ioc[.]one - OSINT Cyber Threat Intelligence Database

SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot

Tags

attack-pattern:

Data Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Rundll32 - T1218.011 Visual Basic - T1059.005 Powershell - T1086 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	3b16b287-3e8f-4836-922e-94b86c916efe
Fingerprint	20442831adaeb37b
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 7, 2021, 11:36 p.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot
Title	SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot
Detected Hints/Tags/Attributes	42/1/10

Source URLs

	Redirection	Url
Details	Source	https://www.netskope.com/blog/squirrelwaffle-new-malware-loader-delivering-cobalt-strike-and-qakbot

URL Provider

Details	Provider	Source level domain
Details	netskope.com	www.netskope.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	27		gen.malware.detect.by
Details	File	1		www.ps1
Details	File	2		www.txt
Details	File	155		cscript.exe
Details	File	1018		rundll32.exe
Details	File	3		www2.dll
Details	sha256	1		fb41f8ce9d34f5ceb42b3d59065f63533d4a93557f9353333cbc861e3aff1f09
Details	sha256	1		2f3371880117f0f8ff9b2778cc9ce57c96ce400afa8af8bfabbf09cb138e8a28
Details	sha256	3		00d045c89934c776a70318a36655dcdd77e1fedae0d33c98e301723f323f234c
Details	sha256	3		3c280f4b81ca4773f89dc4882c1c1e50ab1255e1975372109b37cf782974e96f