QakBot (also known as QBot, QuakBot, and Pinkslipbot) is a modular banking trojan and malware distribution platform active since 2008. It evolved into a major initial access broker delivering ransomware payloads. Despite an FBI-led takedown (Operation Duck Hunt) in August 2023, QakBot activity has resurfaced with new variants.

QakBot / Qbot

QakBot / Qbot (also known as QakBot, Qbot, QuackBot, Pinkslipbot) is a botnet active since 2007. Long-running banking botnet. Key characteristics include: web injects, email thread hijacking, lateral movement, Operation Duck Hunt Aug 2023 takedown, revived.

Overview & Background

Long-running banking botnet. First identified in 2007, this threat is attributed to eCrime.

Threat Assessment

QakBot remains an active threat. Organizations should implement detection rules and monitor for indicators associated with this botnet.

Category: Botnet
Active since: 2007
Attribution: eCrime
Also known as: QakBot, Qbot, QuackBot, Pinkslipbot

Technical Analysis

QakBot employs the following capabilities and techniques:

Web Injects: Core functionality
Email Thread Hijacking: Core functionality
Lateral Movement: Core functionality
Operation Duck Hunt Aug 2023 Takedown: Core functionality
Revived: Core functionality

MITRE ATT&CK Mapping

Tactic	Technique	Usage
Initial Access	T1566.001 Phishing Attachment	Common delivery vector
Execution	T1204.002 Malicious File	User-triggered execution
Persistence	T1547.001 Registry Run Keys	Autostart persistence
Defense Evasion	T1027 Obfuscated Files	Payload obfuscation
C2	T1071.001 Web Protocols	HTTP/HTTPS C2

Detection & Defense

Endpoint detection: Deploy behavioral detection rules for QakBot indicators
Network monitoring: Monitor for C2 traffic patterns and anomalous connections
Threat intelligence: Track QakBot IOCs and campaign updates
Security awareness: Train users to recognize phishing and social engineering
Patch management: Keep systems updated to prevent exploitation

Defend Against QakBot

Mjolnir Security provides detection and response capabilities against QakBot and similar threats.

Threat DetectionIncident ResponseThreat HuntingMDR ServicesThreat Intelligence

Proactive Threat Hunting Hunt for QakBot indicators and TTPs within your environment.
Threat Intelligence Monitor QakBot campaigns and infrastructure changes.
24/7 Incident Response Rapid containment and forensic investigation. Call +1 833 403 5875.

Written by: Mjolnir Security  |  Published: August 18, 2025

Overview & Background

Technical Analysis

MITRE ATT&CK Mapping

Detection & Defense

Defend Against QakBot

Tofsee: Modular Spam Botnet

Emotet: Modular Botnet