Qakbot Resurfaces with new Playbook
Tags
cmtmf-attack-pattern: Masquerading Process Injection
maec-delivery-vectors: Watering Hole
attack-pattern: Direct Credentials - T1589.001 Dll Side-Loading - T1574.002 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Process Injection - T1631 Regsvr32 - T1218.010 Software - T1592.002 Dll Side-Loading - T1073 Masquerading - T1036 Process Injection - T1055 Regsvr32 - T1117 User Execution - T1204 Masquerading User Execution
Show in Graph
Common Information
Type Value
UUID e800f311-ad48-4972-9535-664cbc4c9515
Fingerprint ccc50ba92ff1cd8d
Analysis status DONE
Considered CTI value 2
Text language
Published July 21, 2022, midnight
Added to db Oct. 24, 2023, 1:42 p.m.
Last updated Nov. 18, 2024, 12:28 p.m.
Headline Qakbot Resurfaces with new Playbook
Title Qakbot Resurfaces with new Playbook
Detected Hints/Tags/Attributes 56/3/29
Source URLs
Redirection Url
Details Redirection https://blog.cyble.com/2022/07/21/qakbot-resurfaces-with-new-playbook/
Details Source https://cyble.com/blog/qakbot-resurfaces-with-new-playbook/
URL Provider
Details Provider Source level domain
Details cyble.com cyble.com
Details cyble.com blog.cyble.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
47787.zip
Details File 1 
47787.zip
Details File 1 
47787.iso
Details File 23 
windowscodecs.dll
Details File 4 
7533.dll
Details File 312 
calc.exe
Details File 4 
windowscodec.dll
Details File 461 
regsvr32.exe
Details File 1260 
explorer.exe
Details File 1 
47787.html
Details md5 1 
d79ac5762e68b8f19146c78c85b72d5e
Details md5 1 
a4a09d3d5905910ad2a207522dcec67c
Details md5 1 
b6cb21060e11c251ed52d92e83cbcf42
Details md5 1 
21930abbbb06588edf0240cc60302143
Details md5 1 
a8c071f4d69627f581fa15495218bff7
Details sha1 1 
899c8c030a88ebcc0b3e8482fbfe31e59d095641
Details sha1 1 
8e7984a0af138aac5427b785e4385cdc6b9b8963
Details sha1 1 
b2a3d6a620c050fd03f1e16649c6b5bfdc195089
Details sha1 2 
48bf9b838ecb90b8389a0c50b301acc32b44b53e
Details sha1 1 
25beb06d731192ea20bc7eb0c81ae952f2a0bd33
Details sha256 1 
cb83a65a625a69bbae22d7dd87686dc2be8bd8a1f8bb40e318e20bc2a6c32a8e
Details sha256 1 
197ee022aa311568cd98fee15baf2ee1a2f10ab32a6123b481a04ead41e80eee
Details sha256 1 
9887e7a708b4fc3a91114f78ebfd8dcc2d5149fd9c3657872056ca3e5087626d
Details sha256 1 
8760c4b4cc8fdcd144651d5ba02195d238950d3b70abd7d7e1e2d42b6bda9751
Details sha256 1 
c992296a35528b12b39052e8dedc74d42c6d96e5e63c0ac0ad9a5545ce4e8d7e
Details MITRE ATT&CK Techniques 409 
T1566
Details MITRE ATT&CK Techniques 420 
T1204
Details MITRE ATT&CK Techniques 227 
T1574.002
Details MITRE ATT&CK Techniques 441 
T1055