Intel Name: Danableed: danabot c2 server memory leak bug
Date of Scan: June 11, 2025
Impact: High
Summary: DanaBot is a Malware-as-a-Service (MaaS) platform active since 2018, operating through an affiliate model where the developer provides the malware, C2 infrastructure, and support. Affiliates use DanaBot for credential theft, banking fraud, and other malicious activities. It has been linked to high-profile incidents, including a supply chain attack via NPM packages and a DDoS assault on Ukraine’s Ministry of Defense in 2022. In May 2025, law enforcement agencies disrupted DanaBot’s infrastructure under Operation Endgame and indicted 16 individuals connected to the group.
