Analysis & Insights

Government

DanaBot Operators Spear Phish Government Employees

26 February - 5 March 2019

The operators behind the DanaBot trojan have been spear phishing employees at an Australian government agency, with intentions to gain a foothold in the targeted network.
The operators behind the DanaBot trojan have been spear phishing employees at an Australian government agency, with intentions to gain a foothold in the targeted network. The phishing email contains a link that downloads a ZIP archive with an obfuscated VBScript file within. When extracted, the script fetches an executable file from the attackers’ server to install the DanaBot trojan. DanaBot is modular and functions such as VNC remote desktop connection, information stealer, keylogger and web injections can be added on demand. 

References:
[1] Breakdown of a Targeted DanaBot Attack
 
 
 
 
 
 

More Weekly Cyber Newsanalysis and insights

Government

DanaBot Operators Spear Phish Government Employees

26 February - 5 March 2019

The operators behind the DanaBot trojan have been spear phishing employees at an Australian government agency, with intentions to gain a foothold in the targeted network.
The operators behind the DanaBot trojan have been spear phishing employees at an Australian government agency, with intentions to gain a foothold in the targeted network. The phishing email contains a link that downloads a ZIP archive with an obfuscated VBScript file within. When extracted, the script fetches an executable file from the attackers’ server to install the DanaBot trojan. DanaBot is modular and functions such as VNC remote desktop connection, information stealer, keylogger and web injections can be added on demand. 

References:
[1] Breakdown of a Targeted DanaBot Attack
 
 
 
 
 
 

More Weekly Cyber Newsanalysis and insights