2023-05-24 (WEDNESDAY) - BYE BYE PIKABOT... WE'RE BACK TO QAK!  (OBAMA264 QAKBOT INFECTION)

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

NOTES:

• On Wed 2023-05-17, Thu 2023-05-18, Mon 2023-05-22 and Tue 2023-05-23, TA577 pushed Pikabot malware instead of Qakbot.
• Starting on Wed 2023-05-24, TA577 went back to pushing Qakbot.
• Proofpoint designated threat actor TA577 currently pushes Qakbot with the "BB"-series distribution tag.
• Based on previous distribution tags, some people refer to the "BB"-series Qakbot as "TR".
• Proofpoint designated threat actor TA570 pushes Qakbot with the "obama"-series distribution tag.
• So far, TA577 is the only threat actor/distributor I know that has pushed Pikabot.
• This blog features TA570 "obama"-series Qakbot.

 

ASSOCIATED FILES:

• 2023-05-24-obama264-Qakbot-notes.txt.zip   7.2 kB   (7,225 bytes)
• 2023-05-24-obama264-Qakbot-emails-malware-and-artifacts.zip   8.2 MB   (8,217,326 bytes)
• 2023-05-24-obama264-Qakbot-infection.pcap.zip   16.2 MB   (16,186,806 bytes)

 

Click here to return to the main page.