2017-11-07 - NECURS BOTNET MALSPAM PUSHES LOCKY (NO QTBOT/QTLOADER)

ASSOCIATED FILES:

• Zip archive of the pcap:  2017-11-07-Necurs-Botnet-malspam-pushes-Locky.pcap.zip   461 kB   (461,040 bytes)
• Zip archive of the email and artifacts:  2017-11-07-Necurs-Botnet-malspam-and-artifacts.zip   2.5 kB   (2,504 bytes)

NOTES:

• Some fellow researchers at Palo Alto Networks wrote a blog analyzing the 1st stage malware and called it "QtBot."  I've also seen it called "QtLoader."
• I haven't noticed any QtBot/QtLoader at all this week from Necurs Botnet malspam, but I haven't been looking very hard.

Shown above:  Chain of events I saw today for Necurs Botnet malspam.

 

IMAGES

 

 

 

 

 

 

 

FINAL NOTES

Once again, here are the associated files:

• Zip archive of the pcap:  2017-11-07-Necurs-Botnet-malspam-pushes-Locky.pcap.zip   461 kB   (461,040 bytes)
• Zip archive of the email and artifacts:  2017-11-07-Necurs-Botnet-malspam-and-artifacts.zip   2.5 kB   (2,504 bytes)

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.