SYMBOL | COMMON_NAME | aka. SYNONYMS |
Actor(s): GOLD CABIN
URLhausQBot is a modular information stealer also known as Qakbot or Pinkslipbot. It has been active for years since 2007. It has historically been known as a banking Trojan, meaning that it steals financial data from infected systems, and a loader using C2 servers for payload targeting and download.
2023-03-07 ⋅ Trellix ⋅ Qakbot Evolves to OneNote Malware Distribution QakBot |
2023-03-02 ⋅ Netresec ⋅ QakBot C2 Traffic QakBot |
2023-03-01 ⋅ Zscaler ⋅ OneNote: A Growing Threat for Malware Distribution AsyncRAT Cobalt Strike IcedID QakBot RedLine Stealer |
2023-02-24 ⋅ Medium walmartglobaltech ⋅ Qbot testing malvertising campaigns? QakBot |
2023-02-17 ⋅ cyble ⋅ The Many Faces of Qakbot Malware: A Look at Its Diverse Distribution Methods QakBot |
2023-02-14 ⋅ DSIH ⋅ Comment Qbot revient en force avec OneNote ? QakBot |
2023-02-06 ⋅ Sophos ⋅ Qakbot mechanizes distribution of malicious OneNote notebooks QakBot |
2023-01-12 ⋅ EclecticIQ ⋅ QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature QakBot |
2022-12-28 ⋅ HTML Smuggling Detection QakBot |
2022-12-22 ⋅ ASEC ⋅ Qakbot Being Distributed via Virtual Disk Files (*.vhd) QakBot |
2022-12-05 ⋅ Cybereason ⋅ Threat Analysis: MSI - Masquerading as a Software Installer Magniber Matanbuchus QakBot |
2022-12-02 ⋅ Github (binref) ⋅ The Refinery Files 0x06: Qakbot Decoder QakBot |
2022-12-01 ⋅ splunk ⋅ From Macros to No Macros: Continuous Malware Improvements by QakBot QakBot |
2022-11-30 ⋅ Tidal Cyber Inc. ⋅ Identifying and Defending Against QakBot's Evolving TTPs QakBot |
2022-11-23 ⋅ Cybereason ⋅ THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies Black Basta QakBot |
2022-11-14 ⋅ Twitter (@embee_research) ⋅ Twitter thread on Yara Signatures for Qakbot Encryption Routines IcedID QakBot |
2022-11-10 ⋅ Intezer ⋅ How LNK Files Are Abused by Threat Actors BumbleBee Emotet Mount Locker QakBot |
2022-11-03 ⋅ SentinelOne ⋅ Black Basta Ransomware | Attacks deploy Custom EDR Evasion Tools tied to FIN7 Threat Actor Black Basta QakBot SocksBot |
2022-10-31 ⋅ Cynet ⋅ Orion Threat Alert: Qakbot TTPs Arsenal and the Black Basta Ransomware Black Basta Cobalt Strike QakBot |
2022-10-31 ⋅ Security homework ⋅ QakBot CCs prioritization and new record types QakBot |
2022-10-13 ⋅ Syrion ⋅ QAKBOT BB Configuration and C2 IPs List QakBot |
2022-10-13 ⋅ Spamhaus ⋅ Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
2022-09-06 ⋅ Zscaler ⋅ The Ares Banking Trojan Learns Old Tricks: Adds the Defunct Qakbot DGA Ares QakBot |
2022-09-01 ⋅ Trend Micro ⋅ Ransomware Spotlight Black Basta Black Basta Cobalt Strike MimiKatz QakBot |
2022-08-25 ⋅ Palo Alto Networks Unit 42 ⋅ Threat Assessment: Black Basta Ransomware Black Basta QakBot |
2022-08-24 ⋅ Elastic ⋅ QBOT Malware Analysis QakBot |
