Maldoc malware campaign delivering the QakBot/QBot banking trojan through zipping Word documents

Friday, August 21st, 2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

Intelligence Briefing

Malware

Maldoc malware campaign delivering the QakBot/QBot banking trojan through zipping Word documents

This particular campaign features a ZIP file; within the ZIP attachment is a Word document that includes macros within the document. These macros execute a PowerShell script that then downloads the Qakbot payload from specific URLs. This particular campaign also includes two new techniques: a bypass of the content disarm and reconstruction (CDR) technology through zipping the Word document, and a bypass of child-pattern pattern detection because Visual Basic is executed using Explorer. Learn more >

Blueliv Intelligence Briefing

Your cybersecurity news summary

Intelligence Briefing

Malware

Blueliv Intelligence Briefing

Your cybersecurity news summary

Intelligence Briefing Malware

Intelligence Briefing

Malware