| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Actor(s): GOLD CABIN
QBot is a modular information stealer also known as Qakbot or Pinkslipbot. It has been active for years since 2007. It has historically been known as a banking Trojan, meaning that it steals financial data from infected systems, and a loader using C2 servers for payload targeting and download.
| 2024-02-28
⋅
Security Intelligence
⋅
X-Force data reveals top spam trends, campaigns and senior superlatives in 2023 404 Keylogger Agent Tesla Black Basta DarkGate Formbook IcedID Loki Password Stealer (PWS) Pikabot QakBot Remcos |
| 2024-02-21
⋅
YouTube (Invoke RE)
⋅
Analyzing Qakbot Using Binary Ninja Automation Part 3 QakBot |
| 2024-02-21
⋅
Invoke RE
⋅
Automating Qakbot Malware Analysis with Binary Ninja QakBot |
| 2024-02-16
⋅
Malcat
⋅
Writing a Qakbot 5.0 config extractor with Malcat QakBot |
| 2024-02-09
⋅
Censys
⋅
A Beginners Guide to Tracking Malware Infrastructure AsyncRAT BianLian Cobalt Strike QakBot |
| 2024-02-09
⋅
YouTube (Invoke RE)
⋅
Analyzing and Unpacking Qakbot Using Binary Ninja Automation Part 2 QakBot |
| 2024-01-31
⋅
Zscaler
⋅
Tracking 15 Years of Qakbot Development QakBot |
| 2024-01-23
⋅
YouTube (Invoke RE)
⋅
Analyzing and Unpacking Qakbot using Binary Ninja Automation QakBot |
| 2024-01-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q4 2023 FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver |
| 2024-01-12
⋅
YouTube (BSides Cambridge UK)
⋅
Slipping The Net: Qakbot, Emotet And Defense Evasion Emotet QakBot |
| 2024-01-04
⋅
K7 Security
⋅
Qakbot Returns QakBot |
| 2023-12-05
⋅
YouTube (SecureWorks)
⋅
Emulating Qakbot with Austin Graham QakBot |
| 2023-11-30
⋅
Twitter (@embee_research)
⋅
Advanced Threat Intel Queries - Catching 83 Qakbot Servers with Regex, Censys and TLS Certificates QakBot |
| 2023-11-22
⋅
Twitter (@embee_research)
⋅
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples) BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos |
| 2023-11-20
⋅
Cofense
⋅
Are DarkGate and PikaBot the new QakBot? DarkGate Pikabot QakBot |
| 2023-10-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2023 FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar |
| 2023-10-05
⋅
Talos
⋅
Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown QakBot |
| 2023-09-11
⋅
Github (m4now4r)
⋅
Unveiling Qakbot Exploring one of the Most Active Threat Actors QakBot |
| 2023-08-29
⋅
The Shadowserver Foundation
⋅
Qakbot Botnet Disruption QakBot |
| 2023-08-29
⋅
US Department of Justice
⋅
Qakbot Malware Disrupted in International Cyber Takedown QakBot |
| 2023-08-29
⋅
Secureworks
⋅
Law Enforcement Takes Down QakBot QakBot |
| 2023-08-29
⋅
US Department of Justice
⋅
Documents and Resources related to the Disruption of the QakBot Malware and Botnet QakBot |
| 2023-08-29
⋅
FBI
⋅
FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown QakBot |
| 2023-08-29
⋅
KrebsOnSecurity
⋅
U.S. Hacks QakBot, Quietly Removes Botnet Infections QakBot |
| 2023-08-29
⋅
Spamhaus
⋅
Qakbot - the takedown and the remediation QakBot |
| 2023-08-23
⋅
Department of Justice
⋅
Application and Affidavit for a Seizure Warrant by Telephone or other Reliable Electronic Means QakBot |
| 2023-08-21
⋅
Department of Justice
⋅
Application for a Warrant by Telephone or other reliable Electronic Means QakBot |
| 2023-08-07
⋅
Team Cymru
⋅
Visualizing Qakbot Infrastructure Part II: Uncharted Territory QakBot |
| 2023-07-31
⋅
d01a
⋅
Pikabot deep analysis Pikabot QakBot |
| 2023-07-28
⋅
Red Canary
⋅
Drop It Like It's Qbot: Separating malicious droppers, loaders, and crypters from their payloads CloudEyE QakBot |
