Trusted Design

The return of Qbot

概要

Qbot, also known as Qakbot, is a network-aware worm with backdoor capabilities, primarily designed as a credential harvester. It is an old threat and was well-described by Symantec back in 2009.1 The company later released a whitepaper which described Qbot version 910 in great detail.2 In December 2015, several researchers reported that websites hosting the Rig Exploit Kit were serving an updated version of Qbot.3 4 5 Then in January 2016, over 500 devices at a large public organisation were infected with Qbot: the worm was back, and it was both more and less effective. While all versions of Microsoft Windows the worm touched in the attack were compromised, a number of Windows XP machines crashed and failed to restart: despite its renewed potency, the programmers behind Qbot hadn’t built their bot to be compatible with older versions of Windows.

Created: 2026-02-23

Indicators

類似Pulses

The Return of Qbot (score: 0.92)
ISC 2015-12-30: Actor using Rig EK to deliver Qbot - update (score: 0.65)
Qakbot - A capable banking trojan (score: 0.63)
Threat Spotlight: The Return of Qakbot Malware (score: 0.60)
MTA 2015-12-31: ACTOR USING RIG EK TO DELIVER QBOT (score: 0.58)

このPulseに関連する脅威アクター (事実ベース)

Gamaredon Group

Score: 6.94

Matched TTPs:

T1001 - Data Obfuscation
T1102.002 - Bidirectional Communication

MITREへのリンク →

Gorgon Group

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

Threat Group-3390

Score: 6.97

Matched TTPs:

T1055.012 - Process Hollowing
T1189 - Drive-by Compromise
T1027.002 - Software Packing

MITREへのリンク →

Patchwork

Score: 6.97

Matched TTPs:

T1055.012 - Process Hollowing
T1189 - Drive-by Compromise
T1027.002 - Software Packing

MITREへのリンク →

BlackByte

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

TA2541

Score: 7.95

Matched TTPs:

T1055.012 - Process Hollowing
T1573.002 - Asymmetric Cryptography
T1027.002 - Software Packing

MITREへのリンク →

menuPass

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

Kimsuky

Score: 18.33

Matched TTPs:

T1055.012 - Process Hollowing
T1218.010 - Regsvr32
T1102.002 - Bidirectional Communication
T1027.002 - Software Packing
T1587 - Develop Capabilities
T1588.005 - Exploits

MITREへのリンク →

Cobalt Group

Score: 5.49

Matched TTPs:

T1218.010 - Regsvr32
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Storm-0501

Score: 4.80

Matched TTPs:

T1218.010 - Regsvr32
T1027.002 - Software Packing

MITREへのリンク →

Leviathan

Score: 7.34

Matched TTPs:

T1218.010 - Regsvr32
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

APT32

Score: 4.51

Matched TTPs:

T1218.010 - Regsvr32
T1189 - Drive-by Compromise

MITREへのリンク →

APT19

Score: 4.51

Matched TTPs:

T1218.010 - Regsvr32
T1189 - Drive-by Compromise

MITREへのリンク →

APT37

Score: 4.16

Matched TTPs:

T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise

MITREへのリンク →

Lazarus Group

Score: 7.00

Matched TTPs:

T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

APT39

Score: 4.45

Matched TTPs:

T1102.002 - Bidirectional Communication
T1027.002 - Software Packing

MITREへのリンク →

Magic Hound

Score: 4.16

Matched TTPs:

T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise

MITREへのリンク →

Turla

Score: 10.62

Matched TTPs:

T1102.002 - Bidirectional Communication
T1555.004 - Windows Credential Manager
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Sandworm Team

Score: 5.23

Matched TTPs:

T1102.002 - Bidirectional Communication
T1584.004 - Server

MITREへのリンク →

APT28

Score: 8.70

Matched TTPs:

T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1669 - Wi-Fi Networks

MITREへのリンク →

ZIRCONIUM

Score: 4.45

Matched TTPs:

T1102.002 - Bidirectional Communication
T1027.002 - Software Packing

MITREへのリンク →

Medusa Group

Score: 4.80

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1027.002 - Software Packing

MITREへのリンク →

OilRig

Score: 6.37

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1555.004 - Windows Credential Manager

MITREへのリンク →

APT29

Score: 11.13

Matched TTPs:

T1090.004 - Domain Fronting
T1651 - Cloud Administration Command
T1027.002 - Software Packing

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Wizard Spider

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Earth Lusca

Score: 4.60

Matched TTPs:

T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

APT38

Score: 3.82

Matched TTPs:

T1189 - Drive-by Compromise
T1027.002 - Software Packing

MITREへのリンク →

Dragonfly

Score: 4.60

Matched TTPs:

T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Dark Caracal

Score: 3.82

Matched TTPs:

T1189 - Drive-by Compromise
T1027.002 - Software Packing

MITREへのリンク →

Elderwood

Score: 3.82

Matched TTPs:

T1189 - Drive-by Compromise
T1027.002 - Software Packing

MITREへのリンク →

Mustard Tempest

Score: 6.30

Matched TTPs:

T1189 - Drive-by Compromise
T1608.006 - SEO Poisoning

MITREへのリンク →

Daggerfly

Score: 4.60

Matched TTPs:

T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Volt Typhoon

Score: 4.89

Matched TTPs:

T1027.002 - Software Packing
T1584.004 - Server

MITREへのリンク →

Contagious Interview

Score: 3.84

Matched TTPs:

T1587 - Develop Capabilities

MITREへのリンク →

Moonstone Sleet

Score: 3.84

Matched TTPs:

T1587 - Develop Capabilities

MITREへのリンク →

Ember Bear

Score: 4.13

Matched TTPs:

T1588.005 - Exploits

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.74

Matched TTPs:

T1027.002 - Software Packing
T1102.002 - Bidirectional Communication
T1588.005 - Exploits
T1218.010 - Regsvr32
T1587 - Develop Capabilities
T1055.012 - Process Hollowing

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る