| Alias Description | Votes |
|---|---|
| Qbot is a possible alias for QakBot. Qbot, also known as Qakbot or Pinkslipbot, is a modular information stealer malware that first emerged in 2007 as a banking trojan. Its evolution has seen it become an advanced strain of malware used by multiple cybercriminal groups to prepare compromised networks for ransomware infestations. The fi | 15 |
| Black Basta is a possible alias for QakBot. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defenses | 12 |
| IcedID is a possible alias for QakBot. IcedID is a malicious software (malware) that has been implicated in numerous cybercrime campaigns. It has been associated with other notable malware such as Qakbot, BazarLoader, CobaltStrike, Conti, Gozi, Trickbot, Quantum, Emotet, Pikabot, and SystemBC. Its distribution often involves the use of d | 9 |
| Emotet is a possible alias for QakBot. Emotet is a notorious malware, short for malicious software, that is designed to exploit and damage computers or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, | 9 |
| Pinkslipbot is a possible alias for QakBot. Pinkslipbot, also known as Qakbot, QBot or QuackBot, is a modular information-stealing malware that has been active since 2008. Initially emerging in 2007 as a banking trojan, it targeted financial institutions to steal sensitive data. Over the years, however, its functionality evolved and diversifi | 9 |
| Blackbasta is a possible alias for QakBot. BlackBasta is a notorious malware, particularly known for its ransomware attacks. The group behind it has been linked with other harmful software such as IcedID, NetSupport, Gozi, PikaBot, Pushdo, Quantum, Royal, and Nokoyawa. Artifacts and indicators of compromise (IoCs) suggest a possible relation | 4 |
| REvil is a possible alias for QakBot. REvil, also known as Sodinokibi, is a malicious software (malware) that operates on a Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, with first-stage malware like Dridex and Gootkit being linked to ransomware attacks such as BitPaymer and REvil respectively. Th | 3 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The Pikabot Malware is associated with QakBot. Pikabot is a type of malware that serves as a trojan, providing initial access to infected computers. This enables the execution of ransomware deployments, remote takeovers, and data theft. It is part of a wider array of malicious software, including IcedID, Qakbot, Gozi, DarkGate, AsyncRAT, JinxLoa | Unspecified | 9 |
| The malware Qakbot (Qbot is associated with QakBot. | Unspecified | 6 |
| The Darkgate Malware is associated with QakBot. DarkGate is a multifunctional malware that poses significant threats to computer systems and networks. It has been associated with various malicious activities such as information theft, credential stealing, cryptocurrency theft, and ransomware delivery. DarkGate infiltrates systems through suspicio | Unspecified | 6 |
| The TrickBot Malware is associated with QakBot. TrickBot is a notorious malware developed by cybercriminals to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software can steal personal information, disrupt operations, or even hold data hostage for ransom. Vladimir Dunaev, | Unspecified | 6 |
| The Brute Ratel Malware is associated with QakBot. Brute Ratel C4 (BRc4) is a potent malware that has been used in various cyber-attacks over the past 15 years. The malware infects systems through deceptive MSI installers, which deploy the BRc4 by disguising the payload as legitimate software such as vierm_soft_x64.dll under rundll32 execution. Vari | Unspecified | 5 |
| The Conti Malware is associated with QakBot. Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. Often spreading through suspicious downloads, emails, or websites, it can steal personal information, disrupt operations, or hold data hostage for ransom. Notably, Conti was linked to several ra | Unspecified | 5 |
| The Redline Malware is associated with QakBot. RedLine is a type of malware, a malicious software designed to exploit and damage computer systems. It often infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. RedLine has been favored by threat actor | Unspecified | 4 |
| The Bumblebee Malware is associated with QakBot. Bumblebee is a type of malware that has been linked to ITG23, a cyber threat group. Over the past year, it has been used in conjunction with other initial access malwares such as Emotet, IcedID, Qakbot, and Gozi during ITG23 attacks. The same values for self-signed certificates seen in Bumblebee hav | Unspecified | 4 |
