Danabot

Malware updated 2 months ago (2025-08-26T09:28:18.829Z)

Download STIX

Preview STIX

Not enough context has been learned about Danabot for a description yet. However we're tracking it as a Malware profile. Malware: Malware, short for malicious software, is a harmful program designed to exploit and damage your computer or device. It can infect your system through suspicious downloads, emails, or websites, often without your knowledge. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom.

Description last updated:

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Trojan

Ransomware

Cybercrime

Malvertising

Maas

Fraud

Ddos

Lateral Move...

Vulnerability

Botnet

Spam

Bot

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Lumma Stealer Malware is associated with Danabot. Lumma Stealer is a potent malware designed to exfiltrate information from compromised systems, including system details, web browsers, and browser extensions. The malware was primarily delivered to victims through websites hosting cracked games, specifically targeting gamers. In July 2024, it was di	Unspecified	3
The Cactus Malware is associated with Danabot. Cactus is a type of malware, specifically ransomware, known for its malicious activities including data theft and system disruption. This malware has been linked to several high-profile attacks, spreading primarily through malvertising campaigns that leverage the DanaBot Trojan. Notably, the Cactus	Unspecified	2

Source Document References

Information about the Danabot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Recorded Future	7 days ago	Dark Covenant 3.0: Controlled Impunity and Russia’s Cybercriminals
ESET	3 months ago	Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch
Malwarebytes	3 months ago	Steam games abused to deliver malware once again
ESET	4 months ago	ESET Threat Report H1 2025
InfoSecurity-magazine	4 months ago	ClickFix Attacks Surge 517% in 2025
Flashpoint	5 months ago	16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
ESET	5 months ago	Danabot under the microscope
CrowdStrike	5 months ago	CrowdStrike Partners with DOJ to Disrupt DanaBot Malware Operators
ESET	5 months ago	Danabot: Analyzing a fallen empire
Krebs on Security	5 months ago	Oops: DanaBot Malware Devs Infected Their Own PCs
Flashpoint	5 months ago	Operation Endgame: Global Law Enforcement Takes Down DanaBot Malware Scheme
Malware-traffic-analysis.net	2 years ago	Malware-Traffic-Analysis.net - 2024-02-14 - Danabot infection from Italian languag malspam
CERT-EU	2 years ago	Decoding the Web Injection Malware Campaign of 2023
CERT-EU	2 years ago	Increased health cybersecurity funding, penalties sought by HHS \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	2 years ago	Twisted Spider’s Dangerous CACTUS Ransomware Attack
CERT-EU	2 years ago	Microsoft warns of Cactus ransomware actors using malvertising to infect victims \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	2 years ago	Microsoft issues alert on Cactus Ransomware spreading through DanaBOT Ransomware - Cybersecurity Insiders
CERT-EU	2 years ago	Malvertising attacks rely on DanaBot to spread CACTUS Ransomware \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	2 years ago	New DanaBot malvertising campaign delivers Cactus ransomware
Securityaffairs	2 years ago	Malvertising attacks rely on DanaBot to spread CACTUS Ransomware