| 2023-07-28
⋅
YouTube (SANS Cyber Defense)
⋅
Drop It Like It's Qbot: Separating malicious droppers, loaders, and crypters from their payloads CloudEyE QakBot |
| 2023-07-25
⋅
Zscaler
⋅
Hibernating Qakbot: A Comprehensive Study and In-depth Campaign Analysis QakBot |
| 2023-07-11
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2023 Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee |
| 2023-06-08
⋅
Twitter (@embee_research)
⋅
Practical Queries for Identifying Malware Infrastructure: An informal page for storing Censys/Shodan queries Amadey AsyncRAT Cobalt Strike QakBot Quasar RAT Sliver solarmarker |
| 2023-06-01
⋅
Lumen
⋅
Qakbot: Retool, Reinfect, Recycle QakBot |
| 2023-05-21
⋅
Github (0xThiebaut)
⋅
PCAPeek IcedID QakBot |
| 2023-05-17
⋅
Team Cymru
⋅
Visualizing QakBot Infrastructure QakBot |
| 2023-04-18
⋅
Mandiant
⋅
M-Trends 2023 QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate |
| 2023-04-18
⋅
Rapid7 Labs
⋅
Automating Qakbot Detection at Scale With Velociraptor QakBot |
| 2023-04-13
⋅
Sublime
⋅
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction QakBot |
| 2023-04-12
⋅
loginsoft
⋅
Maximizing Threat Detections of Qakbot with Osquery QakBot |
| 2023-04-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q1 2023 FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar |
| 2023-04-10
⋅
Check Point
⋅
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee |
| 2023-04-05
⋅
velociraptor
⋅
Automating Qakbot Decode At Scale QakBot |
| 2023-03-30
⋅
loginsoft
⋅
From Innocence to Malice: The OneNote Malware Campaign Uncovered Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm |
| 2023-03-30
⋅
United States District Court (Eastern District of New York)
⋅
Cracked Cobalt Strike (1:23-cv-02447) Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader |
| 2023-03-24
⋅
Lab52
⋅
Bypassing Qakbot Anti-Analysis QakBot |
| 2023-03-15
⋅
Reliaquest
⋅
QBot: Laying the Foundations for Black Basta Ransomware Activity Black Basta QakBot |
| 2023-03-07
⋅
Trellix
⋅
Qakbot Evolves to OneNote Malware Distribution QakBot |
| 2023-03-02
⋅
Netresec
⋅
QakBot C2 Traffic QakBot |
| 2023-03-02
⋅
Youtube (Microsoft Security Response Center (MSRC))
⋅
BlueHat 2023: Hunting Qakbot with Daniel Taylor & Ben Magee QakBot |
| 2023-03-01
⋅
Zscaler
⋅
OneNote: A Growing Threat for Malware Distribution AsyncRAT Cobalt Strike IcedID QakBot RedLine Stealer |
| 2023-02-24
⋅
Medium walmartglobaltech
⋅
Qbot testing malvertising campaigns? QakBot |
| 2023-02-17
⋅
cyble
⋅
The Many Faces of Qakbot Malware: A Look at Its Diverse Distribution Methods QakBot |
| 2023-02-14
⋅
⋅
DSIH
⋅
Comment Qbot revient en force avec OneNote ? QakBot |
| 2023-02-06
⋅
Sophos
⋅
Qakbot mechanizes distribution of malicious OneNote notebooks QakBot |
| 2023-01-23
⋅
Kroll
⋅
Black Basta – Technical Analysis Black Basta Cobalt Strike MimiKatz QakBot SystemBC |
| 2023-01-19
⋅
Cisco
⋅
Following the LNK metadata trail BumbleBee PhotoLoader QakBot |
| 2023-01-12
⋅
EclecticIQ
⋅
QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature QakBot |
| 2022-12-28
⋅
HTML Smuggling Detection QakBot |
| 2022-12-22
⋅
AhnLab
⋅
Qakbot Being Distributed via Virtual Disk Files (*.vhd) QakBot |
| 2022-12-05
⋅
Cybereason
⋅
Threat Analysis: MSI - Masquerading as a Software Installer Magniber Matanbuchus QakBot |
| 2022-12-02
⋅
Github (binref)
⋅
The Refinery Files 0x06: Qakbot Decoder QakBot |
| 2022-12-01
⋅
splunk
⋅
From Macros to No Macros: Continuous Malware Improvements by QakBot QakBot |
| 2022-11-30
⋅
Tidal Cyber Inc.
