Mallard Spider - Threat Group Cards: A Threat Actor Encyclopedia Archived: 2026-04-05 13:06:51 UTC Home > List all groups > Mallard Spider APT group: Mallard Spider Names Mallard Spider (CrowdStrike) Gold Lagoon (SecureWorks) Country [Unknown] Motivation Financial crime, Financial gain First seen 2008 Description (The Hacker News) First documented in 2008, Qbot (aka QuakBot, QakBot, or Pinkslipbot) has evolved over the years from an information stealer to a 'Swiss Army knife' adept in delivering other kinds of malware, including Prolock ransomware, and even remotely connect to a target's Windows system to carry out banking transactions from the victim's IP address. Attackers usually infect victims using phishing techniques to lure victims to websites that use exploits to inject Qbot via a dropper. QakBot has been observed to be distributed by Emotet (operated by Mummy Spider, TA542). Observed Tools used Egregor, Mimikatz, ProLock, QakBot. Operations performed Mar 2020 PwndLocker Fixes Crypto Bug, Rebrands as ProLock Ransomware Mar 2020 Ransomware Attack Renders LaSalle County Government Computers Unusable https://apt.etda.or.th/cgi-bin/showcard.cgi?u=4233110f-f984-47ac-80fe-7988a4916505 Page 1 of 3 Apr 2020 QBot malware is back replacing IcedID in malspam campaigns May 2020 FBI warns of ProLock ransomware decryptor not working properly May 2020 Ransomware Hit ATM Giant Diebold Nixdorf May 2020 ProLock Ransomware teams up with QakBot trojan for network access Aug 2020 Qbot steals your email threads again to infect other victims Sep 2020 FBI issues second alert about ProLock ransomware stealing data Sep 2020 ProLock ransomware increases payment demand and victim count Oct 2020 QBot uses Windows Defender Antivirus phishing bait to infect PCs Nov 2020 QBot phishing lures victims using US election interference emails Nov 2020 QBot partners with Egregor ransomware in bot-fueled attacks Dec 2020 Qbot malware switched to stealthy new Windows autostart method Information https://apt.etda.or.th/cgi-bin/showcard.cgi?u=4233110f-f984-47ac-80fe-7988a4916505 Page 2 of 3 Last change to this card: 10 August 2021 Download this actor card in PDF or JSON format Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=4233110f-f984-47ac-80fe-7988a4916505 https://apt.etda.or.th/cgi-bin/showcard.cgi?u=4233110f-f984-47ac-80fe-7988a4916505 Page 3 of 3