2022-08-24 ⋅ Trellix ⋅ Demystifying Qbot Malware QakBot |
2022-07-27 ⋅ Elastic ⋅ QBOT Configuration Extractor QakBot |
2022-07-27 ⋅ cyble ⋅ Targeted Attacks Being Carried Out Via DLL SideLoading Cobalt Strike QakBot |
2022-07-27 ⋅ Elastic ⋅ Exploring the QBOT Attack Pattern QakBot |
2022-07-24 ⋅ Bleeping Computer ⋅ QBot phishing uses Windows Calculator sideloading to infect devices QakBot |
2022-07-19 ⋅ Fortinet ⋅ New Variant of QakBot Being Spread by HTML File Attached to Phishing Emails QakBot |
2022-07-17 ⋅ Resecurity ⋅ Shortcut-Based (LNK) Attacks Delivering Malicious Code On The Rise AsyncRAT BumbleBee Emotet IcedID QakBot |
2022-07-12 ⋅ Zscaler ⋅ Rise in Qakbot attacks traced to evolving threat techniques QakBot |
2022-07-07 ⋅ Fortinet ⋅ Notable Droppers Emerge in Recent Threat Campaigns BumbleBee Emotet PhotoLoader QakBot |
2022-07-05 ⋅ Soc Investigation ⋅ QBot Spreads via LNK Files – Detection & Response QakBot |
2022-06-30 ⋅ Trend Micro ⋅ Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit Black Basta Cobalt Strike QakBot |
2022-06-21 ⋅ McAfee ⋅ Rise of LNK (Shortcut files) Malware BazarBackdoor Emotet IcedID QakBot |
2022-06-17 ⋅ Github (NtQuerySystemInformation) ⋅ A reverse engineer primer on Qakbot Dll Stager: From initial execution to multithreading. QakBot |
2022-06-09 ⋅ InfoSec Handlers Diary Blog ⋅ TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt) QakBot |
2022-06-02 ⋅ Mandiant ⋅ TRENDING EVIL Q2 2022 CloudEyE Cobalt Strike CryptBot Emotet IsaacWiper QakBot |
2022-05-24 ⋅ BitSight ⋅ Emotet Botnet Rises Again Cobalt Strike Emotet QakBot SystemBC |
2022-05-19 ⋅ Trend Micro ⋅ Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware Emotet QakBot |
2022-05-09 ⋅ Microsoft ⋅ Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT |
2022-04-28 ⋅ Symantec ⋅ Ransomware: How Attackers are Breaching Corporate Networks AvosLocker Conti Emotet Hive IcedID PhotoLoader QakBot TrickBot |
2022-04-26 ⋅ Intel 471 ⋅ Conti and Emotet: A constantly destructive duo Cobalt Strike Conti Emotet IcedID QakBot TrickBot |
2022-04-20 ⋅ SANS ISC ⋅ 'aa' distribution Qakbot (Qbot) infection with DarkVNC traffic QakBot |
2022-04-17 ⋅ Malwarology ⋅ Qakbot Series: API Hashing QakBot |
2022-04-16 ⋅ Malwarology ⋅ Qakbot Series: Process Injection QakBot |
2022-04-13 ⋅ Malwarology ⋅ Qakbot Series: Configuration Extraction QakBot |
2022-04-12 ⋅ Tech Times ⋅ Qbot Botnet Deploys Malware Payloads Through Malicious Windows Installers QakBot |
2022-04-11 ⋅ Bleeping Computer ⋅ Qbot malware switches to new Windows Installer infection vector QakBot |
2022-04-10 ⋅ Malwarology ⋅ Qakbot Series: String Obfuscation QakBot |
2022-03-31 ⋅ nccgroup ⋅ Conti-nuation: methods and techniques observed in operations post the leaks Cobalt Strike Conti QakBot |
2022-03-25 ⋅ SANS ISC ⋅ XLSB Files: Because Binary is Stealthier Than XML QakBot |
