Is this host protected from Qakbot?

/static/assets/windows-logo.svg
CISA released an advisory in August 2022 on Qakbot, which has been observed as a banking trojan and used to form botnets. This TTP creates a scheduled task, modifies the registry, and creates a staging folder to emulate data collection and exfiltration. Protection from Qakbot is important because this malware serves as a delivery agent for ransomware.
locked
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.

Login

Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Is this host protected from Qakbot?

2022-08-15

/static/assets/windows-logo.svg
Emulates Qakbot's privilege escalation, defense evasion and data collection/exfiltration tactics.