Pinkslipbot

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Pinkslipbot, also known as Qakbot, QBot or QuackBot, is a modular information-stealing malware that has been active since 2008. Initially emerging in 2007 as a banking trojan, it targeted financial institutions to steal sensitive data. Over the years, however, its functionality evolved and diversified, expanding its reach to various industries. The malware was linked to at least 40 ransomware attacks against global companies, healthcare providers, and government agencies, causing hundreds of millions of dollars in damage based on conservative estimates. In early April 2024, there was a significant increase in attacks using the QBot malware. It had become the initial access method of choice for several high-profile ransomware gangs, including REvil, Black Basta, Conti, Egregor, and MegaCortex. These cybercriminal groups utilized the advanced malware strain to prepare newly compromised networks for ransomware infestations. Additionally, techniques once used by the QakBot trojan were leveraged in a widespread phishing campaign involving the DarkGate and PikaBot strains, targeting various industries. However, in August 2023, the QakBot malware operation faced disruption by the FBI during a coordinated law enforcement effort codenamed Operation Duck Hunt. This operation resulted in the dismantling of the botnet, which had infected around 700,000 computers globally. Despite this setback, the tactics employed by the QakBot trojan live on in other malware attacks, demonstrating the persistent and evolving threat posed by such malicious software.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Qbot
11
Qbot, also known as Qakbot or Pinkslipbot, is a modular information-stealing malware that emerged in 2007 as a banking trojan. Over the years, it has evolved into an advanced malware strain used by multiple cybercriminal groups to compromise networks and prepare them for ransomware attacks. The firs
QakBot
9
Qakbot is a potent malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or e
REvil
1
REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot
Quackbot
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Trojan
Ransomware
Phishing
Malware Loader
Fraud
Loader
Remcos
Uk
Botnet
Ransom
Spam
Backdoor
Fbi
Windows
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
DarkgateUnspecified
1
DarkGate is a malicious software (malware) that poses significant threats to computer systems and data. It infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hos
PikabotUnspecified
1
PikaBot is a harmful malware that emerged in 2023, designed to exploit and damage computer systems. It infiltrates systems through dubious downloads, emails, or websites, often undetected by the user. Once inside a system, PikaBot can pilfer personal information, disrupt operations, or even ransom d
MegaCortexUnspecified
1
MegaCortex is a type of malware known for its harmful effects on computer systems and devices. It was identified by Dragos, a cybersecurity firm, as having a relationship with another ransomware called EKANS. Both MegaCortex and EKANS have specific characteristics that pose unique risks to industria
ContiUnspecified
1
Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in
Qakbot (QbotUnspecified
1
None
Black BastaUnspecified
1
Black Basta is a notorious malware entity known for its devastating ransomware attacks. First emerging in June 2022, the group has since been associated with a series of high-profile cyber-attacks worldwide. This malware, like others, infiltrates systems through suspicious downloads, emails, or webs
Raspberry RobinUnspecified
1
Raspberry Robin is a sophisticated malware that has been designed to exploit and damage computer systems. This malicious software infiltrates the system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once embedded, Raspberry Robin can steal personal information, di
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Pinkslipbot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Krebs on Security
2 months ago
Patch Tuesday, May 2024 Edition
CERT-EU
7 months ago
The law enforcement operations targeting cybercrime in 2023
Securityaffairs
7 months ago
Qakbot is back and targets the Hospitality industry
Securityaffairs
8 months ago
Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022
CERT-EU
8 months ago
More than $100 million in ransom paid to Black Basta gang over nearly 2 years | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
8 months ago
Increasingly prevalent NetSupport RAT infections reported
CERT-EU
8 months ago
QakBot trojan tactics live on in DarkGate, PikaBot malware attacks
CERT-EU
8 months ago
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks
CERT-EU
9 months ago
Formbook Takes the Throne as Most Prevalent Malware
CERT-EU
9 months ago
QakBot threat actors are still operational after the August takedown | #cybercrime | #infosec | National Cyber Security Consulting
CERT-EU
9 months ago
QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Securityaffairs
10 months ago
QakBot threat actors are still operational after the August takedown
CERT-EU
10 months ago
QakBot threat actors are still operational after the August takedown
CERT-EU
10 months ago
Ransomware gang QakBot resurfaces after Feds’ botnet takedown
InfoSecurity-magazine
10 months ago
Qakbot Gang Still Active Despite FBI Takedown
CERT-EU
10 months ago
Qakbot Hackers Continue to Push Malware After Takedown Attempt
CERT-EU
10 months ago
Operation Duck Hunt: Multinational Operation Dismantles Qakbot Botnet - IT Governance USA Blog
CERT-EU
a year ago
Le top 5 des actus cybersécurité (6 septembre 2023) • Cybersécurité
CERT-EU
a year ago
Industry Reactions to Qakbot Botnet Disruption: Feedback Friday | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
a year ago
Qakbot forced offline, but history suggests it probably won’t be forever - TechCentral.ie