Lexfo's security blog - DanaBot Communications Update
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Model Credentials - T1589.001 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | aa64ee6b-f8c8-4d15-8c7e-6398326376fc |
| Fingerprint | ffbc75394c21a0d9 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 20, 2021, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:45 p.m. |
| Headline | |
| Title | Lexfo's security blog - DanaBot Communications Update |
| Detected Hints/Tags/Attributes | 64/2/84 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blog.lexfo.fr/danabot-malware.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 71 | aes.new |
|
| Details | Domain | 74 | code.jquery.com |
|
| Details | Domain | 17 | apis.google.com |
|
| Details | Domain | 4 | clients5.google.com |
|
| Details | Domain | 335 | www.facebook.com |
|
| Details | Domain | 4 | static.xx.fbcdn.net |
|
| Details | Domain | 20 | ajax.googleapis.com |
|
| Details | Domain | 41 | www.google-analytics.com |
|
| Details | Domain | 5 | www.googletagservices.com |
|
| Details | Domain | 4 | sb.scorecardresearch.com |
|
| Details | Domain | 1 | start.duckduckgo.com |
|
| Details | Domain | 45 | www.eff.org |
|
| Details | Domain | 16 | www.gstatic.com |
|
| Details | Domain | 4 | cdn.taboola.com |
|
| Details | Domain | 2 | acdn.adnxs.com |
|
| Details | Domain | 3 | aolcdn.com |
|
| Details | Domain | 5 | yimg.com |
|
| Details | Domain | 88 | www.bing.com |
|
| Details | Domain | 38 | pagead2.googlesyndication.com |
|
| Details | Domain | 198 | youtube.com |
|
| Details | Domain | 12 | discordapp.com |
|
| Details | Domain | 330 | facebook.com |
|
| Details | Domain | 1 | myhentaigallery.com |
|
| Details | Domain | 2 | chat.google.com |
|
| Details | Domain | 2 | messenger.com |
|
| Details | Domain | 94 | bing.com |
|
| Details | Domain | 1 | api.us-east-1.aiv-delivery.net |
|
| Details | Domain | 1 | agafurretor.com |
|
| Details | Domain | 1 | openclassrooms.workplace.com |
|
| Details | Domain | 1 | signaler-pa.clients6.google.com |
|
| Details | Domain | 194 | drive.google.com |
|
| Details | Domain | 8 | business.facebook.com |
|
| Details | Domain | 2 | youtube-nocookie.com |
|
| Details | File | 1 | aes_decrypt_file.bin |
|
| Details | File | 4 | client.js |
|
| Details | File | 1 | jn.js |
|
| Details | File | 4 | rsrc.php |
|
| Details | File | 18 | analytics.js |
|
| Details | File | 18 | ga.js |
|
| Details | File | 1 | beacon.js |
|
| Details | File | 4 | cdn.tab |
|
| Details | File | 2 | taboolacookiesyncscript.js |
|
| Details | File | 2 | ast.js |
|
| Details | File | 1 | adswrappermsni.js |
|
| Details | File | 1 | yap.js |
|
| Details | File | 218 | min.js |
|
| Details | File | 85 | www.bin |
|
| Details | File | 1 | us-east-1.ai |
|
| Details | File | 207 | login.php |
|
| Details | File | 56 | update.php |
|
| Details | md5 | 1 | 4bf83b85c574067b4074736de91e5abe |
|
| Details | md5 | 1 | 37de4ba1241135ac083c24bc4b8d149b |
|
| Details | sha1 | 1 | 9cf54baeb58cbf66584ae16b1aec8878ae7044ed |
|
| Details | sha1 | 1 | 3d745452194f0b6428e83bd7ffb1814f8d4528fa |
|
| Details | sha256 | 1 | ec532fdfbdf6c112bcd7504ae1e38f34c25b854db7714b833dc40f0be43fe2ac |
|
| Details | sha256 | 1 | f59f52b317d15da9e99af5a20f14142ede484edb070f99a8bd04dfabecdc70b4 |
|
| Details | IPv4 | 1 | 88.150.227.98 |
|
| Details | IPv4 | 1 | 23.229.29.48 |
|
| Details | IPv4 | 1 | 5.9.224.204 |
|
| Details | IPv4 | 1 | 192.210.222.81 |
|
| Details | IPv4 | 1 | 142.11.244.124 |
|
| Details | IPv4 | 2 | 142.11.206.50 |
|
| Details | Url | 1 | https://code.jquery.com/jquery*.js |
|
| Details | Url | 1 | https://apis.google.com/js/client.js |
|
| Details | Url | 1 | https://clients5.google.com/ads/measurement/jn/jn.js |
|
| Details | Url | 1 | https://www.facebook.com/rsrc.php/*.js |
|
| Details | Url | 1 | https://static.xx.fbcdn.net/rsrc.php/*.js |
|
| Details | Url | 1 | https://ajax.googleapis.com/ajax/libs/jquery |
|
| Details | Url | 4 | https://www.google-analytics.com/analytics.js |
|
| Details | Url | 1 | https://www.google-analytics.com/ga.js |
|
| Details | Url | 1 | https://www.googletagservices.com/tag/js*.js |
|
| Details | Url | 1 | https://sb.scorecardresearch.com/beacon.js |
|
| Details | Url | 1 | https://start.duckduckgo.com*.js |
|
| Details | Url | 1 | https://www.eff.org/*.js |
|
| Details | Url | 1 | https://apis.google.com/_ |
|
| Details | Url | 4 | https://www.gstatic.com |
|
| Details | Url | 1 | https://cdn.taboola.com/taboolacookiesyncscript.js |
|
| Details | Url | 1 | https://acdn.adnxs.com/ast/ast.js |
|
| Details | Url | 1 | https://s.aolcdn.com/ads/adswrappermsni.js |
|
| Details | Url | 1 | https://s.yimg.com/av/yap/ga/yap.js |
|
| Details | Url | 1 | https://s.yimg.com/rq/darla/*/js/*min.js |
|
| Details | Url | 1 | https://www.bing.com/rms/*.js |
|
| Details | Url | 1 | https://pagead2.googlesyndication.com/pagead/js/*.js |
|
| Details | Url | 1 | https://88.150.227.98/collect| |