Pinkslipbot

Malware updated 4 months ago (2024-05-14T21:17:32.273Z)

Download STIX

Preview STIX

Pinkslipbot, also known as Qakbot, QBot or QuackBot, is a modular information-stealing malware that has been active since 2008. Initially emerging in 2007 as a banking trojan, it targeted financial institutions to steal sensitive data. Over the years, however, its functionality evolved and diversified, expanding its reach to various industries. The malware was linked to at least 40 ransomware attacks against global companies, healthcare providers, and government agencies, causing hundreds of millions of dollars in damage based on conservative estimates. In early April 2024, there was a significant increase in attacks using the QBot malware. It had become the initial access method of choice for several high-profile ransomware gangs, including REvil, Black Basta, Conti, Egregor, and MegaCortex. These cybercriminal groups utilized the advanced malware strain to prepare newly compromised networks for ransomware infestations. Additionally, techniques once used by the QakBot trojan were leveraged in a widespread phishing campaign involving the DarkGate and PikaBot strains, targeting various industries. However, in August 2023, the QakBot malware operation faced disruption by the FBI during a coordinated law enforcement effort codenamed Operation Duck Hunt. This operation resulted in the dismantling of the botnet, which had infected around 700,000 computers globally. Despite this setback, the tactics employed by the QakBot trojan live on in other malware attacks, demonstrating the persistent and evolving threat posed by such malicious software.

Description last updated: 2024-05-14T21:16:09.873Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Qbot	11	Qbot, also known as Qakbot or Pinkslipbot, is a modular information-stealing malware that emerged in 2007 as a banking trojan. Over the years, it has evolved into an advanced malware strain used by multiple cybercriminal groups to compromise networks and prepare them for ransomware attacks. The firs
QakBot	9	Qakbot is a type of malware that has been linked to various cybercriminal activities, with its presence first observed as early as 2020. It gained notoriety for its role in the operations of the Black Basta ransomware group, which used Qakbot extensively in sophisticated phishing campaigns. The malw

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Trojan

Ransomware

Phishing

Fraud

Malware Loader

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Pinkslipbot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Krebs on Security	4 months ago	Patch Tuesday, May 2024 Edition
CERT-EU	8 months ago	The law enforcement operations targeting cybercrime in 2023
Securityaffairs	9 months ago	Qakbot is back and targets the Hospitality industry
Securityaffairs	9 months ago	Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022
CERT-EU	9 months ago	More than $100 million in ransom paid to Black Basta gang over nearly 2 years \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	10 months ago	Increasingly prevalent NetSupport RAT infections reported
CERT-EU	10 months ago	QakBot trojan tactics live on in DarkGate, PikaBot malware attacks
CERT-EU	10 months ago	DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks
CERT-EU	a year ago	Formbook Takes the Throne as Most Prevalent Malware
CERT-EU	a year ago	QakBot threat actors are still operational after the August takedown \| #cybercrime \| #infosec \| National Cyber Security Consulting
CERT-EU	a year ago	QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
Securityaffairs	a year ago	QakBot threat actors are still operational after the August takedown
CERT-EU	a year ago	QakBot threat actors are still operational after the August takedown
CERT-EU	a year ago	Ransomware gang QakBot resurfaces after Feds’ botnet takedown
InfoSecurity-magazine	a year ago	Qakbot Gang Still Active Despite FBI Takedown
CERT-EU	a year ago	Qakbot Hackers Continue to Push Malware After Takedown Attempt
CERT-EU	a year ago	Operation Duck Hunt: Multinational Operation Dismantles Qakbot Botnet - IT Governance USA Blog
CERT-EU	a year ago	Le top 5 des actus cybersécurité (6 septembre 2023) • Cybersécurité
CERT-EU	a year ago	Industry Reactions to Qakbot Botnet Disruption: Feedback Friday \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	Qakbot forced offline, but history suggests it probably won’t be forever - TechCentral.ie