Everybody Gets One: QtBot Used to Distribute Trickbot and Locky
Unit 42 investigates QtBot downloader used to distribute Trickbot and Locky.
Posts created by: Brandon Young
StegBaus: Because Sometimes XOR Just Isn’t Enough
Unit 42 investigates the StegBaus loader which contained many advanced data hiding techniques and has been seen delivering numerous different commodity malware families.
Can I spam from here: An Unusually Clever Spambot Tests Blacklists
Unit 42 researchers recently observed an unusually clever spambot’s attempts to increase delivery efficacy by abusing reputation blacklist service APIs. Rather than sending spam as soon as the host is infected, the bot checks common blacklists to confirm its e-mails will actually be delivered, and if not, shuts itself down. This spambot, commonly downloaded by
Get updates on Unit 42
Sign up to receive the latest news, cyber threat intelligence and research from Unit 42
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.