ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool QakBot

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: QakBot

NamesQakBot
QuakBot
Qbot
PinkSlip
CategoryMalware
TypeBanking trojan, Backdoor, Credential stealer, Tunneling, Worm, Botnet
Description(IBM) Though well-known and familiar from previous online fraud attacks, QakBot continually evolves. This is the first time IBM X-Force has seen the malware cause AD lockouts in affected organizational networks.

Although part of QakBot is known to be a worm, it is a banking Trojan in every other sense. QakBot is modular, multithread malware whose various components implement online banking credential theft, a backdoor feature, SOCKS proxy, extensive anti-research capabilities and the ability to subvert antivirus (AV) tools. Aside from its evasion techniques, given admin privileges, QakBot’s current variant can disable security software running on the endpoint.
Information<https://securityintelligence.com/qakbot-banking-trojan-causes-massive-active-directory-lockouts/>
<https://www.johannesbader.ch/2016/02/the-dga-of-qakbot/>
<https://www.varonis.com/blog/varonis-discovers-global-cyber-campaign-qbot/>
<https://media.scmagazine.com/documents/225/bae_qbot_report_56053.pdf>
<https://www.cylance.com/en_us/blog/threat-spotlight-the-return-of-qakbot-malware.html>
<https://www.virusbulletin.com/uploads/pdf/magazine/2016/VB2016-Karve-etal.pdf>
<https://www.vkremez.com/2018/07/lets-learn-in-depth-reversing-of-qakbot.html>
<https://www.fortinet.com/blog/threat-research/deep-analysis-of-a-qbot-campaign-part-1>
<https://www.fortinet.com/blog/threat-research/deep-analysis-qbot-campaign>
<https://research.checkpoint.com/2020/exploring-qbots-latest-attack-methods/>
<https://www.bleepingcomputer.com/news/security/qbot-uses-windows-defender-antivirus-phishing-bait-to-infect-pcs/>
<https://www.bleepingcomputer.com/news/security/qbot-malware-is-back-replacing-icedid-in-malspam-campaigns/>
<https://cybersecurity.att.com/blogs/labs-research/the-rise-of-qakbot>
<https://www.crowdstrike.com/blog/duck-hunting-with-falcon-complete-analyzing-a-fowl-banking-trojan-part-1/>
<https://www.crowdstrike.com/blog/duck-hunting-with-falcon-complete-qakbot-zip-based-campaign/>
<https://securityaffairs.co/wordpress/117558/cyber-crime/qakbot-latest-release.html>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.qakbot>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Qakbot>

Last change to this tool card: 14 May 2021

Download this tool card in JSON format

All groups using tool QakBot

ChangedNameCountryObserved

APT groups

 Mallard Spider[Unknown]2008-Dec 2020 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key