Qakbot - Threat hunting with hints of incident response
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Regsvr32 - T1218.010 Server - T1583.004 Server - T1584.004 Regsvr32 - T1117 Scripting - T1064 Scripting |
Common Information
| Type | Value |
|---|---|
| UUID | 09459646-a6d7-44f3-b5e2-eebbf035a3e1 |
| Fingerprint | be8508761de50f57 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 22, 2022, 7:05 p.m. |
| Added to db | Nov. 19, 2023, 1:10 a.m. |
| Last updated | Dec. 23, 2024, 6:10 p.m. |
| Headline | Qakbot |
| Title | Qakbot - Threat hunting with hints of incident response |
| Detected Hints/Tags/Attributes | 45/1/18 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 252 | ✔ | | Threat hunting with hints of incident response | https://threathunt.blog/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 79 | tria.ge |
|
| Details | File | 1 | contractcopy.js |
|
| Details | File | 63 | data.txt |
|
| Details | File | 1 | soloists.tmp |
|
| Details | File | 1 | soloist.tmp |
|
| Details | File | 497 | regsvr32.exe |
|
| Details | File | 57 | wermgr.exe |
|
| Details | File | 81 | ping.exe |
|
| Details | File | 1 | c:\windows\syswow64\afzgd32.dll |
|
| Details | File | 1 | wrmgr.exe |
|
| Details | File | 3 | c:\\windows\\system32\\regsvr32.exe |
|
| Details | File | 1 | c:\\windows\\syswow64\\regsvr32.exe |
|
| Details | sha1 | 1 | e706be44c0bf3cf12ee1b357b0d037f172a5220a |
|
| Details | sha1 | 1 | e59c813e4ece039221df119069501b5c811acbfe |
|
| Details | IPv4 | 1577 | 127.0.0.1 |
|
| Details | IPv4 | 153 | 10.0.0.0 |
|
| Details | IPv4 | 94 | 172.16.0.0 |
|
| Details | IPv4 | 139 | 192.168.0.0 |