2022-03-17 ⋅ Trend Micro ⋅ Navigating New Frontiers Trend Micro 2021 Annual Cybersecurity Report REvil BazarBackdoor Buer IcedID QakBot REvil |
2022-03-16 ⋅ InfoSec Handlers Diary Blog ⋅ Qakbot infection with Cobalt Strike and VNC activity Cobalt Strike QakBot |
2022-03-16 ⋅ SANS ISC ⋅ Qakbot infection with Cobalt Strike and VNC activity Cobalt Strike QakBot |
2022-02-26 ⋅ Mandiant ⋅ TRENDING EVIL Q1 2022 KEYPLUG FAKEUPDATES GootLoader BazarBackdoor QakBot |
2022-02-26 ⋅ LinkedIn (Zayed AlJaberi) ⋅ Hunting Recent QakBot Malware QakBot |
2022-02-24 ⋅ The Hacker News ⋅ TrickBot Gang Likely Shifting Operations to Switch to New Malware BazarBackdoor Emotet QakBot TrickBot |
2022-02-21 ⋅ Qbot and Zerologon Lead To Full Domain Compromise Cobalt Strike QakBot |
2022-02-16 ⋅ SOC Prime ⋅ QBot Malware Detection: Old Dog New Tricks QakBot |
2022-02-10 ⋅ Cybereason ⋅ Threat Analysis Report: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot Cobalt Strike Emotet IcedID QakBot |
2022-02-08 ⋅ BleepingComputer ⋅ Qbot needs only 30 minutes to steal your credentials, emails QakBot |
2022-02-07 ⋅ The DFIR Report ⋅ Qbot Likes to Move It, Move It QakBot |
2022-01-19 ⋅ Blackberry ⋅ Kraken the Code on Prometheus Prometheus Backdoor BlackMatter Cerber Cobalt Strike DCRat Ficker Stealer QakBot REvil Ryuk |
2022-01-18 ⋅ Recorded Future ⋅ 2021 Adversary Infrastructure Report BazarBackdoor Cobalt Strike Dridex IcedID QakBot TrickBot |
2022-01-15 ⋅ Atomic Matryoshka ⋅ Malware Headliners: Qakbot QakBot |
2022-01-13 ⋅ Trustwave ⋅ Decrypting Qakbot’s Encrypted Registry Keys QakBot |
2022-01-11 ⋅ Cybereason ⋅ Threat Analysis Report: DatopLoader Exploits ProxyShell to Deliver QBOT and Cobalt Strike Cobalt Strike QakBot Squirrelwaffle |
2021-12-17 ⋅ Trend Micro ⋅ Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager QakBot |
2021-12-16 ⋅ Red Canary ⋅ Intelligence Insights: December 2021 Cobalt Strike QakBot Squirrelwaffle |
2021-12-11 ⋅ YouTube (AGDC Services) ⋅ How To Extract & Decrypt Qbot Configs Across Variants QakBot |
2021-12-09 ⋅ Microsoft ⋅ A closer look at Qakbot’s latest building blocks (and how to knock them down) QakBot |
2021-11-21 ⋅ Twitter (@tylabs) ⋅ Twitter Thread about UNC1500 phishing using QAKBOT QakBot |
2021-11-19 ⋅ Trend Micro ⋅ Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains Cobalt Strike QakBot Squirrelwaffle |
2021-11-18 ⋅ Red Canary ⋅ Intelligence Insights: November 2021 Andromeda Conti LockBit QakBot Squirrelwaffle |
2021-11-17 ⋅ Twitter (@Unit42_Intel) ⋅ Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike Cobalt Strike QakBot |
2021-11-16 ⋅ Twitter (@kienbigmummy) ⋅ Tweet on short analysis of QakBot QakBot |
2021-11-15 ⋅ TRUESEC ⋅ ProxyShell, QBot, and Conti Ransomware Combined in a Series of Cyberattacks Cobalt Strike Conti QakBot |
