qakbot (8)

12389946898?profile=RESIZE_400xThe infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. The enterprise security firm Proofpoint reported that the activity targets organizations in the US with voicemail-themed lures containing links to OneDrive URLs.  "The URLs led to a Word file with names such as "ReleaseEvans#96.docm" (the digits before the file extension varied)," the company said in a recent report.  "Th

12336868687?profile=RESIZE_400xThe malware loader PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk.  PikaBot was previously only distributed via malspam campaigns, similar to QakBot, and emerged as one of the preferred payloads for a threat actor known as TA577.  The malware family, which first appeared in early 2023, consists of a loader and a core module that allows it to operate as a backdoor and a distributor for other payloads.

See:  https://re

12213840469?profile=RESIZE_400xA criminal ransomware network connected to a cyber-attack inside numerous US hospitals has been taken down by the FBI, according to a US Department of Justice press release.  The attack hit over 200,000 computers across the US and cost hundreds of millions of dollars in damage.  The FBI called it a duck hunt taking down the hacking network called Qakbot.  “Qackbot is one of the most successful persistent and notorious botnets in the globe,” said US Attorney Martin Estrada. “Stopping cybercrime i


Qakbot was first observed in 2008.  While it was originally a banking trojan, it has evolved   over   time   to   include   gaining   access, dropping  additional malware,   and performing other data-stealing, ransomware, and malicious activities   across a network.

QakNote is the name of the new QakBot campaign.  It was first reported by Cynet researcher, Max Malyutin, on Twitter, who explained that threat actors were experimenting with a new Distribution method to replace the former use of ma

10904613856?profile=RESIZE_400xAccording to cyber security professionals, ZIP and RAR files have overtaken Office documents as the file most used by cyber criminals to deliver malware, according to an analysis of real-world cyberattacks and data collected from millions of PCs.  The research, based on customer data found in the period between July and September 2022, 42% of attempts at delivering malware attacks used archive file formats, including ZIP and RAR.

That means cyberattacks attempting to exploit ZIP and RAR formats

10739450863?profile=RESIZE_400xThe Qbot malware was first discovered in 2008 and it has been used for a variety of purposes. It boasts a couple of prolific campaigns in recent years, particularly in 2020, but recent events indicate that it might have a slightly different coat of paint. We’ll begin our exploration here with a little bit of history on the Qbot malware, but from there we will move on to discussing DLL usage manipulation in Windows. In particular, we’ll go over a little bit about DLL side-loading: what it is, how

10663796459?profile=RESIZE_400xActivity Summary - Week Ending on 22 July 2022:

  • Red Sky Alliance identified 21,897 connections from new IP’s checking in with our Sinkholes
  • com 424x
  • Analysts identified 1,504 new IP addresses participating in various Botnets
  • Log4Shell update
  • Vulnerabilities in Siemens JT2Go & Teamcenter Visualization
  • QakBot
  • Confucius Says
  • Sewers held Hostage
  • Attacks Shame, Scare Victims
  • GPS Vulnerabilities

Link to full report:  IR-22-203-001_weekly203.pdf

9582988691?profile=RESIZE_400xActivity Summary - Week Ending 17 September 2021:

  • Red Sky Alliance identified 37,866 connections from new unique IP addresses
  • Analysts identified 765 new IP addresses participating in various Botnets
  • Compromised IP:
  • Is it REvil or is it the Feds?
  • BazarLoader
  • QakBot
  • BlackMatter and Cameras?
  • Grayfly – an Arm of APT41
  • EasyJet in the Crosshairs
  • Just Who’s Winning the Cyber War?
  • Tiananmen Square Memorials

Link to full report: IR-21-260-001_weekly_260.pdf