Is this host protected from Qakbot?

CISA released an advisory in August 2022 on Qakbot, which has been observed as a banking trojan and used to form botnets. This TTP creates a scheduled task, modifies the registry, and creates a staging folder to emulate data collection and exfiltration. Protection from Qakbot is important because this malware serves as a delivery agent for ransomware.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Is this host protected from Qakbot?


Emulates Qakbot's privilege escalation, defense evasion and data collection/exfiltration tactics.