TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
released on 2022-06-10 @ 10:29:07 AM
A threat actor designated by Proofpoint as TA570 routinely pushes Qakbot (Qbot) malware. Malicious DLL files used for Qakbot infections contain a tag indicating their specific distribution channel. Qakbot DLL samples tagged "obama" like "obama186" or "obama187" indicate a distribution channel from TA570 that uses thread-hijacked emails. On Tuesday 2022-06-07, Proofpoint and various researchers like @pr0xylife and @k3dg3 reported TA570 Qakbot distribution included Word documents using the CVE-2022-30190 (Follina) exploit (ms-msdt).