2021-10-01 (FRIDAY) - TR QAKBOT (QBOT) INFECTION WITH SPAMBOT ACTIVITY

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2021-10-01-TR-Qakbot-infection-wtih-spambot-acitvity.pcap.zip   53.7 MB   (53,672,818 bytes)
• 2021-10-01-TR-Qakbot-malware.zip   1.3 MB   (1,339,346 bytes)
• 2021-10-01-Qakbot-malspam-74-examples-from-spambot-traffic.zip   7.1 MB   (7,077,054 bytes)

NOTES:

• To make a smaller pcap, I had to stop before too much spambot activity occurred.
• However, this blog post includes a zip archive with 74 examples of malspam extracted from the pcap before I cut out most of the spambot activity.
• Although this infection is TR-distribution Qakbot, my infected Windows host spammed Obama-distribution Qakbot-based emails.

 

Click here to return to the main page.