BumbleBee Swarms with QakBot's Takedown

  |  Source: 
@Kostastsale - X

BumbleBee Swarms with QakBot's Takedown

Category: Malware Campaign | Industry: Global | Source: @Kostastsale - X

With the abrupt Qakbot hiatus, thanks to the FBI and international law enforcement, security researchers have noticed an uptick in BumbleBee malware distribution. A notable BumbleBee TTP was reported by security researcher and DFIR Report member, Kostas (@Kostastsale on X/Twitter). The command issued for the malware's initial entry utilized a command line (cmd) to map a network drive to a remote website, passing user credentials to download a file before disconnecting the network share. Subsequently, a 'forfiles' command was executed to search for files named 'notepad.exe' within a specific directory. For each discovered instance of 'notepad.exe,' the command '%cd%/0.exe' was invoked, implying some form of file manipulation or execution. The command concludes with the network drive being forcefully disconnected.

Get trending threats published weekly by the Anvilogic team.

Sign Up Now