A vulnerability in the Danabot Malware operation introduced in June 2022 update was due to the identification, prosecution and disintegration of his operation in a law enforcement recently.
Danabot is a Malware-e-Service (MAAS) platform active through 2018 to 2025, which is used for banking fraud, credential theft, remote access and distributed service of service (DDOS) attacks.
ZSCAler’s Thartlabz Researchers Search for vulnerabilityDub ‘Denable’, explain that a memory leak allowed them to achieve a deep peak in the internal operation of malware and the people behind it.
Taking advantage of the blame for collecting valuable intelligence on cyber criminal, enabling an international law enforcement action called ‘Operation Andge’, to offline the Danabot Infrastructure and motivate 16 members of the group of danger.
Danable
Danabled Flaw was introduced in June 2022 with a databot version 2380, adding a new command and control (C2) protocol.
A weakness in the logic of the new protocol was in the mechanism that generated C2 server reactions to customers, including randomly generated padding bytes, but did not insure the new allocated memory for these.
The ZSCAler researchers collected a large number of C2 reactions and analyzed them, which were due to the memory leak bug, the survived data pieces from the server’s memory.
This exposure suits it Heart -filled The problem discovered in 2014 affects omnipresent OpenSSL software.
As a result of danabled, a comprehensive array of private data for researchers was included over time, which includes:
- Threatening actor details (User Name, IP Address)
- Backnd Infrastructure (C2 Server IPS/Domain)
- Affected data (IP address, credentials, exfiltrated information)
- Malware changelogs
- Private cryptographic key
- SQL Question and Dibg Log
- Html and web interface snipped from C2 dashboard
For three years, Danabot operated in a compromise mode without its developers or customers, which was ever realizing that they were in touch with security researchers.
It allowed targeted law enforcement action when sufficient data was collected.
Source: Zscler
Although the main team of Danbot in Russia was only inspired and not arrested, the C2 server, 650 domains and the seizure of approximately $ 4,000,000 in Cryptocurrency have effectively neutralized the danger for now.
It is unlikely that the danger actors attempt to return to conduct cyber crime in future, but less confidence from the hackers community will be a significant obstacle to them.
Patching meant complex scripts, long and endless fire drills. No more.
In this new guide, the tines break down how it is leveling with modern organ automation. Patch fast, reduce overhead, and focus on strategic tasks – no complex script is required.
