216.73.216.226

Squirrelwaffle

The MITRE Corporation · Published 09/08/2022 18:45 · Modified 27/03/2026 01:03 Family

Essential information

Confidence
100/100
Is family
Yes
Published
09/08/2022 18:45
Modified
27/03/2026 01:03
Revoked
No
Author / Source
The MITRE Corporation
Related entities
21 attack patterns (mitre)

Description

[Squirrelwaffle](https://attack.mitre.org/software/S1030) is a loader that was first seen in September 2021. It has been used in spam email campaigns to deliver additional malware such as [Cobalt Strike](https://attack.mitre.org/software/S0154) and the [QakBot](https://attack.mitre.org/software/S0650) banking trojan.(Citation: ZScaler Squirrelwaffle Sep 2021)(Citation: Netskope Squirrelwaffle Oct 2021)

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.