DanaBleed: DanaBot C2 Server Memory Leak Bug

    Wednesday, June 11, 2025 In: Threat Research Print

    Date: 06/11/2025

    Severity: High

    Summary

    DanaBot is a Malware-as-a-Service (MaaS) platform active since 2018, operating through an affiliate model where the developer provides the malware, C2 infrastructure, and support. Affiliates use DanaBot for credential theft, banking fraud, and other malicious activities. It has been linked to high-profile incidents, including a supply chain attack via NPM packages and a DDoS assault on Ukraine’s Ministry of Defense in 2022. In May 2025, law enforcement agencies disrupted DanaBot’s infrastructure under Operation Endgame and indicted 16 individuals connected to the group.

    Indicators of Compromise (IOC) List

    Hash : 

    3ce09a0cc03dcf3016c21979b10bc3bfc61a7ba3f582e2838a78f0ccd3556555

    ae5eaeb93764bf4ac7abafeb7082a14682c10a15d825d3b76128f63e0aa6ceb9

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Hash : 

    sha256hash IN ("ae5eaeb93764bf4ac7abafeb7082a14682c10a15d825d3b76128f63e0aa6ceb9","3ce09a0cc03dcf3016c21979b10bc3bfc61a7ba3f582e2838a78f0ccd3556555")

    Reference:    

    https://www.zscaler.com/blogs/security-research/danableed-danabot-c2-server-memory-leak-bug#introduction


    Tags

    MalwareDanaBotMaaSCredentialTheftFinancial ServicesDDoSUkraine

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.