malware_traffic

2020-12-15 (Tues) - Cobalt Strike (Beacon) traffic associated with Qakbot (Qbot) infection

Dec 18th, 2020
1,599
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2020-12-15 (TUESDAY) COBALT STRIKE (BEACON) TRAFFIC ASSOCIATED WITH QAKBOT (QBOT) INFECTION:
  2.  
  3. REFERENCES:
  4.  
  5. - https://www.malware-traffic-analysis.net/2020/12/15/index.html
  6. - https://twitter.com/malware_traffic/status/1339647762934194178
  7.  
  8. TRAFFIC:
  9.  
  10. - 172.241.27[.]244 port 443 - matesmapizza[.]com - HTTPS traffic
  11. - 172.241.27[.]244 port 80 - matesmapizza[.]com - GET /ga.js
  12. - 172.241.27[.]244 port 80 - matesmapizza[.]com - GET /updates.rss
  13. - 172.241.27[.]244 port 8888 - matesmapizza[.]com:8888 - GET /pixel
  14. - 172.241.27[.]244 port 80 - matesmapizza[.]com - POST /submit.php?id=[9-digit number]
  15. - 172.241.27[.]244 port 8888 - matesmapizza[.]com:8888 - POST /submit.php?id=[9-digit number]
  16.  
  17. - 185.125.206[.]173 port 8080 - travmeetlett[.]com - HTTPS traffic
  18. - 185.125.206[.]173 port 443 - travmeetlett[.]com:443 - GET /match
  19. - 185.125.206[.]173 port 443 - travmeetlett[.]com:443 - GET /dpixel
RAW Paste Data