⋅
Identifying and Defending Against QakBot's Evolving TTPs QakBot |
| 2022-11-23
⋅
Cybereason
⋅
THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies Black Basta QakBot |
| 2022-11-14
⋅
Twitter (@embee_research)
⋅
Twitter thread on Yara Signatures for Qakbot Encryption Routines IcedID QakBot |
| 2022-11-10
⋅
Intezer
⋅
How LNK Files Are Abused by Threat Actors BumbleBee Emotet Mount Locker QakBot |
| 2022-11-03
⋅
SentinelOne
⋅
Black Basta Ransomware | Attacks deploy Custom EDR Evasion Tools tied to FIN7 Threat Actor Black Basta QakBot SocksBot |
| 2022-10-31
⋅
Security homework
⋅
QakBot CCs prioritization and new record types QakBot |
| 2022-10-31
⋅
Cynet
⋅
Orion Threat Alert: Qakbot TTPs Arsenal and the Black Basta Ransomware Black Basta Cobalt Strike QakBot |
| 2022-10-13
⋅
Syrion
⋅
QAKBOT BB Configuration and C2 IPs List QakBot |
| 2022-10-13
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
| 2022-10-12
⋅
Trend Micro
⋅
Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike Black Basta Brute Ratel C4 Cobalt Strike QakBot |
| 2022-09-06
⋅
Zscaler
⋅
The Ares Banking Trojan Learns Old Tricks: Adds the Defunct Qakbot DGA Ares QakBot |
| 2022-09-01
⋅
Trend Micro
⋅
Ransomware Spotlight Black Basta Black Basta Cobalt Strike MimiKatz QakBot |
| 2022-08-25
⋅
Palo Alto Networks Unit 42
⋅
Threat Assessment: Black Basta Ransomware Black Basta QakBot |
| 2022-08-24
⋅
Trellix
⋅
Demystifying Qbot Malware QakBot |
| 2022-08-24
⋅
Elastic
⋅
QBOT Malware Analysis QakBot |
| 2022-07-27
⋅
Elastic
⋅
QBOT Configuration Extractor QakBot |
| 2022-07-27
⋅
Elastic
⋅
Exploring the QBOT Attack Pattern QakBot |
| 2022-07-27
⋅
cyble
⋅
Targeted Attacks Being Carried Out Via DLL SideLoading Cobalt Strike QakBot |
| 2022-07-24
⋅
Bleeping Computer
⋅
QBot phishing uses Windows Calculator sideloading to infect devices QakBot |
| 2022-07-19
⋅
Fortinet
⋅
New Variant of QakBot Being Spread by HTML File Attached to Phishing Emails QakBot |
| 2022-07-17
⋅
Resecurity
⋅
Shortcut-Based (LNK) Attacks Delivering Malicious Code On The Rise AsyncRAT BumbleBee Emotet IcedID QakBot |
| 2022-07-12
⋅
Zscaler
⋅
Rise in Qakbot attacks traced to evolving threat techniques QakBot |
| 2022-07-07
⋅
Fortinet
⋅
Notable Droppers Emerge in Recent Threat Campaigns BumbleBee Emotet PhotoLoader QakBot |
| 2022-07-05
⋅
Soc Investigation
⋅
QBot Spreads via LNK Files – Detection & Response QakBot |
| 2022-06-30
⋅
Trend Micro
⋅
Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit Black Basta Cobalt Strike QakBot |
| 2022-06-21
⋅
McAfee
⋅
Rise of LNK (Shortcut files) Malware BazarBackdoor Emotet IcedID QakBot |
| 2022-06-17
⋅
Github (NtQuerySystemInformation)
⋅
A reverse engineer primer on Qakbot Dll Stager: From initial execution to multithreading. QakBot |
| 2022-06-09
⋅
InfoSec Handlers Diary Blog
⋅
TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt) QakBot |
| 2022-06-02
⋅
Mandiant
⋅
TRENDING EVIL Q2 2022 CloudEyE Cobalt Strike CryptBot Emotet IsaacWiper QakBot |
| 2022-05-24
⋅
BitSight
⋅
Emotet Botnet Rises Again Cobalt Strike Emotet QakBot SystemBC |
| 2022-05-19
⋅
Trend Micro
⋅
Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware Emotet QakBot |
| 2022-05-09
⋅
Microsoft
