2020-12-15 - QAKBOT (QBOT) INFECTION WITH COBALT STRIKE (BEACON)
- 2020-12-15-Qakbot-with-Cobalt-Strike-IOCs.txt.zip 1.4 kB (1,380 bytes)
- 2020-12-15-Qakbot-malspam-example-1549-UTC.eml.zip 29.1 kB (29,104 bytes)
- 2020-12-15-Qakbot-infection-part-1.pcap.zip 8.5 MB (8,496,628 bytes)
- 2020-12-15-Qakbot-infection-part-2-with-Cobalt-Strike.pcap.zip 31.2 MB (31,164,032 bytes)
- 2020-12-15-malware-from-Qakbot-infection.zip 55.9 kB (55,948 bytes)
- This post documents updated domains/IP addresses for Cobalt Strike activity from Qakbot, different than what I saw last week.
- All zip archives on this site are password-protected with the standard password. If you don't know it, see the "about" page of this website.
Shown above: Traffic from the Qakbot infection filtered in Wireshark.
Shown above: Cobalt Strike traffic seen hours after the initial Qakbot infection.
Click here to return to the main page.