MALWARE-OTHER --
MALWARE-OTHER Win.Trojan.IcedID variant binary download attempt
This rule will alert when a Qakbot (qbot) malware variant download is detected over the wire by looking for specific data contained within the malware sample.
This rule will alert when a Qakbot (qbot) malware variant download is detected over the wire.
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE::ATT&CK Framework::Enterprise::Initial Access::Drive-by Compromise
Rule Categories::Malware::Other
MITRE::ATT&CK Framework::Enterprise::Initial Access::Valid Accounts::Local Accounts
None
No information provided
None