2021-05-21 (FRIDAY) - QAKBOT (QBOT) INFECTION WITH COBALT STRIKE
ASSOCIATED FILES:
- 2021-05-21-Qakbot-and-Cobalt-Strike-IOCs.txt.zip 1.2 kB (1,233 bytes)
- 2021-05-21-Qakbot-malspam-1906-UTC.eml.zip 183 kB (183,727 bytes)
- 2021-05-21-Qakbot-malware-and-artifacts.zip 780 kB (780,141 bytes)
- 2021-05-21-Qakbot-infection-with-Cobalt-Strike.pcap.zip 21.7 MB (21,697,032 bytes)
NOTES:
- All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website.
IMAGES
Shown above: Example of email pushing Qakbot.
Shown above: Spreadsheet extracted from zip attachment attached to the above email.
Shown above: Traffic from the infection filtered in Wireshark.
Click here to return to the main page.