructuremonoo3at[.]com 206.71.149[.]46Decoy sitewebexadvertisingoffer[.]com 31.31.196[.]208BatLoaderfugas[.]site/debug/Installer90.2.msi 2727a418f31e8c0841f8c3e79455067798a1c11c2b83b5c74d2de4fb3476b654BatLoader C2updatecorporatenetworks[.]ru 91.199.147[.]226DanaBot7a1245584c0a12186aa7228c75a319ca7f57e7b0db55c1bd9b8d7f9b397bfac8👉 <a href="https://www.bleepingcomputer.com/news/security/fake-cisco-webex-google-ads-abuse-tracking-templates-to-push-malware/" rel="nofollow noopener" target="_blank">Read the Full Article</a><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/MalwareAnalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareAnalysis</a> <a href="https://infosec.exchange/tags/DanaBot" class="mention hashtag" rel="nofollow noopener" target="_blank">#DanaBot</a> <a href="https://infosec.exchange/tags/BatLoader" class="mention hashtag" rel="nofollow noopener" target="_blank">#BatLoader</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/Webex" class="mention hashtag" rel="nofollow noopener" target="_blank">#Webex</a>

Jérôme SeguraA malvertising campaign targeting corporate users looking to download Webex has been running for almost a week.This blog shares the details: <a href="https://www.malwarebytes.com/blog/threat-intelligence/2023/09/ongoing-webex-malvertising-drops-batloader" rel="nofollow noopener" translate="no" target="_blank">https://www.malwarebytes.com/blog/threat-intelligence/2023/09/ongoing-webex-malvertising-drops-batloader</a><a href="https://infosec.exchange/tags/malvertising" class="mention hashtag" rel="nofollow noopener" target="_blank">#malvertising</a> <a href="https://infosec.exchange/tags/BatLoader" class="mention hashtag" rel="nofollow noopener" target="_blank">#BatLoader</a> <a href="https://infosec.exchange/tags/DanaBot" class="mention hashtag" rel="nofollow noopener" target="_blank">#DanaBot</a>

BradTweet I wrote for my employer:2023-08-03 (Thursday): Malicious Google ad led to a fake TurboTax page pushing an installer package that led to <a href="https://infosec.exchange/tags/DanaBot" class="mention hashtag" rel="nofollow noopener" target="_blank">#DanaBot</a>. List of indicators available at <a href="https://github.com/pan-unit42/tweets/blob/master/2023-08-03-IOCs-for-malicious-ad-to-Danabot.txt" rel="nofollow noopener" translate="no" target="_blank">https://github.com/pan-unit42/tweets/blob/master/2023-08-03-IOCs-for-malicious-ad-to-Danabot.txt</a>I checked and was still able to get the malicious ad again today (Friday 2023-08-04).<a href="https://infosec.exchange/tags/pcap" class="mention hashtag" rel="nofollow noopener" target="_blank">#pcap</a> of the infection traffic, along with the associated malware and artifacts are available at <a href="https://malware-traffic-analysis.net/2023/08/03/index.html" rel="nofollow noopener" translate="no" target="_blank">https://malware-traffic-analysis.net/2023/08/03/index.html</a>

Recent searches

Search options

Administered by:

Server stats:

#danabot