Date Author Title
2023-06-22Brad DuncanQakbot (Qbot) activity, obama271 distribution tag
2023-02-28Brad DuncanBB17 distribution Qakbot (Qbot) activity
2022-12-02Brad Duncanobama224 distribution Qakbot tries .vhd (virtual hard disk) images
2022-11-02Brad DuncanWho put the "Dark" in DarkVNC?
2022-06-30Brad DuncanCase Study: Cobalt Strike Server Lives on After Its Domain Is Suspended
2022-06-09Brad DuncanTA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
2022-04-20Brad Duncan"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-03-25Xavier MertensXLSB Files: Because Binary is Stealthier Than XML
2022-03-16Brad DuncanQakbot infection with Cobalt Strike and VNC activity
2021-11-04Brad DuncanOctober 2021 Forensic Contest: Answers and Analysis
2021-09-23Xavier MertensExcel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-06-30Brad DuncanJune 2021 Forensic Contest: Answers and Analysis
2021-03-03Brad DuncanQakbot infection with Cobalt Strike
2021-02-23Jan KoprivaQakbot in a response to Full Disclosure post
2021-01-26Brad DuncanTA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20Brad DuncanQakbot activity resumes after holiday break
2020-12-09Brad DuncanRecent Qakbot (Qbot) activity
2020-11-03Brad DuncanEmotet -> Qakbot -> more Emotet
2020-08-19Xavier MertensExample of Word Document Delivering Qakbot
2020-04-01Brad DuncanQakbot malspam sent from an infected Windows host
2019-03-13Brad DuncanMalspam pushes Emotet with Qakbot as the follow-up malware