Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- DanaBot updated with new C&C communication
- Indicators of Compromise (IoCs)
- C&C servers used by the new version of DanaBot
- 84.54.37[.]102
- 89.144.25[.]243
- 89.144.25[.]104
- 178.209.51[.]211
- 185.92.222[.]238
- 192.71.249[.]51
- Webinject and redirect servers
- 47.74.249[.]106
- 95.179.227[.]160
- 185.158.249[.]144
- Example hashes
- Note that since new builds of DanaBot’s components are released regularly, we provide just a sampling of hashes.
- Component SHA-1 ESET detection name
- Dropper 98C70361EA611BA33EE3A79816A88B2500ED7844 Win32/TrojanDropper.Danabot.O
- Loader (x86), campaign ID=3 0DF17562844B7A0A0170C9830921C3442D59C73C Win32/Spy.Danabot.L
- Loader (x64), campaign ID=3 B816E90E9B71C85539EA3BB897E4F234A0422F85 Win64/Spy.Danabot.G
- Loader (x86), campaign ID=9 5F085B19657D2511A89F3172B7887CE29FC70792 Win32/Spy.Danabot.I
- Loader (x64), campaign ID=9 4075375A08273E65C223116ECD2CEF903BA97B1E Win64/Spy.Danabot.F
- Main module (x86) 28139782562B0E4CAB7F7885ECA75DFCA5E1D570 Win32/Spy.Danabot.K
- Main module (x64) B1FF7285B49F36FE8D65E7B896FCCDB1618EAA4B Win64/Spy.Danabot.C
- Plugins
- Plugin SHA-1 ESET detection name
- RDPWrap 890B5473B419057F89802E0B6DA011B315F3EF94 Win32/Spy.Danabot.H
- Stealer (x86) E50A03D12DDAC6EA626718286650B9BB858B2E69 Win32/Spy.Danabot.C
- Stealer (x64) 9B0EC454401023DF6D3D4903735301BA669AADD1 Win64/Spy.Danabot.E
- Sniffer DBFD8553C66275694FC4B32F9DF16ADEA74145E6 Win32/Spy.Danabot.B
- VNC E0880DCFCB1724790DFEB7DFE01A5D54B33D80B6 Win32/Spy.Danabot.D
- TOR 73A5B0BEE8C9FB4703A206608ED277A06AA1E384 Win32/Spy.Danabot.G
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement