QakNote Infections: A Network-based Exploration of Varied Attack Paths - Darktrace Blog
Tags
attack-pattern: Data Models Credentials - T1589.001 Email Accounts - T1585.002 Email Accounts - T1586.002 Html Smuggling - T1027.006 Impersonation - T1656 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Vnc - T1021.005 Tool - T1588.002 Vulnerabilities - T1588.006 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 18fc29f9-26d9-4b1e-8ba9-461661b5cfe5
Fingerprint ef61a9b9ef73d76b
Analysis status DONE
Considered CTI value 0
Text language
Published April 6, 2023, midnight
Added to db April 6, 2023, 4:31 p.m.
Last updated Nov. 17, 2024, 5:56 p.m.
Headline QakNote Infections: A Network-based Exploration of Varied Attack Paths
Title QakNote Infections: A Network-based Exploration of Varied Attack Paths - Darktrace Blog
Detected Hints/Tags/Attributes 65/1/15
Source URLs
Redirection Url
Details Source https://darktrace.com/blog/qaknote-infections-a-network-based-exploration-of-varied-attack-paths
URL Provider
Details Provider Source level domain
Details darktrace.com darktrace.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 101 https://de.darktrace.com/blog/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 172 
cve-2022-30190
Details Domain 1 
bonsars.com
Details Domain 6 
www.onenote.com
Details Domain 1 
contentsync.onenote.com
Details Domain 1 
learningtools.onenote.com
Details Domain 2 
xfinity.com
Details Domain 287 
yahoo.com
Details Domain 17 
verisign.com
Details Domain 21 
oracle.com
Details Domain 13 
broadcom.com
Details File 13 
'.dat
Details File 2 
dll.cfg
Details IPv4 4 
23.111.114.52
Details IPv4 1 
194.165.16.56
Details IPv4 3 
78.31.67.7