2020-12-07 - QAKBOT (QBOT) INFECTION WITH COBALT STRIKE (BEACON) AND SPAMBOT ACTIVITY
ASSOCIATED FILES
- 2020-12-07-Qakbot-with-Cobalt-Strike-IOCs.txt.zip kB (2,312 bytes)
- 2020-12-07-Qakbot-with-Cobalt-Strike-and-spambot-activity.pcap.zip 13.9 MB (13,850,352 bytes)
- 2020-12-07-Qakbot-malspam-7-examples-from-pcap.zip 152 kB (151,624 bytes)
- 2020-12-07-zip-attachments-from-malspam-7-examples.zip 138 kB (138,068 bytes)
- 2020-12-07-extracted-spreadsheet-from-zip-attachments-7-examples.zip 138 kB (137,711 bytes)
- 2020-12-08-start-of-new-Qakbot-infection.pcap.zip 15.4 MB (15,360,501 bytes)
- 2020-12-08-Qakbot-DLL-after-running-Excel-macro.zip 2.7 kB (2,655 bytes)
NOTES:
- All zip archives on this site are password-protected with the standard password. If you don't know it, see the "about" page of this website.
IMAGES
Shown above: Some of the traffic filtered in Wireshark.
Shown above: Emails from spambot traffic in the pcap.
Shown above: One of the emails extracted from spambot traffic in the pcap.
Shown above: Traffic from the start of a new Qakbot infection on another Windows host.
Click here to return to the main page.