Jun 18, 2026
C2 Hosts: 1
DanaBot
Also known as: DanaTools
Proofpoints describes DanaBot as the latest example of malware focused on persistence and stealing useful information that can later be monetized rather than demanding an immediate ransom from victims. The social engineering in the low-volume DanaBot campaigns we have observed so far has been well-crafted, again pointing to a renewed focus on “quality over quantity” in email-based threats. DanaBot’s modular nature enables it to download additional components, increasing the flexibility and robust stealing and remote monitoring capabilities of this banker.
Linked Threat Actors
SCULLY SPIDER
C2 Infrastructure
ISP/Residential 100%
Last 7 days
Jun 17, 2026
C2 Hosts: 1
| Date | C2 Hosts |
|---|---|
| Jun 18, 2026 | 1 |
| Jun 17, 2026 | 1 |
Further Reading
PrivateLoader: the loader of the prevalent ruzki PPI service opens in a new tab
PrivateLoader is a downloader malware family. It is used as part of a PPI service, to deliver payloads of multiple malware families.
blog.sekoia.io
Financial Cyberthreats in 2020 opens in a new tab
This research is a continuation of our annual financial threat reports providing an overview of the latest trends and key events across the financial threat landscape. The study covers the common p...
securelist.com
NullMixer drops Redline Stealer, SmokeLoader and other malware opens in a new tab
NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others.
securelist.com
Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure | CISA opens in a new tab
cisa.gov
Botnet C&C | Botnet Threat Update January to June 2025 | Report opens in a new tab
spamhaus.org
DanaBot updated with new C&C communication opens in a new tab
ESET researchers have found new versions of the DanaBot Trojan, which now features a new C&C protocol and modifications to architecture and campaign IDs.
welivesecurity.com
Danabot: Analyzing a fallen empire opens in a new tab
ESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation.
welivesecurity.com
DanaBleed: DanaBot C2 Server Memory Leak Bug | ThreatLabz opens in a new tab
A flaw in DanaBot's C2 server code caused a memory leak that we named "DanaBleed", exposing sensitive data and offering researchers a look into DanaBot’s operations.
zscaler.com
DanaBot Launches DDoS Attack | ThreatLabz opens in a new tab
Researchers at Zscaler discovered a DDoS attack launched by DanaBot against the Ukrainian Ministry of Defense.
zscaler.com
DanaBot Activity | ThreatLabz opens in a new tab
Two large software supply chain attacks distributed the DanaBot malware. DanaBot is a malware-as-a-service platform that focuses credential theft.
zscaler.com
DanaBot | ThreatLabz opens in a new tab
A technical analysis of the DanaBot malware's obfuscation techniques.
zscaler.com