Derp.ca

QakBot

Also known as: Oakboat, Pinkslipbot, Qbot, Quakbot

QBot is a modular information stealer also known as Qakbot or Pinkslipbot. It has been active for years since 2007. It has historically been known as a banking Trojan, meaning that it steals financial data from infected systems, and a loader using C2 servers for payload targeting and download.

Linked Threat Actors

GOLD CABIN

C2 Infrastructure

ISP/Residential97%
Hosting/VPS3%
Unknown1%

Last 7 days

May 8, 2026
C2 Hosts: 147

Further Reading

Secure Communications Blog

Explore expert insights on secure communications from BlackBerry — covering government, critical infrastructure, resilience, compliance, and trusted communications at scale.

blogs.blackberry.com
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)

More interesting and practical queries for identifying malware infrastructure.

embee-research.ghost.io
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)

More interesting and practical queries for identifying malware infrastructure.

embeeresearch.io
A Deep Dive into Packing Software CryptOne

A packing software called CryptOne became popular recently among some major threat actors. It was first reported by Fox-IT.

deepinstinct.com
Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself | Microsoft Security Blog

Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert human intelligence at every step of the attack chain and culminate in intentional business...

microsoft.com
The malware that usually installs ransomware and you need to remove right away

If you see any of these malware strains on your enterprise networks, stop everything you're doing and audit all systems.

zdnet.com
OneNote | ThreatLabz

Zscaler ThreatLabz team observed multiple OneNote malware campaign spreading RATs, Bankers, and Stealer category malware with multi-layer obfuscation.

zscaler.com