⋅
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT |
| 2022-04-28
⋅
Symantec
⋅
Ransomware: How Attackers are Breaching Corporate Networks AvosLocker Conti Emotet Hive IcedID PhotoLoader QakBot TrickBot |
| 2022-04-26
⋅
Intel 471
⋅
Conti and Emotet: A constantly destructive duo Cobalt Strike Conti Emotet IcedID QakBot TrickBot |
| 2022-04-20
⋅
SANS ISC
⋅
'aa' distribution Qakbot (Qbot) infection with DarkVNC traffic QakBot |
| 2022-04-17
⋅
Malwarology
⋅
Qakbot Series: API Hashing QakBot |
| 2022-04-16
⋅
Malwarology
⋅
Qakbot Series: Process Injection QakBot |
| 2022-04-13
⋅
Malwarology
⋅
Qakbot Series: Configuration Extraction QakBot |
| 2022-04-12
⋅
Tech Times
⋅
Qbot Botnet Deploys Malware Payloads Through Malicious Windows Installers QakBot |
| 2022-04-11
⋅
Bleeping Computer
⋅
Qbot malware switches to new Windows Installer infection vector QakBot |
| 2022-04-10
⋅
Malwarology
⋅
Qakbot Series: String Obfuscation QakBot |
| 2022-03-31
⋅
nccgroup
⋅
Conti-nuation: methods and techniques observed in operations post the leaks Cobalt Strike Conti QakBot |
| 2022-03-25
⋅
SANS ISC
⋅
XLSB Files: Because Binary is Stealthier Than XML QakBot |
| 2022-03-17
⋅
Trend Micro
⋅
Navigating New Frontiers Trend Micro 2021 Annual Cybersecurity Report REvil BazarBackdoor Buer IcedID QakBot REvil |
| 2022-03-16
⋅
SANS ISC
⋅
Qakbot infection with Cobalt Strike and VNC activity Cobalt Strike QakBot |
| 2022-03-16
⋅
InfoSec Handlers Diary Blog
⋅
Qakbot infection with Cobalt Strike and VNC activity Cobalt Strike QakBot |
| 2022-02-26
⋅
LinkedIn (Zayed AlJaberi)
⋅
Hunting Recent QakBot Malware QakBot |
| 2022-02-26
⋅
Mandiant
⋅
TRENDING EVIL Q1 2022 KEYPLUG FAKEUPDATES GootLoader BazarBackdoor QakBot |
| 2022-02-24
⋅
The Hacker News
⋅
TrickBot Gang Likely Shifting Operations to Switch to New Malware BazarBackdoor Emotet QakBot TrickBot |
| 2022-02-21
⋅
Qbot and Zerologon Lead To Full Domain Compromise Cobalt Strike QakBot |
| 2022-02-16
⋅
SOC Prime
⋅
QBot Malware Detection: Old Dog New Tricks QakBot |
| 2022-02-10
⋅
Cybereason
⋅
Threat Analysis Report: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot Cobalt Strike Emotet IcedID QakBot |
| 2022-02-08
⋅
BleepingComputer
⋅
Qbot needs only 30 minutes to steal your credentials, emails QakBot |
| 2022-02-07
⋅
The DFIR Report
⋅
Qbot Likes to Move It, Move It QakBot |
| 2022-01-19
⋅
Blackberry
⋅
Kraken the Code on Prometheus Prometheus Backdoor BlackMatter Cerber Cobalt Strike DCRat Ficker Stealer QakBot REvil Ryuk |
| 2022-01-18
⋅
Recorded Future
⋅
2021 Adversary Infrastructure Report BazarBackdoor Cobalt Strike Dridex IcedID QakBot TrickBot |
| 2022-01-15
⋅
Atomic Matryoshka
⋅
Malware Headliners: Qakbot QakBot |
| 2022-01-13
⋅
Trustwave
⋅
Decrypting Qakbot’s Encrypted Registry Keys QakBot |
| 2022-01-11
⋅
Cybereason
⋅
Threat Analysis Report: DatopLoader Exploits ProxyShell to Deliver QBOT and Cobalt Strike Cobalt Strike QakBot Squirrelwaffle |
| 2021-12-17
⋅
Trend Micro
⋅
Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager QakBot |
| 2021-12-16
⋅
Red Canary
⋅
Intelligence Insights: December 2021 Cobalt Strike QakBot Squirrelwaffle |
| 2021-12-11
⋅
YouTube (AGDC Services)
⋅
