QBot malware operation examined

June 3, 2023

QBot malware, also known as QakBot and Pinkslipbot, has been leveraging an adaptable command-and-control infrastructure, with half of its servers only active for a week and a quarter only active for a day, according to The Hacker News. Residential IPs and compromised web servers, instead of virtual private servers, have been used by QBot to hide its C2 infrastructure, a report by Lumen Black Lotus Labs researchers Steve Rudd and Chris Formosa showed. Moreover, several infected bots are being transformed by QBot into proxies with the use of a backconnect server. Aside from upgrading its infrastructure, QBot has also enhanced its tactics to include HTML smuggling, and email threat takeovers. "Qakbot has persevered by adopting a field-expedient approach to build and develop its architecture. While it may not rely on sheer numbers like Emotet, it demonstrates technical craft by varying initial access methods and maintaining a resilient yet evasive residential C2 architecture," said researchers.

SC Staff

Vulnerability Management

AI Doomsday, Hot Robots, Google, palo Alto, Ivanti, CrushFTP, AI, Aaran Leyland… – SWN #465

April 4, 2025

AI Doomsday, Hot Robots, Google, palo Alto, Ivanti, CrushFTP, AI, Aaran Leyland, and More, on this edition of the Security Weekly News.

China Flag Made of Binary Code and Chinese Symbols on Red Backgr

Threat Intelligence

Updated attack arsenal flaunted by Mustang Panda

SC StaffApril 18, 2025

Chinese advanced persistent threat operation Mustang Panda, also known as Bronze President, Earth Preta, Basin, and Red Delta, has leveraged new ToneShell backdoor variants, the novel StarProxy tool, the Paklog and Corklog keyloggers, and SplatCloak EDR bypass driver in a new attack against a Myanmar-based organization, according to SecurityWeek.