Researchers link a rash of recent Microsoft Active Directory lockouts to QakBot, a worm-like, information-stealing strain of malware that s been around since 2009. The latest iteration of the malware has been spreading through endpoints via a dropper that waits 10 to 15 minutes to execute in hopes of evading detection from sandboxes or anti-virus systems. Researchers say the malware is still as persistent as ever and has several mechanisms that can help it evade detection.
Source: https://threatpost.com/qakbot-returns-locking-out-active-directory-accounts/126071/