How To Extract & Decrypt Qbot Configs Across Variants QakBot |
| 2021-12-09
⋅
Microsoft
⋅
A closer look at Qakbot’s latest building blocks (and how to knock them down) QakBot |
| 2021-11-21
⋅
Twitter (@tylabs)
⋅
Twitter Thread about UNC1500 phishing using QAKBOT QakBot |
| 2021-11-19
⋅
Trend Micro
⋅
Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains Cobalt Strike QakBot Squirrelwaffle |
| 2021-11-18
⋅
Red Canary
⋅
Intelligence Insights: November 2021 Andromeda Conti LockBit QakBot Squirrelwaffle |
| 2021-11-17
⋅
Twitter (@Unit42_Intel)
⋅
Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike Cobalt Strike QakBot |
| 2021-11-16
⋅
Twitter (@kienbigmummy)
⋅
Tweet on short analysis of QakBot QakBot |
| 2021-11-15
⋅
TRUESEC
⋅
ProxyShell, QBot, and Conti Ransomware Combined in a Series of Cyberattacks Cobalt Strike Conti QakBot |
| 2021-11-13
⋅
Trend Micro
⋅
QAKBOT Loader Returns With New Techniques and Tools QakBot |
| 2021-11-13
⋅
YouTube (AGDC Services)
⋅
Automate Qbot Malware String Decryption With Ghidra Script QakBot |
| 2021-11-12
⋅
Recorded Future
⋅
The Business of Fraud: Botnet Malware Dissemination Mozi Dridex IcedID QakBot TrickBot |
| 2021-11-12
⋅
Trend Micro
⋅
The Prelude to Ransomware: A Look into Current QAKBOT Capabilities and Global Activities QakBot |
| 2021-11-11
⋅
Cynet
⋅
A Duck Nightmare Quakbot Strikes with QuakNightmare Exploitation Cobalt Strike QakBot |
| 2021-11-11
⋅
vmware
⋅
Research Recap: How To Automate Malware Campaign Detection With Telemetry Peak Analyzer Phorpiex QakBot |
| 2021-11-10
⋅
CIRCL
⋅
TR-64 - Exploited Exchange Servers - Mails with links to malware from known/valid senders QakBot |
| 2021-11-09
⋅
MinervaLabs
⋅
A New DatopLoader Delivers QakBot Trojan QakBot Squirrelwaffle |
| 2021-11-03
⋅
Team Cymru
⋅
Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns - A Case Study on the Value of Threat Reconnaisance DoppelDridex IcedID QakBot Zloader |
| 2021-11-03
⋅
Twitter (@Corvid_Cyber)
⋅
Tweet on a unique Qbot debugger dropped by an actor after compromise QakBot |
| 2021-10-26
⋅
Cisco Talos
⋅
SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike Cobalt Strike QakBot Squirrelwaffle |
| 2021-10-26
⋅
Identification of a new cyber criminal group: Lockean Cobalt Strike DoppelPaymer Egregor Maze PwndLocker QakBot REvil |
| 2021-10-07
⋅
Netskope
⋅
SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot Cobalt Strike QakBot Squirrelwaffle |
| 2021-09-03
⋅
IBM
⋅
Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight Valak QakBot REvil |
| 2021-09-03
⋅
Trend Micro
⋅
The State of SSL/TLS Certificate Usage in Malware C&C Communications AdWind ostap AsyncRAT BazarBackdoor BitRAT Buer Chthonic CloudEyE Cobalt Strike DCRat Dridex FindPOS GootKit Gozi IcedID ISFB Nanocore RAT Orcus RAT PandaBanker Qadars QakBot Quasar RAT Rockloader ServHelper Shifu SManager TorrentLocker TrickBot Vawtrak Zeus Zloader |
| 2021-09-02
⋅
Kaspersky
⋅
QakBot Technical Analysis QakBot |
| 2021-08-15
⋅
Symantec
⋅
The Ransomware Threat Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker |
| 2021-08-05
⋅
Group-IB
⋅
Prometheus TDS The key to success for Campo Loader, Hancitor, IcedID, and QBot Prometheus Backdoor Buer campoloader Hancitor IcedID QakBot |
