Analysis of a Malicious HTML File (QBot) - SANS ISC
Oct 13, 2022 · Analysis of a Malicious HTML File (QBot), Author: Didier Stevens
BB17 distribution Qakbot (Qbot) activity - SANS ISC
Early morning Tuesday 2023-02-28, I generated an infection with a URL I found on VirusTotal after pivoting on a search for BB17-tagged distribution URLs for Qakbot (Qbot).
Video: Analysis of a Malicious HTML File (QBot) - SANS ISC
Oct 16, 2022 · Video: Analysis of a Malicious HTML File (QBot), Author: Didier Stevens
Qakbot (Qbot) activity, obama271 distribution tag - SANS ISC
Jun 22, 2023 · Qakbot (Qbot) activity, obama271 distribution tag, Author: Brad Duncan
Actor using Rig EK to deliver Qbot - SANS Internet Storm Center
Dec 18, 2015 · This appears to be the same actor that was using Sweet Orange EK to distribute Qbot malware in 2014 and early 2015 [1, 2, 3]. Why? Because the same type of obfuscation is …
TA551 (Shathak) Word docs push Qakbot (Qbot) - SANS ISC
Jan 26, 2021 · Shown above: Screenshot of the TA551 (Shathak) Word document with macros for Qakbot (Qbot). Shown above: Regsvr32 pop up message when the malware DLL to install …
Qakbot infection with Cobalt Strike - SANS ISC
On Tuesday 2021-03-02, I generated a Qakbot (Qbot) infection on a Windows host in one of my Active Directory (AD) test environments, where I saw Cobalt Strike as follow-up activity.
Recent Qakbot (Qbot) activity - SANS Internet Storm Center
Dec 9, 2020 · Introduction Today's diary is a review of a Qakbot (Qbot) infection I generated on Tuesday 2020-12-08. Qakbot generally includes follow-up malware like Cobalt Strike (such as …
"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
Apr 20, 2022 · Shown above: Link from an email distributing Qakbot ("aa" distribution tag) in a web browser.
Actor using Rig EK to deliver Qbot - update - SANS ISC
Dec 30, 2015 · Introduction This diary is a follow-up to my previous diary on the actor using Rig exploit kit (EK) to deliver Qbot [1]. For this diary, I've infected more Windows hosts from other …