
QakBot bb02: Trace the Loader DLL to its C2
A purchasing coordinator opened a phishing email, downloaded a password-protected archive, and ran a shortcut on the disk image hidden inside it. A signed Windows utility quietly registered a QakBot DLL, and the workstation started beaconing to addresses nobody recognized. Trace the bb02 wave from a phishing link through an ISO and the loader DLL handoff to the single TLS command-and-control endpoint the bot settled on.
Launches tomorrow
Friday, July 3, 2026 at 9:00 AM
Be ready the moment it drops — free forever.
Training Tools
What you'll investigate
6 objectives unlock when this operation goes live.
Be first when it launches
Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.
Get Started FreeNo credit card required — free forever