Mallard Spider

Description

(The Hacker News) First documented in 2008, Qbot (aka QuakBot, QakBot, or Pinkslipbot) has evolved over the years from an information stealer to a ‘Swiss Army knife’ adept in delivering other kinds of malware, including Prolock ransomware, and even remotely connect to a target’s Windows system to carry out banking transactions from the victim’s IP address.

Attackers usually infect victims using phishing techniques to lure victims to websites that use exploits to inject Qbot via a dropper.

QakBot has been observed to be distributed by Emotet (operated by Mummy Spider, TA542).

Names

NameName-Giver
Mallard SpiderCrowdStrike
Gold LagoonSecureWorks

Country

Motivation

  • Financial crime
  • Financial gain

First Seen

2008

Tools

Operations

Information

Other Information

Uuid

4233110f-f984-47ac-80fe-7988a4916505

Last Card Change

2021-08-10