Oct 13, 2022 · Analysis of a Malicious HTML File (QBot), Author: Didier Stevens

Dec 18, 2015 · This appears to be the same actor that was using Sweet Orange EK to distribute Qbot malware in 2014 and early 2015 [1, 2, 3]. Why? Because the same type of obfuscation is …

Early morning Tuesday 2023-02-28, I generated an infection with a URL I found on VirusTotal after pivoting on a search for BB17-tagged distribution URLs for Qakbot (Qbot).

Jun 22, 2023 · Qakbot (Qbot) activity, obama271 distribution tag, Author: Brad Duncan

Jan 26, 2021 · Shown above: Screenshot of the TA551 (Shathak) Word document with macros for Qakbot (Qbot). Shown above: Regsvr32 pop up message when the malware DLL to install …

On Tuesday 2021-03-02, I generated a Qakbot (Qbot) infection on a Windows host in one of my Active Directory (AD) test environments, where I saw Cobalt Strike as follow-up activity.

Apr 20, 2022 · Chain of Events Email --> link --> downloaded zip archive --> extracted Excel file --> enable macros --> HTTPS traffic for Qakbot DLL files --> Qakbot C2 activity --> DarkVNC …

Dec 30, 2015 · Introduction This diary is a follow-up to my previous diary on the actor using Rig exploit kit (EK) to deliver Qbot [1]. For this diary, I've infected more Windows hosts from other …

Jun 9, 2022 · A threat actor designated by Proofpoint as TA570 routinely pushes Qakbot (Qbot) malware. Malicious DLL files used for Qakbot infections contain a tag indicating their specific …

Dec 9, 2020 · Introduction Today's diary is a review of a Qakbot (Qbot) infection I generated on Tuesday 2020-12-08. Qakbot generally includes follow-up malware like Cobalt Strike (such as …