Skip to main content
QakBot bb02: Trace the Loader DLL to its C2 operation cover
COMING SOONBeginner

QakBot bb02: Trace the Loader DLL to its C2

A purchasing coordinator opened a phishing email, downloaded a password-protected archive, and ran a shortcut on the disk image hidden inside it. A signed Windows utility quietly registered a QakBot DLL, and the workstation started beaconing to addresses nobody recognized. Trace the bb02 wave from a phishing link through an ISO and the loader DLL handoff to the single TLS command-and-control endpoint the bot settled on.

30m
6 tasks
25 points
Free

Launches tomorrow

Jul 3, 2026

Friday, July 3, 2026 at 9:00 AM

Create your free account

Be ready the moment it drops — free forever.

Training Tools

SIEMFirewall

What you'll investigate

6 objectives unlock when this operation goes live.

1Triage the morning alert
2Trace the delivery
3Catch the execution handoff
4Recover the payload
5Pin the C2 beacon
6Classify the execution proxy

Be first when it launches

Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.

Get Started Free

No credit card required — free forever