ffforward : We saw new #Qbot #Qakbot 'tchk07' from PDF

Tommy M (TheAnalyst)

@ffforward

+ Follow

Threat Researcher @proofpoint | @Cryptolaemus1

calendar_today14-05-2010 12:22:18

4,4K Tweets

14,0K Followers

193 Following

Tommy M (TheAnalyst)

@ffforward

4 months ago

We saw new #Qbot #Qakbot 'tchk07' from PDF > URLs today. MSI > AdobeAC.dll w/ export EditOwnerInfo.
This is still very low volume and targeted.
Huge shout out to our fantastic Myrtus for the RE and config extraction. IOCs in original thread.
Samples:
bazaar.abuse.ch/browse/tag/tch…

account_circle