Where is the Origin QAKBOT Uses Valid Code Signing
Tags
country: Czechia
attack-pattern: Data Code Signing - T1553.002 Code Signing Certificates - T1587.002 Code Signing Certificates - T1588.003 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Private Keys - T1552.004 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Code Signing - T1116 Private Keys - T1145
Show in Graph
Common Information
Type Value
UUID e146d00f-e0b0-4fff-9e95-c242e7a0b512
Fingerprint 657867bf1c39f584
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 27, 2022, midnight
Added to db Oct. 15, 2024, 4:10 p.m.
Last updated Nov. 17, 2024, 5:56 p.m.
Headline Where is the Origin?: QAKBOT Uses Valid Code Signing
Title Where is the Origin QAKBOT Uses Valid Code Signing
Detected Hints/Tags/Attributes 59/2/5
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_au/research/22/j/where-is-the-origin-qakbot-uses-valid-code-signing-.html
Details Source https://www.trendmicro.com/en_my/research/22/j/where-is-the-origin-qakbot-uses-valid-code-signing-.html
Details Source https://www.trendmicro.com/en_nz/research/22/j/where-is-the-origin-qakbot-uses-valid-code-signing-.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details CVE 172 
cve-2022-30190
Details File 1 
via.dll
Details sha256 2 
adadda4d61188c53c25323a3561db52d14a5dbb2585a53e18b33882f1013b9ee
Details sha256 2 
78bc13074087f93fcc8f11ae013995f9a366b6943330c3d02f0b50c4ae96c8a7
Details sha256 2 
42bc9b623f70e46d6aab4910d8c75221aecf89a00756a61b21f952eea13a446c