Intel Name: Operation endgame 2.0: danabusted
Date of Scan: June 4, 2025
Impact: High
Summary: On May 22, 2025, Our team revealed further actions tied to Operation Endgame, aimed at disrupting cybercriminal groups like those behind DanaBot. This follows the original 2024 effort that targeted malware such as SmokeLoader, IcedID, and Pikabot. DanaBot, a Delphi-based modular malware, supports functions like keystroke logging, file theft, browser injection, and second-stage payload deployment. Known for its MaaS model, DanaBot has been used in attacks against Middle Eastern and Eastern European government entities, including DDoS campaigns on Ukrainian defense infrastructure.