2021-05-21 (FRIDAY) - QAKBOT (QBOT) INFECTION WITH COBALT STRIKE

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2021-05-21-Qakbot-and-Cobalt-Strike-IOCs.txt.zip   1.2 kB   (1,233 bytes)
• 2021-05-21-Qakbot-malspam-1906-UTC.eml.zip   183 kB   (183,727 bytes)
• 2021-05-21-Qakbot-malware-and-artifacts.zip   781 kB   (781,309 bytes)
• 2021-05-21-Qakbot-infection-with-Cobalt-Strike.pcap.zip   21.7 MB   (21,697,032 bytes)

 

IMAGES

Shown above:  Example of email pushing Qakbot.

 

Shown above:  Spreadsheet extracted from zip attachment attached to the above email.

 

Shown above:  Traffic from the infection filtered in Wireshark.

 

Click here to return to the main page.