2021-05-21 (FRIDAY) - QAKBOT (QBOT) INFECTION WITH COBALT STRIKE

ASSOCIATED FILES:

• 2021-05-21-Qakbot-and-Cobalt-Strike-IOCs.txt.zip   1.2 kB   (1,233 bytes)
• 2021-05-21-Qakbot-malspam-1906-UTC.eml.zip   183 kB   (183,727 bytes)
• 2021-05-21-Qakbot-malware-and-artifacts.zip   780 kB   (780,141 bytes)
• 2021-05-21-Qakbot-infection-with-Cobalt-Strike.pcap.zip   21.7 MB   (21,697,032 bytes)

NOTES:

• All zip archives on this site are password-protected.  If you don't know the password, see the "about" page of this website.

 

IMAGES

Shown above:  Example of email pushing Qakbot.

 

Shown above:  Spreadsheet extracted from zip attachment attached to the above email.

 

Shown above:  Traffic from the infection filtered in Wireshark.

 

Click here to return to the main page.