🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Category | Malware Intelligence |
Malware Name | *Possibly DanaBot* |
Affected OS | Windows , Linux |
WinVNC | Firefox | FTP Control |
Screen Saver 9x | Apple Safari | NetDrive |
PC Remote Control | Remote Desktop Connection | Becky |
ASP.NET Account | Cisco VPN Client | The Bat! |
FreeCall | GetRight | Outlook |
Vypress Auvis | FlashGet/JetCar | Eudora |
CamFrog | FAR Manager FTP | Gmail Notifier |
Win9x NetCache | Windows/Total Commander | Mail.Ru Agent |
ICQ2003/Lite | WS_FTP | IncrediMail |
"&RQ, R&Q" | CuteFTP | Group Mail Free |
Yahoo! Messenger | FlashFXP | PocoMail |
Digsby | FileZilla | Forte Agent |
Odigo | FTP Commander | Scribe |
IM2/Messenger 2 | BulletProof FTP Client | POP Peeper |
Google Talk | SmartFTP | Mail Commander |
Faim | TurboFTP | Windows Live Mail |
MySpaceIM | <FFFTP | Mozilla Thunderbird |
MSN Messenger | CoffeeCup FTP | SeaMonkey |
Windows Live Messenger | Core FTP | Flock |
Paltalk | FTP Explorer | Download Master |
Excite Private Messenger | Frigate3 FTP | Internet Download Accelerator |
Gizmo Project | SecureFX | IEWebCert |
AIM Pro | UltraFXP | IEAutoCompletePWs |
Pandion | FTPRush | VPN Accounts |
Trillian Astra | WebSitePublisher | Miranda |
888Poker | BitKinex | GAIM |
FullTiltPoker | ExpanDrive | Pidgin |
PokerStars | Classic FTP | QIP.Online |
TitanPoker | Fling | JAJC |
PartyPoker | SoftX FTP Client | WebCred |
CakePoker | Directory Opus | Windows Credentials |
UBPoker | FTP Uploader | MuxaSoft Dialer |
EType Dialer | FreeFTP/DirectFTP | FlexibleSoft Dialer |
RAS Passwords | LeapFTP | Dialer Queen |
Internet Explorer | WinSCP | VDialer |
Chrome | 32bit FTP | Advanced Dialer |
Opera | WebDrive | Windows RAS |
Impact | Mitigation |
|
|
Indicator_type | Data | Notes |
SHA256 | 30ee628504faea18dc99602971aafbc05a0b05dc964797edf49633f67cd178e2 | NPM UA-Parser package, containing legitimate UAParser.js 0.7.28 and three malicious payload files |
SHA256 | e6cba23d350cb1f049266ddf10f872216f193c5279017408b869539df2e73c83 | Malicioius JS install script, detected as JS/BadNode-A |
SHA256 | f4c800066e56dd32d20299c451fe6a2b60a3563f7f1915f8ca8db9916d810b5c | Malicious .BAT file (BAT/BadNode-A) |
SHA256 | 21e68b048024ba0cc5a2a94ecbc3a78c626ec7d5d705829a82ea4715131d0509 | Malicious Linux shellscript (SH/BadNode-A) |
SHA256 | 7f986cd3c946f274cdec73f80b84855a77bc2a3c765d68897fbc42835629a5d5 | XMRig Miner (PUA) for Windows |
SHA256 | 2a3acdcd76575762b18c18c644a745125f55ce121f742d2aad962521bc7f25fd | Malicious DLL carrying DanaBot (Mal/EncPk-AQC) |
SHA256 | ea131cc5ccf6aa6544d6cb29cdb78130feed061d2097c6903215be1499464c2e | Linux XMRig Miner |
SHA256 | bb8ccdcf17761f1e86d8ebbc1a12b123929c48c5eea4739b7619bd53728d412b | New version of malicious DLL packer |
Filename | preinstall.js | Malicioius JS install script, detected as JS/BadNode-A |
Filename | preinstall.bat | Malicious .BAT file (BAT/BadNode-A) |
Filename | preinstall.sh | Malicious Linux shellscript (SH/BadNode-A) |
Filename | create.dll | Copy of sdd.dll packer |
URL | https://citationsherbe.at/sdd.dll | Malicious DLL download URL |
URL | http://159.148.186.228/download/jsextension | Linux XMRig Miner download URL |
URL | http://159.148.186.228/download/jsextension.exe | Windows XMRig Miner download URL |
IP Address | 194.76.225.46 | C2 for Mal/EncPk-AQC |
IP Address | 185.158.250.216:443 | C2 for credential stealing malware |
IP Address | 45.11.180.153:443 | C2 for credential stealing malware |
IP Address | 194.76.225.61:443 | C2 for credential stealing malware |