Pinkslipbot

Malware updated 2 months ago (2024-11-29T14:01:06.020Z)
Download STIX
Preview STIX
Pinkslipbot, also known as Qakbot, QBot or QuackBot, is a modular information-stealing malware that has been active since 2008. Initially emerging in 2007 as a banking trojan, it targeted financial institutions to steal sensitive data. Over the years, however, its functionality evolved and diversified, expanding its reach to various industries. The malware was linked to at least 40 ransomware attacks against global companies, healthcare providers, and government agencies, causing hundreds of millions of dollars in damage based on conservative estimates. In early April 2024, there was a significant increase in attacks using the QBot malware. It had become the initial access method of choice for several high-profile ransomware gangs, including REvil, Black Basta, Conti, Egregor, and MegaCortex. These cybercriminal groups utilized the advanced malware strain to prepare newly compromised networks for ransomware infestations. Additionally, techniques once used by the QakBot trojan were leveraged in a widespread phishing campaign involving the DarkGate and PikaBot strains, targeting various industries. However, in August 2023, the QakBot malware operation faced disruption by the FBI during a coordinated law enforcement effort codenamed Operation Duck Hunt. This operation resulted in the dismantling of the botnet, which had infected around 700,000 computers globally. Despite this setback, the tactics employed by the QakBot trojan live on in other malware attacks, demonstrating the persistent and evolving threat posed by such malicious software.
Description last updated: 2024-05-14T21:16:09.873Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Qbot is a possible alias for Pinkslipbot. Qbot, also known as Qakbot or Pinkslipbot, is a sophisticated malware that initially emerged in 2007 as a banking trojan. It has since evolved into an advanced strain used by various cybercriminal groups to infiltrate networks and prepare them for ransomware attacks. The first known use of an ITG23
11
QakBot is a possible alias for Pinkslipbot. Qakbot is a type of malware, or malicious software, that infiltrates computer systems to exploit and damage them. This harmful program can infect devices through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt ope
9
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Trojan
Ransomware
Phishing
Fraud
Malware Loader
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Pinkslipbot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Krebs on Security
8 months ago
CERT-EU
a year ago
Securityaffairs
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago