2019-04-08 - QUICK POST: EMOTET INFECTION WITH QAKBOT
- 2019-04-08-Emotet-infection-with-Qakbot.pcap.zip 12.1 MB (12,112,097 bytes)
- 2019-04-08-alerts-from-Emotet-with-Qakbot.txt.zip 1.6 kB (1,577 bytes)
- 2019-04-08-Emotet-and-Qakbot-malware-and-artifacts.zip 671 kB (671,449 bytes)
- 2019-04-08-Emotet-and-Qakbot-indicators.txt.zip 1.2 kB (1,213 bytes)
NOTE: All zip archives and saz files are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Shown above: Some alerts from Sguil in Security Onion using Suricata and the EmergingThreats Pro (ETPRO) ruleset.
Shown above: Traffic from the infection filtered in Wireshark.
Shown above: FTP traffic from the infection caused by Qakbot.
Shown above: Email traffic from this infection, possibly caused by Qakbot.
Shown above: Another look at email traffic from this infection, possibly caused by Qakbot.
Shown above: Emotet and Qakbot made persistent on the infected Windows host.
Shown above: Qakbot malware from the infected Windows host.
Click here to return to the main page.