| The Royal Ransomware Malware is associated with QakBot. Royal Ransomware is a form of malware that was active from September 2022 through June 2023. This malicious software, designed to exploit and damage computers or devices, would infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it could stea | Unspecified | 3 |
| The MegaCortex Malware is associated with QakBot. MegaCortex is a type of malware known for its harmful effects on computer systems and devices. It was identified by Dragos, a cybersecurity firm, as having a relationship with another ransomware called EKANS. Both MegaCortex and EKANS have specific characteristics that pose unique risks to industria | Unspecified | 3 |
| The Netsupport Malware is associated with QakBot. NetSupport is a legitimate remote access software that has been repurposed as malware by various cybercriminal groups. It has been observed in several high-profile cyber-attacks, including the Royal ransomware attack and operations conducted by former ITG23 members. The malware can infiltrate system | Unspecified | 3 |
| The Lockbit Malware is associated with QakBot. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit | Unspecified | 3 |
| The Dridex Malware is associated with QakBot. Dridex is a notorious malware, specifically a banking Trojan, designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software was primarily used by the Russian cybercriminal group, Evil Corp, founded in 2014. The group ta | Unspecified | 3 |
| The Netsupport Manager Malware is associated with QakBot. NetSupport Manager is a malicious software (malware) that infiltrates systems through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. The malware has been detected by InsightIDR Attacker Behavio | Unspecified | 3 |
| The Hive Malware is associated with QakBot. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostag | Unspecified | 3 |
| The Xworm Malware is associated with QakBot. XWorm is a sophisticated piece of malware designed to infiltrate and exploit computer systems, often without the user's knowledge. It can be delivered through various means such as suspicious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operati | Unspecified | 2 |
| The Batloader Malware is associated with QakBot. Batloader is a malware downloader posing as installers or updates for legitimate applications such as Microsoft Teams, Zoom, and others. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal | Unspecified | 2 |
| The Blackbasta Ransomware Malware is associated with QakBot. The BlackBasta ransomware group, a malicious entity linked to Russia, has been involved in numerous high-profile cyberattacks over the past 22 months. This malware, typically delivered via phishing emails, is designed to exploit and damage computer systems, often leading to data theft and disruption | Unspecified | 2 |
| The Egregor Malware is associated with QakBot. Egregor is a malicious software variant of the Sekhmet ransomware that operates on a Ransomware-as-a-Service (RaaS) model. It is speculated to be associated with former Maze affiliates, and is notorious for its double extortion tactics, which involve not only encrypting the victim's data but also pu | Unspecified | 2 |
| The Ursnif Malware is associated with QakBot. Ursnif, also known as Gozi or ISFB, is a type of malware that has been distributed by threat actor group TA551. This harmful software can infiltrate systems via suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even hold data for ra | Unspecified | 2 |
| The Cobaltstrike Malware is associated with QakBot. CobaltStrike is a type of malware, or malicious software, that infiltrates systems to exploit and damage them. It can gain access via suspicious downloads, emails, or websites and then steal personal information, disrupt operations, or hold data for ransom. CobaltStrike has been observed in conjunct | Unspecified | 2 |
| The Raspberry Robin Malware is associated with QakBot. Raspberry Robin is a sophisticated malware that uses advanced techniques to infiltrate and exploit computer systems. The malicious software is designed to stealthily enter a system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can wreak havoc by st | Unspecified | 2 |
| The Socgholish Malware is associated with QakBot. SocGholish is a malicious software (malware) that has been significantly prevalent in cyber threats over recent years. In 2022, it was observed being used in conjunction with the Parrot TDS to deliver the FakeUpdates downloader to unsuspecting visitors on compromised websites. By late 2022, Microsof | Unspecified | 2 |
| The Bazarloader Malware is associated with QakBot. BazarLoader is a type of malware developed by the TrickBot group, primarily used to gain initial access to a victim's infrastructure in ransomware attacks. This malware has been associated with various threat groups, including ITG23, which has used BazarLoader alongside other malware like Trickbot a | Unspecified | 2 |
