Security experts have revealed a new variant of an information stealer and banking trojan known under the moniker QBot (aka QakBot, QuackBot, or Pinkslipbot). The trojan was first detected in the late 2000s, mostly used in financially motivated attacks aimed at stealing victims’ passwords. Its operators regularly resurface with new tricks up their sleeves, adopting new delivery vectors and evasion techniques. This time, adversaries trick victims into opening a weaponized HTML attachment that installs Qakbot, spread in a phishing campaign.
Make use of a newly released detection rule by Nattatorn Chuensangarun to expose the latest QBot attacks against your organization’s network:
The Sigma rule can be used across 19+ SIEM, EDR & XDR platforms, aligned with the MITRE ATT&CK® framework v.10, addressing the Defense Evasion and Execution tactics with Signed Binary Proxy Execution (T1218) and User Execution (T1204) as the primary techniques.
Registered SOC Prime users can reach innovative industry-specific solutions and 200,000+ detection algorithms that integrate with 26+ SIEM, EDR and XDR technologies. To access the exhaustive list of Sigma rules to detect QBot attacks, click the Detect & Hunt button below.
To obtain better visibility into threats passing through your network, navigate an ever-changing landscape of threats with a novel solution from SOC Prime – the Cyber Threat Search Engine. The Search Engine is available for free, no strings attached. Give it a go by pressing the Explore Threat Context button.
In this campaign, criminal hackers leverage payload extensions like OCX, ooccxx, .dat, .gyp to circumvent detection from automated security scans.
New attacks show up in the wild every day, and SOC professionals need precise, exposure-based solutions that cut through the noise and pinpoint the real security threats. SOC Prime’s vast library of detection content enables infosec professionals to pump up value from their investments into security. By joining SOC Prime’s Detection as Code platform, security experts can see in action how they can benefit from accelerated cyber defense capabilities.