2021-11-13 ⋅ YouTube (AGDC Services) ⋅ Automate Qbot Malware String Decryption With Ghidra Script QakBot |
2021-11-13 ⋅ Trend Micro ⋅ QAKBOT Loader Returns With New Techniques and Tools QakBot |
2021-11-12 ⋅ Trend Micro ⋅ The Prelude to Ransomware: A Look into Current QAKBOT Capabilities and Global Activities QakBot |
2021-11-12 ⋅ Recorded Future ⋅ The Business of Fraud: Botnet Malware Dissemination Mozi Dridex IcedID QakBot TrickBot |
2021-11-11 ⋅ Cynet ⋅ A Duck Nightmare Quakbot Strikes with QuakNightmare Exploitation Cobalt Strike QakBot |
2021-11-11 ⋅ vmware ⋅ Research Recap: How To Automate Malware Campaign Detection With Telemetry Peak Analyzer Phorpiex QakBot |
2021-11-10 ⋅ CIRCL ⋅ TR-64 - Exploited Exchange Servers - Mails with links to malware from known/valid senders QakBot |
2021-11-09 ⋅ MinervaLabs ⋅ A New DatopLoader Delivers QakBot Trojan QakBot Squirrelwaffle |
2021-11-03 ⋅ Twitter (@Corvid_Cyber) ⋅ Tweet on a unique Qbot debugger dropped by an actor after compromise QakBot |
2021-11-03 ⋅ Team Cymru ⋅ Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns - A Case Study on the Value of Threat Reconnaisance DoppelDridex IcedID QakBot Zloader |
2021-10-26 ⋅ Identification of a new cyber criminal group: Lockean Cobalt Strike DoppelPaymer Egregor Maze PwndLocker QakBot REvil |
2021-10-26 ⋅ Cisco Talos ⋅ SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike Cobalt Strike QakBot Squirrelwaffle |
2021-10-07 ⋅ Netskope ⋅ SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot Cobalt Strike QakBot Squirrelwaffle |
2021-09-03 ⋅ IBM ⋅ Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight Valak QakBot REvil |
2021-09-03 ⋅ Trend Micro ⋅ The State of SSL/TLS Certificate Usage in Malware C&C Communications AdWind ostap AsyncRAT BazarBackdoor BitRAT Buer Chthonic CloudEyE Cobalt Strike DCRat Dridex FindPOS GootKit Gozi IcedID ISFB Nanocore RAT Orcus RAT PandaBanker Qadars QakBot Quasar RAT Rockloader ServHelper Shifu SManager TorrentLocker TrickBot Vawtrak Zeus Zloader |
2021-09-02 ⋅ Kaspersky ⋅ QakBot Technical Analysis QakBot |
2021-08-15 ⋅ Symantec ⋅ The Ransomware Threat Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker |
2021-08-05 ⋅ Group-IB ⋅ Prometheus TDS The key to success for Campo Loader, Hancitor, IcedID, and QBot Prometheus Backdoor Buer campoloader Hancitor IcedID QakBot |
2021-08-05 ⋅ The Record ⋅ Meet Prometheus, the secret TDS behind some of today’s malware campaigns Buer campoloader IcedID QakBot |
2021-07-30 ⋅ HP ⋅ Detecting TA551 domains Valak Dridex IcedID ISFB QakBot |
2021-07-24 ⋅ 0ffset Blog ⋅ Quack Quack: Analysing Qakbot’s Browser Hooking Module – Part 1 QakBot |
2021-06-24 ⋅ Kaspersky ⋅ Malicious spam campaigns delivering banking Trojans IcedID QakBot |
2021-06-16 ⋅ Proofpoint ⋅ The First Step: Initial Access Leads to Ransomware BazarBackdoor Egregor IcedID Maze QakBot REvil Ryuk TrickBot WastedLocker |
