SANS IR Summit 2023 Q1

[SANS Webinar]

Converging Incident Response &
Detection Engineering
for Qbot

Traditionally, notable information stealer Qbot (aka Qakbot) was delivered via Macros, but as the tactics of threat actors continue to evolve, it has become increasingly difficult to accurately assess the scope of an incident caused by this prolific malware. In today’s post-macro world, attackers use HTML smuggling to deliver Qbot through a chain of executions involving ISO, ZIP, DLL, and LNK files.

In this session, equip yourself with the tools and knowledge needed to respond effectively to Qbot attacks, and learn how to close the loop for better detection and response strategies. We will take you through an in-depth analysis of Qbot threats, providing valuable insights on identifying and confirming an incident quickly.
Play Video

Covered in the webinar:

In_depth_analysis_1
How to minimize the impact of a Qbot attack on your organization
Machine_Learning.png
How a defense-in-depth approach can keep security teams one step ahead of the evolving threat landscape
Streamline_V3
How incident response can inform detection engineering functions to improve overall security.

About The Speakers

Now what? See VMRay in action:

VMRay has been working hard to get it easy to use for every customer! Check out our latest out-of-the-box integrations which make it easy to augment your security stack:
Play Video

How VMRay Analyzer can
make a real difference

VMRay is our deep sandbox that helped us reduce manual analyses by 90%.
Global Top 3
Cybersecurity Consulting Company
Manual analysis of a huge number of submissions was time-consuming. With VMRay, we are able to handle this task with ease in an automated way.
Leading Global Tech Company
Technology Industry
VMRay provided the fully automated detection capabilities that were crucial to speed up our incident response process and shorten investigation.
Major Telecom Company
Telecommunications Industry
Previous slide
Next slide
Advanced_Detection_2.png
Uncover the most sophisticated threats.

Detect threats that other security controls miss

VMRay platform observes and monitors detonation from outside the environment, allowing safe detonation and granular analysis of IOCs.
Fast-1.png
Save time for your SOC analysts.

Detect and respond faster with less effort

VMRay Analyzer is built to automate SOC processes, optimizing automated alert triage and threat intelligence submissions to TIPs With noise-free reports and reliable verdicts.
Post_Processing-1.png
Maximize ROI of your security investments.

Unlock the full potential of your existing cybersecurity solutions

VMRay Analyzer filters out false positives and enriches reports with actionable insights. Built-in API connectors enable seamless integrations with all popular XDR/EDR / SOAR platforms.

World’s best trust us
for a reason

Cyber Security Team Lead
Leading Global Tech Company

Manual analysis of a huge number of submissions was time-consuming. With VMRay, we are able to handle this task with ease in an automated way. This creates enormous value for our company, customers and partners.

Threat Intelligence Team
Top 10 Global Technology Brand

VMRay’s data quality and rich API allowed us to automate our reverse engineering and data extraction tasks in a way no other vendor was able to provide.

Threat Research Team
Carbon Black

What our team loves about VMRay is the ability to quickly triage a lot of malicious samples by providing a wide variety of targets, configurations and applications out of the box.

Calculate how much malware false positives are costing your organization:
Malware False Positive Cost Calculator