| 2021-08-05
⋅
The Record
⋅
Meet Prometheus, the secret TDS behind some of today’s malware campaigns Buer campoloader IcedID QakBot |
| 2021-07-30
⋅
HP
⋅
Detecting TA551 domains Valak Dridex IcedID ISFB QakBot |
| 2021-07-24
⋅
0ffset Blog
⋅
Quack Quack: Analysing Qakbot’s Browser Hooking Module – Part 1 QakBot |
| 2021-06-24
⋅
Kaspersky
⋅
Malicious spam campaigns delivering banking Trojans IcedID QakBot |
| 2021-06-16
⋅
Proofpoint
⋅
The First Step: Initial Access Leads to Ransomware BazarBackdoor Egregor IcedID Maze QakBot REvil Ryuk TrickBot WastedLocker TA570 TA575 TA577 |
| 2021-06-16
⋅
Twitter (@ChouchWard)
⋅
Tweet on Qbot operators left their web server's access.log file unsecured QakBot |
| 2021-06-16
⋅
⋅
S2 Grupo
⋅
Emotet campaign analysis Emotet QakBot |
| 2021-06-15
⋅
Perception Point
⋅
Insights Into an Excel 4.0 Macro Attack using Qakbot Malware QakBot |
| 2021-06-10
⋅
ZAYOTEM
⋅
QakBot Technical Analysis Report QakBot |
| 2021-06-08
⋅
Advanced Intelligence
⋅
From QBot...with REvil Ransomware: Initial Attack Exposure of JBS QakBot REvil |
| 2021-06-02
⋅
Bleeping Computer
⋅
FUJIFILM shuts down network after suspected ransomware attack QakBot |
| 2021-05-26
⋅
DeepInstinct
⋅
A Deep Dive into Packing Software CryptOne Cobalt Strike Dridex Emotet Gozi ISFB Mailto QakBot SmokeLoader WastedLocker Zloader |
| 2021-05-19
⋅
Intel 471
⋅
Look how many cybercriminals love Cobalt Strike BazarBackdoor Cobalt Strike Hancitor QakBot SmokeLoader SystemBC TrickBot |
| 2021-05-04
⋅
Seguranca Informatica
⋅
A taste of the latest release of QakBot QakBot |
| 2021-04-30
⋅
MADRID Labs
⋅
Qbot: Analyzing PHP Proxy Scripts from Compromised Web Server QakBot |
| 2021-04-28
⋅
Reversing Labs
⋅
Spotting malicious Excel4 macros QakBot |
| 2021-04-28
⋅
IBM
⋅
QBot Malware Spotted Using Windows Defender Antivirus Lure QakBot |
| 2021-04-19
⋅
Twitter (@_alex_il_)
⋅
Tweet on QakBot's additional decryption mechanism QakBot |
| 2021-04-15
⋅
AT&T
⋅
The rise of QakBot QakBot |
| 2021-04-13
⋅
Silent Push
⋅
Malicious infrastructure as a service IcedID PhotoLoader QakBot |
| 2021-04-12
⋅
PTSecurity
⋅
PaaS, or how hackers evade antivirus software Amadey Bunitu Cerber Dridex ISFB KPOT Stealer Mailto Nemty Phobos Pony Predator The Thief QakBot Raccoon RTM SmokeLoader Zloader |
| 2021-04-12
⋅
Twitter (@elisalem9)
⋅
Tweets on QakBot QakBot |
| 2021-04-06
⋅
Intel 471
⋅
EtterSilent: the underground’s new favorite maldoc builder BazarBackdoor ISFB QakBot TrickBot |
| 2021-03-31
⋅
Red Canary
⋅
2021 Threat Detection Report Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot |
| 2021-03-26
⋅
Trend Micro
⋅
Alleged Members of Egregor Ransomware Cartel Arrested Egregor QakBot |
| 2021-03-18
⋅
VinCSS
⋅
[RE021] Qakbot analysis – Dangerous malware has been around for more than a decade QakBot |
| 2021-03-01
⋅
Group-IB
⋅
Ransomware Uncovered 2020/2021 RansomEXX BazarBackdoor Buer Clop Conti DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader |
| 2021-02-28
⋅
PWC UK
⋅
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
| 2021-02-24
⋅
IBM
⋅
X-Force Threat Intelligence Index 2021 Emotet QakBot Ramnit REvil TrickBot |
| 2021-02-23
⋅
CrowdStrike
⋅