2021-06-16 ⋅ S2 Grupo ⋅ Emotet campaign analysis Emotet QakBot |
2021-06-16 ⋅ Twitter (@ChouchWard) ⋅ Tweet on Qbot operators left their web server's access.log file unsecured QakBot |
2021-06-15 ⋅ Perception Point ⋅ Insights Into an Excel 4.0 Macro Attack using Qakbot Malware QakBot |
2021-06-10 ⋅ ZAYOTEM ⋅ QakBot Technical Analysis Report QakBot |
2021-06-08 ⋅ Advanced Intelligence ⋅ From QBot...with REvil Ransomware: Initial Attack Exposure of JBS QakBot REvil |
2021-06-02 ⋅ Bleeping Computer ⋅ FUJIFILM shuts down network after suspected ransomware attack QakBot |
2021-05-26 ⋅ DeepInstinct ⋅ A Deep Dive into Packing Software CryptOne Cobalt Strike Dridex Emotet Gozi ISFB Mailto QakBot SmokeLoader WastedLocker Zloader |
2021-05-19 ⋅ Intel 471 ⋅ Look how many cybercriminals love Cobalt Strike BazarBackdoor Cobalt Strike Hancitor QakBot SmokeLoader SystemBC TrickBot |
2021-05-04 ⋅ Seguranca Informatica ⋅ A taste of the latest release of QakBot QakBot |
2021-04-30 ⋅ MADRID Labs ⋅ Qbot: Analyzing PHP Proxy Scripts from Compromised Web Server QakBot |
2021-04-28 ⋅ IBM ⋅ QBot Malware Spotted Using Windows Defender Antivirus Lure QakBot |
2021-04-28 ⋅ Reversing Labs ⋅ Spotting malicious Excel4 macros QakBot |
2021-04-19 ⋅ Twitter (@_alex_il_) ⋅ Tweet on QakBot's additional decryption mechanism QakBot |
2021-04-15 ⋅ AT&T ⋅ The rise of QakBot QakBot |
2021-04-13 ⋅ Silent Push ⋅ Malicious infrastructure as a service IcedID PhotoLoader QakBot |
2021-04-12 ⋅ PTSecurity ⋅ PaaS, or how hackers evade antivirus software Amadey Bunitu Cerber Dridex ISFB KPOT Stealer Mailto Nemty Phobos Pony Predator The Thief QakBot Raccoon RTM SmokeLoader Zloader |
2021-04-12 ⋅ Twitter (@elisalem9) ⋅ Tweets on QakBot QakBot |
2021-04-06 ⋅ Intel 471 ⋅ EtterSilent: the underground’s new favorite maldoc builder BazarBackdoor ISFB QakBot TrickBot |
2021-03-31 ⋅ Red Canary ⋅ 2021 Threat Detection Report Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot |
2021-03-26 ⋅ Trend Micro ⋅ Alleged Members of Egregor Ransomware Cartel Arrested Egregor QakBot |
2021-03-18 ⋅ VinCSS ⋅ [RE021] Qakbot analysis – Dangerous malware has been around for more than a decade QakBot |
2021-03 ⋅ Group-IB ⋅ Ransomware Uncovered 2020/2021 RansomEXX BazarBackdoor Buer Clop Conti DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader |
2021-02-28 ⋅ PWC UK ⋅ Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Tonto Team |
2021-02-24 ⋅ IBM ⋅ X-Force Threat Intelligence Index 2021 Emotet QakBot Ramnit REvil TrickBot |
2021-02-23 ⋅ CrowdStrike ⋅ 2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader KNOCKOUT SPIDER OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
2021-02-15 ⋅ Twitter (@TheDFIRReport) ⋅ Tweet on Qakbot post infection discovery activity QakBot |
