QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature

This research investigates a recent QakBot phishing campaign's ability to evade Mark-of-the-Web (MoTW) security features, allowing for escape from the designated security zone and successful installation of malicious software on victim device.

REFERENCES: https://blog.eclecticiq.com/qakbot-malware-used-unpatched-vulnerability-to-bypass-windows-os-security-feature

https://www.eclecticiq.com/hubfs/_blogs/corporate-blog/2023/command-control-qakbot.txt

TAGS: qakbot , black basta , motw , qakbot loader , qakbot malware , loader , malware , qbot , phishing , LOLBAS , LOLBINS , MS Office macros

MALWARE FAMILIES: Black Basta, QakBot

ATT&CK IDS: T1102 - Web Service, T1574 - Hijack Execution Flow, T1564 - Hide Artifacts, T1068 - Exploitation for Privilege Escalation, T1027 - Obfuscated Files or Information, T1047 - Windows Management Instrumentation, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1204 - User Execution, T1218 - Signed Binary Proxy Execution, T1497 - Virtualization/Sandbox Evasion, T1566 - Phishing

QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature

Recent Posts

Comments

Privacy Policy

Service Terms and conditions

Tech Terms and conditions

Subscribe to Our Newsletter