In the last weeks, a new variant of infamous botnet named Danabot hit Italy. Security firms such as Proofpointand Eset analyzed other samples of the same threat targeting the Australian landscape back in May 2018 and, more recently, in Italy . The Cybaze-Yoroi ZLab dissected one of these recent Danabot variants spread across the Italian cyberspace leveraging “Fattura” themed phishing emails (e.g. N051118), where the malicious payload was dropped abusing a macro-enabled word document able to download the malicious DLL paylaod.

https://blog.yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/