Threat Watch

Emotet Delivers Qakbot:

In the past few weeks, the prolific malspam botnet Emotet has made a resurgence after a months-long hiatus. Emotet primarily serves as a loader for other malware, and has been known to usually deliver Trickbot. Today, Emotet dropped Qakbot, which is fairly uncommon compared to the normal Trickbot distributions. Binary Defense analysts tracking Qakbot observed distribution via direct email stop approximately four weeks ago, which indicates that the Qakbot operators may be experimenting with a new model of distribution by paying for installs on Emotet bots.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

As Emotet is primarily distributed using email, Binary Defense recommends that companies implement email threat scanning and protection, while advising employees to use caution when opening documents contained in email, especially if the email is something vague like an invoice for a company that the employee has never worked with. Companies should also implement endpoint security monitoring of workstations and servers to detect and quickly respond to threats that make it past filters and watchful employees. Additionally, IP addresses for all Qakbot Command and Control (C2) servers have been added to Binary Defense’s Open Threat Exchange (OTX) channel: https://otx.alienvault.com/user/BinaryDefense/pulses.

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support