qakbot (3)

10739450863?profile=RESIZE_400xThe Qbot malware was first discovered in 2008 and it has been used for a variety of purposes. It boasts a couple of prolific campaigns in recent years, particularly in 2020, but recent events indicate that it might have a slightly different coat of paint. We’ll begin our exploration here with a little bit of history on the Qbot malware, but from there we will move on to discussing DLL usage manipulation in Windows. In particular, we’ll go over a little bit about DLL side-loading: what it is, how

10663796459?profile=RESIZE_400xActivity Summary - Week Ending on 22 July 2022:

  • Red Sky Alliance identified 21,897 connections from new IP’s checking in with our Sinkholes
  • com 424x
  • Analysts identified 1,504 new IP addresses participating in various Botnets
  • Log4Shell update
  • Vulnerabilities in Siemens JT2Go & Teamcenter Visualization
  • QakBot
  • Confucius Says
  • Sewers held Hostage
  • Attacks Shame, Scare Victims
  • GPS Vulnerabilities

Link to full report:  IR-22-203-001_weekly203.pdf

9582988691?profile=RESIZE_400xActivity Summary - Week Ending 17 September 2021:

  • Red Sky Alliance identified 37,866 connections from new unique IP addresses
  • Analysts identified 765 new IP addresses participating in various Botnets
  • Compromised IP: 107.172.100.248
  • Is it REvil or is it the Feds?
  • BazarLoader
  • QakBot
  • BlackMatter and Cameras?
  • Grayfly – an Arm of APT41
  • EasyJet in the Crosshairs
  • Just Who’s Winning the Cyber War?
  • Tiananmen Square Memorials

Link to full report: IR-21-260-001_weekly_260.pdf