Contact Contact Us

DanaBot Operators Spear Phish Government Employees

The operators behind the DanaBot trojan have been spear phishing employees at an Australian government agency, with intentions to gain a foothold in the targeted network. The phishing email contains a link that downloads a ZIP archive with an obfuscated VBScript file within. When extracted, the script fetches an executable file from the attackers’ server to install the DanaBot trojan. DanaBot is modular and functions such as VNC remote desktop connection, information stealer, keylogger and web injections can be added on demand.

[1] Breakdown of a Targeted DanaBot Attack

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883