Breakdown of a Targeted DanaBot Attack


A FortiGuard SE Team Threat Analysis Report


On Feb 5th, 2019, the FortiGuard SE team discovered a targeted attack aimed at an unknown individual working for a governmental organization located in the city of Gold Coast, Australia. Within a span of a few days, we had observed additional activity targeting various members of this organization, specifically in the form of spearphishing attacks. We can safely surmise that it is very likely that this threat was specifically targeting this organization at this time for reasons unknown to us.

The threat being delivered is known as DanaBot. It is a modular banking Trojan that has been historically linked to combining operations with other malware operators, such as those behind Gootkit. Other modules associated with DanaBot include remote desktop through VNC, information stealing, and keylogging. While it appears that this recent attack may be looking to establish a foothold in the network, the reasons behind this are currently unknown.

Read more…