2021-02-02 ⋅ CRONUP ⋅ De ataque con Malware a incidente de Ransomware Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader |
2021-01-19 ⋅ Palo Alto Networks Unit 42 ⋅ Wireshark Tutorial: Examining Emotet Infection Traffic Emotet GootKit IcedID QakBot TrickBot |
2021-01-19 ⋅ Medium elis531989 ⋅ Funtastic Packers And Where To Find Them Get2 IcedID QakBot |
2021-01-06 ⋅ FBI ⋅ PIN Number 20210106-001: Egregor Ransomware Targets Businesses Worldwide, Attempting to Extort Businesses by Publicly Releasing Exfiltrated Data Egregor QakBot |
2021 ⋅ Secureworks ⋅ Threat Profile: GOLD LAGOON QakBot MALLARD SPIDER |
2020-12-15 ⋅ Hornetsecurity ⋅ QakBot reducing its on disk artifacts Egregor PwndLocker QakBot |
2020-12-12 ⋅ Medium 0xthreatintel ⋅ Reversing QakBot [ TLP: White] QakBot |
2020-12-09 ⋅ FireEye ⋅ It's not FINished The Evolving Maturity in Ransomware Operations (SLIDES) Cobalt Strike DoppelPaymer QakBot REvil |
2020-12-09 ⋅ InfoSec Handlers Diary Blog ⋅ Recent Qakbot (Qbot) activity Cobalt Strike QakBot |
2020-12-03 ⋅ Recorded Future ⋅ Egregor Ransomware, Used in a String of High-Profile Attacks, Shows Connections to QakBot Egregor QakBot |
2020-12-02 ⋅ Red Canary ⋅ Tweet on increased #Qbot activity delivering Cobalt Strike & #Egregor ransomware Cobalt Strike Egregor QakBot |
2020-12-01 ⋅ Group-IB ⋅ Egregor ransomware: The legacy of Maze lives on Egregor QakBot |
2020-11-30 ⋅ FireEye ⋅ It's not FINished The Evolving Maturity in Ransomware Operations Cobalt Strike DoppelPaymer MimiKatz QakBot REvil |
2020-11-27 ⋅ Fiducia & GAD IT AG ⋅ When ransomware hits an ATM giant - The Diebold Nixdorf case dissected PwndLocker QakBot |
2020-11-26 ⋅ Cybereason ⋅ Cybereason vs. Egregor Ransomware Cobalt Strike Egregor IcedID ISFB QakBot |
2020-11-20 ⋅ Group-IB ⋅ The Locking Egregor Egregor QakBot |
2020-11-20 ⋅ ZDNet ⋅ The malware that usually installs ransomware and you need to remove right away Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader |
2020-11-12 ⋅ Intrinsec ⋅ Egregor – Prolock: Fraternal Twins ? Egregor PwndLocker QakBot |
2020-10-29 ⋅ CERT-FR ⋅ LE MALWARE-AS-A-SERVICE EMOTET Dridex Emotet ISFB QakBot |
2020-10-14 ⋅ CrowdStrike ⋅ Duck Hunting with Falcon Complete: Remediating a Fowl Banking Trojan, Part 3 QakBot |
2020-10-07 ⋅ CrowdStrike ⋅ Duck Hunting with Falcon Complete: Analyzing a Fowl Banking Trojan, Part 2 QakBot Zloader |
2020-10-01 ⋅ CrowdStrike ⋅ Duck Hunting with Falcon Complete: Analyzing a Fowl Banking Trojan, Part 1 QakBot MALLARD SPIDER |
2020-09-29 ⋅ Microsoft ⋅ Microsoft Digital Defense Report Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot |
2020-09-29 ⋅ PWC UK ⋅ What's behind the increase in ransomware attacks this year? DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker |