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
| 2021-02-15
⋅
Twitter (@TheDFIRReport)
⋅
Tweet on Qakbot post infection discovery activity QakBot |
| 2021-02-02
⋅
⋅
CRONUP
⋅
De ataque con Malware a incidente de Ransomware Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader |
| 2021-01-19
⋅
Medium elis531989
⋅
Funtastic Packers And Where To Find Them Get2 IcedID QakBot |
| 2021-01-19
⋅
Palo Alto Networks Unit 42
⋅
Wireshark Tutorial: Examining Emotet Infection Traffic Emotet GootKit IcedID QakBot TrickBot |
| 2021-01-06
⋅
FBI
⋅
PIN Number 20210106-001: Egregor Ransomware Targets Businesses Worldwide, Attempting to Extort Businesses by Publicly Releasing Exfiltrated Data Egregor QakBot |
| 2021-01-01
⋅
Secureworks
⋅
Threat Profile: GOLD LAGOON QakBot MALLARD SPIDER |
| 2020-12-15
⋅
Hornetsecurity
⋅
QakBot reducing its on disk artifacts Egregor PwndLocker QakBot |
| 2020-12-12
⋅
Medium 0xthreatintel
⋅
Reversing QakBot [ TLP: White] QakBot |
| 2020-12-09
⋅
InfoSec Handlers Diary Blog
⋅
Recent Qakbot (Qbot) activity Cobalt Strike QakBot |
| 2020-12-09
⋅
FireEye
⋅
It's not FINished The Evolving Maturity in Ransomware Operations (SLIDES) Cobalt Strike DoppelPaymer QakBot REvil |
| 2020-12-03
⋅
Recorded Future
⋅
Egregor Ransomware, Used in a String of High-Profile Attacks, Shows Connections to QakBot Egregor QakBot |
| 2020-12-02
⋅
Red Canary
⋅
Tweet on increased #Qbot activity delivering Cobalt Strike & #Egregor ransomware Cobalt Strike Egregor QakBot |
| 2020-12-01
⋅
Group-IB
⋅
Egregor ransomware: The legacy of Maze lives on Egregor QakBot |
| 2020-11-30
⋅
FireEye
⋅
It's not FINished The Evolving Maturity in Ransomware Operations Cobalt Strike DoppelPaymer MimiKatz QakBot REvil |
| 2020-11-27
⋅
Fiducia & GAD IT AG
⋅
When ransomware hits an ATM giant - The Diebold Nixdorf case dissected PwndLocker QakBot |
| 2020-11-26
⋅
Cybereason
⋅
Cybereason vs. Egregor Ransomware Cobalt Strike Egregor IcedID ISFB QakBot |
| 2020-11-20
⋅
ZDNet
⋅
The malware that usually installs ransomware and you need to remove right away Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader |
| 2020-11-20
⋅
Group-IB
⋅
The Locking Egregor Egregor QakBot |
| 2020-11-12
⋅
Intrinsec
⋅
Egregor – Prolock: Fraternal Twins ? Egregor PwndLocker QakBot |
| 2020-10-29
⋅
CERT-FR
⋅
LE MALWARE-AS-A-SERVICE EMOTET Dridex Emotet ISFB QakBot |
| 2020-10-14
⋅
CrowdStrike
⋅
Duck Hunting with Falcon Complete: Remediating a Fowl Banking Trojan, Part 3 QakBot |
| 2020-10-07
⋅
CrowdStrike
⋅
Duck Hunting with Falcon Complete: Analyzing a Fowl Banking Trojan, Part 2 QakBot Zloader |
| 2020-10-01
⋅
CrowdStrike
⋅
Duck Hunting with Falcon Complete: Analyzing a Fowl Banking Trojan, Part 1 QakBot MALLARD SPIDER |
| 2020-09-29
⋅
Microsoft
⋅
Microsoft Digital Defense Report Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot |
| 2020-09-29
⋅
PWC UK
⋅
What's behind the increase in ransomware attacks this year? DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker |
| 2020-09-10
⋅
Group-IB
⋅
Lock Like a Pro: Dive in Recent ProLock's Big Game Hunting PwndLocker QakBot |
| 2020-09-10
⋅
QuoSec GmbH
⋅
grap: Automating QakBot strings decryption QakBot |
| 2020-09-04
⋅
QuoSec GmbH
⋅
