SYMBOLCOMMON_NAMEaka. SYNONYMS

MALLARD SPIDER  (Back to overview)

aka: GOLD LAGOON

Crowdstrike tarcks the operators behind the Qbot as MALLARD SPIDER


Associated Families
win.reedbed

References
2025-03-10LevelBlueKen Ng
Prevent, Detect, Contain: LevelBlue MDR’s Guide Against Black Basta Affiliates’ Attacks
Black Basta Black Basta ReedBed
2025-03-03Trend MicroAdam O'Connor, Catherine Loveria, Gabriel Cardoso, Ian Kenefick, Jack Walsh, Jovit Samaniego, Lucas Silva, Stephen Carbery
Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal
Black Basta Black Basta Cactus ReedBed
2025-02-20ReliaquestJohn Dilgen
48 Minutes: How Fast Phishing Attacks Exploit Weaknesses
ReedBed
2025-01-31ConnectWiseBlake Eakin
Attackers Leveraging Microsoft Teams Defaults and Quick Assist for Social Engineering Attacks
Black Basta Black Basta ReedBed
2025-01-30eSentireeSentire
Ongoing Email Bombing Campaigns leading to Remote Access and Post-Exploitation
Black Basta ReedBed UNC4393
2025-01-25SophosAnthony Bradshaw, Colin Cowie, Daniel Souter, Hunter Neal, Mark Parsons, Sean Baird, Sean Gallagher
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
ReedBed STAC5143 UNC4393
2025-01-23Github (PaloAltoNetworks)Brad Duncan
Cluster of Infrastructure likely used by Affiliate of Dark Scorpius (Black Basta)
ReedBed
2025-01-21Twitter (@MsftSecIntel)Microsoft Threat Intelligence
Twitter Thread describing spotting of ReedBed in a Storm-1811 campaign
ReedBed UNC4393
2025-01-20Medium walmartglobaltechJason Reaves, Jonathan Mccay, Joshua Platt
Qbot is Back.Connect
ReedBed UNC4393
2021-01-01SecureworksSecureWorks
Threat Profile: GOLD LAGOON
QakBot MALLARD SPIDER
2020-10-01CrowdStrikeDylan Barker, Quinten Bowen, Ryan Campbell
Duck Hunting with Falcon Complete: Analyzing a Fowl Banking Trojan, Part 1
QakBot MALLARD SPIDER

Credits: MISP Project