2021-02-12 (FRIDAY) - QAKBOT (QBOT) INFECTION WITH COBALT STRIKE
ASSOCIATED FILES:
- 2021-02-12-IOCs-for-Qakbot-with-Cobalt-Strike.txt.zip   1.7 kB   (1,665 bytes)
- 2021-02-12-IOCs-for-Qakbot-with-Cobalt-Strike.txt (2,628 bytes)
- 2021-02-12-Qakbot-malspam-French-language-1611-UTC.eml.zip   296 kB   (295,715 bytes)
- 2021-02-12-Qakbot-malspam-French-language-1611-UTC.eml (448,665 bytes)
- 2021-02-12-Qakbot-infection-with-Cobalt-Strike.pcap.zip   35.8 MB   (35,780,278 bytes)
- 2021-02-12-Qakbot-infection-with-Cobalt-Strike.pcap (39,542,354 bytes)
- 2021-02-12-Qakbot-malware.zip   280 kB   (279,738 bytes)
- directly (76).xls (325,632 bytes)
- kdfe.vbox (473,600 bytes)
NOTE:
- All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website.
IMAGES
Shown above: Traffic from the infection filtered in Wireshark showing Qakbot infection activity.
Shown above: Traffic from the infection filtered in Wireshark showing Cobalt Strike caused by the Qakbot infection.
Shown above: More Cobalt Strike on the same IP address but using "www.amazon.com" as the domain (NOTE: this is not actually amazon.com).
Click here to return to the main page.