2020-12-07 - QAKBOT (QBOT) INFECTION WITH COBALT STRIKE (BEACON) AND SPAMBOT ACTIVITY

ASSOCIATED FILES

NOTES:

 

IMAGES


Shown above:  Some of the traffic filtered in Wireshark.

 


Shown above:  Emails from spambot traffic in the pcap.

 


Shown above:  One of the emails extracted from spambot traffic in the pcap.

 


Shown above:  Traffic from the start of a new Qakbot infection on another Windows host.

 

Click here to return to the main page.