| The Anubis Malware is associated with QakBot. Anubis, also known as IcedID or Bokbot, is a sophisticated piece of malware primarily functioning as a banking trojan. It was first discovered by X-Force in September 2017 and has since evolved to target a wide range of financial applications. Notably, Anubis has consistently ranked among the top fi | Unspecified | 2 |
| The Ragnar Locker Malware is associated with QakBot. Ragnar Locker is a type of malware, specifically ransomware, known for its destructive impact on computer systems. It infiltrates systems primarily through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or hold data hostage for rans | Unspecified | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The TA577 Threat Actor is associated with QakBot. TA577 is a threat actor, or malicious entity, known for its extensive use of QBot, a banking Trojan. In November 2023, Proofpoint's Threat Research Team identified TA577 as an initial access broker that began using Latrodectus, a new malware, in three separate intrusion campaigns. The group typicall | Unspecified | 4 |
| The Alphv Threat Actor is associated with QakBot. Alphv, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. Originating from Russia, this cybercriminal group has been involved in multiple high-profile ransomware attacks, specifically targeting healthcare providers. They gained significant attention after stealing 5TB | Unspecified | 3 |
| The Lapsus Group Threat Actor is associated with QakBot. The Lapsus Group, identified as a threat actor originating from North Korea, has been involved in various cybercriminal activities, primarily focusing on cryptocurrency theft. This group is known for its use of sophisticated tools such as RedLine and QakBot, which have been instrumental in their ope | Unspecified | 2 |
| The TA551 Threat Actor is associated with QakBot. TA551, also known as Hive0106, Shathak, and UNC2420, is a financially motivated threat group that has been active in the cybercrime landscape. This threat actor has been linked to various malware distribution activities, including those involving QakBot, IcedID, Emotet, Bumblebee, Gozi, and other ma | Unspecified | 2 |
| The Conti Ransomware Gang Threat Actor is associated with QakBot. The Conti ransomware gang, a notorious threat actor in the cybersecurity landscape, has been responsible for extorting at least $180 million globally. The gang is infamous for the HSE cyberattack in 2021 and has been sanctioned by the National Crime Agency (NCA). In late 2021, experts suggested that | Unspecified | 2 |
| The Hive0106 Threat Actor is associated with QakBot. Hive0106, also known as TA551, is a notable threat actor recognized for its association with ITG23, another prominent entity in the cybercrime landscape. This partnership has been observed since mid-2021 by X-Force, a cybersecurity firm. Hive0106's primary role is as a distribution affiliate, delive | Unspecified | 2 |
| The Hive Ransomware Threat Actor is associated with QakBot. Hive ransomware, a prominent threat actor active in 2022, was known for its widespread malicious activities in numerous countries, including the US. The group's modus operandi involved the use of SharpRhino, which upon execution, established persistence and provided remote access to the attackers, e | Unspecified | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The vulnerability Darkgate/pikabot is associated with QakBot. | Unspecified | 2 |
| The Follina Vulnerability is associated with QakBot. Follina (CVE-2022-30190) is a software vulnerability that was discovered and exploited in the first half of 2022. It was weaponized by TA413, a malicious entity known for its cyber attacks, shortly after its discovery and publication. The vulnerability was used to target the Sophos Firewall product, | Unspecified | 2 |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| CERT-EU | 8 months ago | ||
| DARKReading | 2 months ago | ||
| Securelist | 3 months ago | ||
| InfoSecurity-magazine | 3 months ago | ||
| BankInfoSecurity | 3 months ago | ||
| CISA | 3 months ago | ||
| Securityaffairs | 3 months ago | ||
| Securityaffairs | 4 months ago | ||
| DARKReading | 4 months ago | ||
| CERT-EU | a year ago | ||
| CERT-EU | 9 months ago | ||
| Securityaffairs | 4 months ago | ||
| Securityaffairs | 4 months ago | ||
| Securityaffairs | 4 months ago | ||
| Securityaffairs | 4 months ago | ||
| Securityaffairs | 4 months ago | ||
| Unit42 | 4 months ago | ||
| Recorded Future | 4 months ago | ||
| Securityaffairs | 5 months ago | ||
| Securityaffairs | 5 months ago |