Danabot
· Published 21/12/2025 04:14 · Modified 21/12/2025 14:25
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 04:14
- Modified
- 21/12/2025 14:25
- Updated at
- 21/12/2025 14:25
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 5 reports, 54 attack patterns (mitre), 20 malware, 3 sectors, 4 countries, 12 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (5)
-
15 MITREs 2 Malwares 2 Observables 1 APT
-
16 Malwares 1 Observable 1 APT
-
13 MITREs 1 Malware 65 Observables 1 APT
-
16 MITREs 7 Malwares 9 Observables 1 APT
-
12 MITREs 1 Malware 1 APT
Attack patterns (MITRE) (54)
-
T1078 usesValid Accounts MITRE
-
T1002 uses
-
T1055 usesProcess Injection MITRE
-
T1082 usesSystem Information Discovery MITRE
-
T1005 usesData from Local System MITRE
-
T1083 usesFile and Directory Discovery MITRE
-
T1496 usesResource Hijacking MITRE
-
T1543 usesCreate or Modify System Process MITRE
-
T1204 usesUser Execution MITRE
-
T1053 usesScheduled Task/Job MITRE
-
T1133 usesExternal Remote Services MITRE
-
T1059 usesCommand and Scripting Interpreter MITRE
Malware (20)
-
RecordBreaker usesFamily
-
Buran usesFamily
-
Crisis usesFamily
-
LockBit usesFamily
-
SystemBC usesFamily
-
NonRansomware usesFamily
-
Rescoms usesFamily
-
DarkGate usesFamily
-
Ursnif - S0386 usesFamily
-
PE_URSNIF usesFamily
-
DanaBot usesFamily
-
Latrodectus usesFamily
Sectors (3)
-
Government targets
-
Finance targets
-
Defense targets
Countries (4)
-
Poland targets
-
Russian Federation targets
-
Ukraine targets
-
Australia targets
Indicators (12)
-
75ff0334d46f9b7737e95ac1edcc79d956417b056154c23fad8480ec0829b079indicates -
3ce09a0cc03dcf3016c21979b10bc3bfc61a7ba3f582e2838a78f0ccd3556555indicates -
mic-tests.comindicates -
2f8e0fc38eaf08a69653f40867dcd4cc951a10cd92b8168898b9aa45ba18a5c8indicates -
ae5eaeb93764bf4ac7abafeb7082a14682c10a15d825d3b76128f63e0aa6ceb9indicates -
spy.danabot.acindicates -
871862d1117fd7d2df907406a3ce08555196800b0ef9901dd4c46f82b728263dindicates -
8da728a03e795aa9fb0aa4613759d6bdb10797107dcfb0bb23253514f890a062indicates -
e2c228d0bf460f25b39dd60f871f59ea5ef671b8a2f4879d09abae7a9d4d49fbindicates -
stix 100/100 Revoked· Valid until 18/10/2025 · Source: AlienVault
-
advanced-ip-scanned.comindicates