The Qbot malware was first discovered in 2008 and it has been used for a variety of purposes. It boasts a couple of prolific campaigns in recent years, particularly in 2020, but recent events indicate that it might have a slightly different coat of paint. We’ll begin our exploration here with a little bit of history on the Qbot malware, but from there we will move on to discussing DLL usage manipulation in Windows. In particular, we’ll go over a little bit about DLL side-loading: what it is, how
- Red Sky Alliance identified 21,897 connections from new IP’s checking in with our Sinkholes
- com 424x
- Analysts identified 1,504 new IP addresses participating in various Botnets
- Log4Shell update
- Vulnerabilities in Siemens JT2Go & Teamcenter Visualization
- Confucius Says
- Sewers held Hostage
- Attacks Shame, Scare Victims
- GPS Vulnerabilities
Link to full report: IR-22-203-001_weekly203.pdf
- Red Sky Alliance identified 37,866 connections from new unique IP addresses
- Analysts identified 765 new IP addresses participating in various Botnets
- Compromised IP: 220.127.116.11
- Is it REvil or is it the Feds?
- BlackMatter and Cameras?
- Grayfly – an Arm of APT41
- EasyJet in the Crosshairs
- Just Who’s Winning the Cyber War?
- Tiananmen Square Memorials
Link to full report: IR-21-260-001_weekly_260.pdf
Note: this page contains paid content.
Please, subscribe to get an access.