2020-01-29 - QBOT (QAKBOT) INFECTION

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2020-01-29-Qbot-IOCs.txt.zip   1.6 kB (1,613 bytes)

• 2020-01-29-Qbot-IOCs.txt   (3,328 bytes)

• 2020-01-29-Qbot-infection-traffic.pcap.zip   39.8 MB (39,784,569 bytes)

• 2020-01-29-Qbot-infection-traffic.pcap   (53,173,810 bytes)

• 2020-01-29-malware-and-artifacts-from-Qbot-infection.zip   5.0 MB (4,957,868 bytes)

• 2020-01-29-Calc.exe-copied-to-overwrite-initial-Qbot-EXE.bin   (26,112 bytes)
• 2020-01-29-Qbot-EXE-persistent-on-infected-Windows-host.bin   (339,968 bytes)
• 2020-01-29-VBS-file-extracted-from-downloaded-zip-archive.txt   (4,315,240 bytes)
• 2020-01-29-initial-Qbot-EXE-retrieved-by-VBS-file.bin   (475,136 bytes)
• 2020-01-29-registry-update-caused-by-Qbot.txt   (810 bytes)
• 2020-01-29-zip-archive-retrieved-from-link-in-Qbot-malspam.zip   (2,184,158 bytes)

 

IMAGES

Shown above:  Traffic from the infection filtered in Wireshark.

 

Click here to return to the main page.