2020-09-10 ⋅ Group-IB ⋅ Lock Like a Pro: Dive in Recent ProLock's Big Game Hunting PwndLocker QakBot |
2020-09-10 ⋅ QuoSec GmbH ⋅ grap: Automating QakBot strings decryption QakBot |
2020-09-04 ⋅ QuoSec GmbH ⋅ Navigating QakBot samples with grap QakBot |
2020-08-27 ⋅ Checkpoint ⋅ An Old Bot’s Nasty New Tricks: Exploring Qbot’s Latest Attack Methods QakBot |
2020-08-20 ⋅ Morphisec ⋅ QakBot (QBot) Maldoc Campaign Introduces Two New Techniques into Its Arsenal QakBot |
2020-07-15 ⋅ N1ght-W0lf Blog ⋅ Deep Analysis of QBot Banking Trojan QakBot |
2020-06-24 ⋅ Morphisec ⋅ Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex Dridex ISFB QakBot Zloader |
2020-06-21 ⋅ Malware and Stuff ⋅ UpnP – Messing up Security since years QakBot |
2020-06-16 ⋅ Hornetsecurity ⋅ QakBot malspam leading to ProLock: Nothing personal just business PwndLocker QakBot |
2020-06-11 ⋅ F5 Labs ⋅ Qbot Banking Trojan Still Up to Its Old Tricks QakBot |
2020-05-05 ⋅ Malware and Stuff ⋅ An old enemy – Diving into QBot part 3 QakBot |
2020-03-30 ⋅ Malware and Stuff ⋅ An old enemy – Diving into QBot part 1 QakBot |
2020-03-04 ⋅ CrowdStrike ⋅ 2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
2020-03-03 ⋅ PWC UK ⋅ Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA |
2020-02-19 ⋅ FireEye ⋅ M-Trends 2020 Cobalt Strike Grateful POS LockerGoga QakBot TrickBot |
2020-02-13 ⋅ Palo Alto Networks Unit 42 ⋅ Wireshark Tutorial: Examining Qakbot Infections QakBot |
2020-02-10 ⋅ Malwarebytes ⋅ 2020 State of Malware Report magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor |
2020-01-03 ⋅ Youtube (BSides Belfast) ⋅ Demystifying QBot Banking Trojan QakBot |
2020 ⋅ Secureworks ⋅ GOLD LAGOON QakBot |
2020 ⋅ University of Malta ⋅ Memory Forensics of Qakbot QakBot |
2019-12-07 ⋅ Secureworks ⋅ End-to-end Botnet Monitoring... Botconf 2019 Emotet ISFB QakBot |
2019-11-12 ⋅ Hatching.io ⋅ Reversing Qakbot QakBot |
2019-06-03 ⋅ Varonis ⋅ Varonis Exposes Global Cyber Campaign: C2 Server Actively Compromising Thousands of Victims QakBot |
2019-05-02 ⋅ Cisco Talos ⋅ Qakbot levels up with new obfuscation techniques QakBot |
2018-07-29 ⋅ Vitali Kremez Blog ⋅ Let's Learn: In-Depth Reversing of Qakbot "qbot" Banker Part 1 QakBot |
2017-11-06 ⋅ Microsoft ⋅ Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks Emotet QakBot |
2017-06-02 ⋅ SecurityIntelligence ⋅ QakBot Banking Trojan Causes Massive Active Directory Lockouts QakBot |
2017-05-23 ⋅ ThreatVector ⋅ Quakbot QakBot |
2016-08 ⋅ Intel Security ⋅ DIVING INTO PINKSLIPBOT’S LATEST CAMPAIGN QakBot |
2016-04-28 ⋅ Cisco Talos ⋅ Research Spotlight: The Resurgence of Qbot QakBot |
2016-02-24 ⋅ Johannes Bader Blog ⋅ The DGA of Qakbot.T QakBot |
2016 ⋅ BAE Systems ⋅ The Return of Qbot QakBot |
2012 ⋅ Symantec ⋅ W32.Qakbot in Detail QakBot |
2011-05-25 ⋅ Contagio Dump ⋅ W32.Qakbot aka W32/Pinkslipbot or infostealer worm QakBot |