API tools faq
paste
malware_traffic

2020-12-15 (Tues) - Cobalt Strike (Beacon) traffic associated with Qakbot (Qbot) infection

malware_traffic
Dec 18th, 2020
1,599
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.89 KB
raw download clone embed print report
  1. 2020-12-15 (TUESDAY) COBALT STRIKE (BEACON) TRAFFIC ASSOCIATED WITH QAKBOT (QBOT) INFECTION:
  2.  
  3. REFERENCES:
  4.  
  5. - https://www.malware-traffic-analysis.net/2020/12/15/index.html
  6. - https://twitter.com/malware_traffic/status/1339647762934194178
  7.  
  8. TRAFFIC:
  9.  
  10. - 172.241.27[.]244 port 443 - matesmapizza[.]com - HTTPS traffic
  11. - 172.241.27[.]244 port 80 - matesmapizza[.]com - GET /ga.js
  12. - 172.241.27[.]244 port 80 - matesmapizza[.]com - GET /updates.rss
  13. - 172.241.27[.]244 port 8888 - matesmapizza[.]com:8888 - GET /pixel
  14. - 172.241.27[.]244 port 80 - matesmapizza[.]com - POST /submit.php?id=[9-digit number]
  15. - 172.241.27[.]244 port 8888 - matesmapizza[.]com:8888 - POST /submit.php?id=[9-digit number]
  16.  
  17. - 185.125.206[.]173 port 8080 - travmeetlett[.]com - HTTPS traffic
  18. - 185.125.206[.]173 port 443 - travmeetlett[.]com:443 - GET /match
  19. - 185.125.206[.]173 port 443 - travmeetlett[.]com:443 - GET /dpixel
RAW Paste Data
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!