top of page
Search

QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature

This research investigates a recent QakBot phishing campaign's ability to evade Mark-of-the-Web (MoTW) security features, allowing for escape from the designated security zone and successful installation of malicious software on victim device.


REFERENCES: https://blog.eclecticiq.com/qakbot-malware-used-unpatched-vulnerability-to-bypass-windows-os-security-feature



MALWARE FAMILIES: Black Basta, QakBot


ATT&CK IDS: T1102 - Web Service, T1574 - Hijack Execution Flow, T1564 - Hide Artifacts, T1068 - Exploitation for Privilege Escalation, T1027 - Obfuscated Files or Information, T1047 - Windows Management Instrumentation, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1204 - User Execution, T1218 - Signed Binary Proxy Execution, T1497 - Virtualization/Sandbox Evasion, T1566 - Phishing


Read More:

0 views
bottom of page