Navigating QakBot samples with grap QakBot |
| 2020-08-27
⋅
Checkpoint
⋅
An Old Bot’s Nasty New Tricks: Exploring Qbot’s Latest Attack Methods QakBot |
| 2020-08-20
⋅
Morphisec
⋅
QakBot (QBot) Maldoc Campaign Introduces Two New Techniques into Its Arsenal QakBot |
| 2020-07-15
⋅
N1ght-W0lf Blog
⋅
Deep Analysis of QBot Banking Trojan QakBot |
| 2020-06-24
⋅
Morphisec
⋅
Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex Dridex ISFB QakBot Zloader |
| 2020-06-21
⋅
Malware and Stuff
⋅
UpnP – Messing up Security since years QakBot |
| 2020-06-16
⋅
Hornetsecurity
⋅
QakBot malspam leading to ProLock: Nothing personal just business PwndLocker QakBot |
| 2020-06-11
⋅
F5 Labs
⋅
Qbot Banking Trojan Still Up to Its Old Tricks QakBot |
| 2020-05-05
⋅
Malware and Stuff
⋅
An old enemy – Diving into QBot part 3 QakBot |
| 2020-03-30
⋅
Malware and Stuff
⋅
An old enemy – Diving into QBot part 1 QakBot |
| 2020-03-04
⋅
CrowdStrike
⋅
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
| 2020-03-03
⋅
PWC UK
⋅
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle |
| 2020-02-19
⋅
FireEye
⋅
M-Trends 2020 Cobalt Strike Grateful POS LockerGoga QakBot TrickBot |
| 2020-02-13
⋅
Palo Alto Networks Unit 42
⋅
Wireshark Tutorial: Examining Qakbot Infections QakBot |
| 2020-02-10
⋅
Malwarebytes
⋅
2020 State of Malware Report magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor |
| 2020-01-03
⋅
Youtube (BSides Belfast)
⋅
Demystifying QBot Banking Trojan QakBot |
| 2020-01-01
⋅
Secureworks
⋅
GOLD LAGOON QakBot |
| 2020-01-01
⋅
University of Malta
⋅
Memory Forensics of Qakbot QakBot |
| 2019-12-07
⋅
Secureworks
⋅
End-to-end Botnet Monitoring... Botconf 2019 Emotet ISFB QakBot |
| 2019-11-12
⋅
Hatching.io
⋅
Reversing Qakbot QakBot |
| 2019-06-03
⋅
Varonis
⋅
Varonis Exposes Global Cyber Campaign: C2 Server Actively Compromising Thousands of Victims QakBot |
| 2019-05-02
⋅
Cisco Talos
⋅
Qakbot levels up with new obfuscation techniques QakBot |
| 2018-07-29
⋅
Vitali Kremez Blog
⋅
Let's Learn: In-Depth Reversing of Qakbot "qbot" Banker Part 1 QakBot |
| 2017-11-06
⋅
Microsoft
⋅
Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks Emotet QakBot |
| 2017-06-02
⋅
SecurityIntelligence
⋅
QakBot Banking Trojan Causes Massive Active Directory Lockouts QakBot |
| 2017-05-23
⋅
ThreatVector
⋅
Quakbot QakBot |
| 2016-08-01
⋅
Intel Security
⋅
DIVING INTO PINKSLIPBOT’S LATEST CAMPAIGN QakBot |
| 2016-04-28
⋅
Cisco Talos
⋅
Research Spotlight: The Resurgence of Qbot QakBot |
| 2016-02-24
⋅
Johannes Bader Blog
⋅
The DGA of Qakbot.T QakBot |
| 2016-01-01
⋅
BAE Systems
⋅
The Return of Qbot QakBot |
| 2012-01-01
⋅
Symantec
⋅
W32.Qakbot in Detail QakBot |
| 2011-12-11
⋅
Open Security Research
⋅
Intro. To Reversing - W32Pinkslipbot QakBot |
| 2011-05-25
⋅
Contagio Dump
⋅
W32.Qakbot aka W32/Pinkslipbot or infostealer worm QakBot |
| 2010-10-25
⋅
RSA
⋅
Businesses Beware: Qakbot Spreads like a Worm, Stings like a Trojan QakBot |
| 2010-05-11
⋅
Symantec
⋅
Qakbot, Data Thief Unmasked: Part I QakBot |
| 2010-04-22
⋅
Symantec
⋅
Qakbot Steals 2GB of Confidential Data per Week QakBot |
| 2009-12-22
⋅
Symantec
⋅
Qakbot, Data Thief Unmasked: Part II QakBot |
| 2009-05-07
⋅
Symantec
⋅
W32.Qakbot QakBot |