Detecting QAKBOT/QBOT Malicious Activity

preview_player
Показать описание
Qakbot (Qbot) has been around for over a decade, and can routinely be found on lists of the most common malware infections. From the attacker's perspective, a lot of this success can be attributed to rapidly changing their TTPs to avoid detection, packaging their malware in new and novel ways to evade anti-virus, EDR, and SIEM detections rules. In this week's SnapShot, we'll take a look at a recent Qakbot sample, highlight some of their evasion strategies (like adding multiple backslashes to file paths), and discuss detection and hunting strategies you can use to keep ahead of their ever changing techniques.

References:

SnapAttack Content:
  1. SnapAttack is now part of Cisco
Рекомендации по теме
Detecting QAKBOT/QBOT Malicious 0:12:06

Detecting QAKBOT/QBOT Malicious Activity

Qakbot Malware Explained 0:03:10

Qakbot Malware Explained

Qakbot Malware Takedown 0:02:52

Qakbot Malware Takedown

QBot MALWARE spreads 0:01:19

QBot MALWARE spreads through NEW PHISHING CAMPAIGN I CYBERSECURITY NEWS 🗞️

Qakbot Campaign and 0:14:11

Qakbot Campaign and the Black Basta Ransomware Group - Attack Overview

Analysis of a 0:01:22

Analysis of a malicious html file qbot

Qakbot network used 0:00:53

Qakbot network used by cybercriminals taken down

2-Minutes QakBot Excel 0:02:19

2-Minutes QakBot Excel Malware Analysis

Patrick Star vs 0:03:54

Patrick Star vs obama225 Qakbot

New Qakbot : 0:11:29

New Qakbot : uses MITRE technique T1027.006 Obfuscated Files or Information: HTML Smuggling

Evasive QBot Malware 0:00:57

Evasive QBot Malware Uses Short-lived Residential IP Addresses for Dynamic Attacks

Qakbot Campaign and 0:08:09

Qakbot Campaign and the Black Basta Ransomware Group - Recommendations

FBI takes down 0:02:35

FBI takes down global hacker network, dismantles Qakbot malware

How to Detect 0:01:42

How to Detect Malware

Stef Rand - 0:45:22

Stef Rand - Drop It Like It’s Qbot (Remix): Detecting initial execution earlier with OSINT

Cybersecurity News: The 0:06:07

Cybersecurity News: The Impact of our Economy on Your Security | Qakbot Ransomware Alert

FBI Dismantles Notorious 0:17:29

FBI Dismantles Notorious Qakbot Hacking Network

MALWARE Analysis with 0:14:53

MALWARE Analysis with Wireshark // TRICKBOT Infection

3/7/19 Qbot Malware 0:06:25

3/7/19 Qbot Malware is Back

The Security Swarm 0:25:28

The Security Swarm Podcast - Episode 07: A Discussion and Analysis of Qakbot

Stef Rand - 0:46:01

Stef Rand - Drop It Like It’s Qbot (BSidesRemix): Detecting initial execution earlier with OSINT

Drop It Like 0:43:09

Drop It Like It’s Qbot (Red Canary Remix): Detecting initial execution earlier with OSINT

Threat actors Sideloading 0:14:32

Threat actors Sideloading - PlugX General Walkthrough

Detecting Ransomware with 0:07:48

Detecting Ransomware with Byte25

Комментарии
Автор

this is a great representation of WHAT this thing is ....well done!
NOW ....how the hell do you get rid of it

prophead
join shbcf.ru