# 2021-09-17 (FRIDAY) - SQUIRRELWAFFLE LOADER WITH COBALT STRIKE **malware-traffic-analysis.net/2021/09/17/index.html** ASSOCIATED FILES: [2021-09-17-IOCs-for-Squirrelwaffle-loader-with-Cobalt-Strike.txt.zip   3.6 kB](https://www.malware-traffic-analysis.net/2021/09/17/2021-09-17-IOCs-for-Squirrelwaffle-loader-with-Cobalt-Strike.txt.zip)   (3,563 bytes) [2021-09-17-Word-docs-for-Squirrelwaffle-Loader-10-examples.zip   1.3 MB](https://www.malware-traffic-analysis.net/2021/09/17/2021-09-17-Word-docs-for-Squirrelwaffle-Loader-10-examples.zip)   (1,347,448 bytes) [2021-09-17-Squirrelwaffle-loader-with-Cobalt-Strike.pcap.zip   7.0 MB  ](https://www.malware-traffic-analysis.net/2021/09/17/2021-09-17-Squirrelwaffle-loader-with-Cobalt-Strike.pcap.zip) (7,008,533 bytes) [2021-09-17-Squirrelwaffle-and-Cobalt-Strike-malware-and-artifacts.zip   558 kB](https://www.malware-traffic-analysis.net/2021/09/17/2021-09-17-Squirrelwaffle-and-Cobalt-Strike-malware-and-artifacts.zip)   (558,102 bytes) NOTES: See [2021-09-17-IOCs-for-Squirrelwaffle-loader-with-Cobalt-Strike.txt.zip for more info](https://www.malware-traffic-analysis.net/2021/09/17/2021-09-17-IOCs-for-Squirrelwaffle-loader-with-Cobalt-Strike.txt.zip) on Squirrelwaffle Loader and this specific infection. All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website. ## IMAGES _Shown above: Link for malicious zip archive from an email pushing Squirrelwaffle loader._ ----- _Shown above: Word doc extracted from downloaded zip archive._ _Shown above: Squirrelwaffle artifacts from an infected Windows host._ ----- _Shown above: Traffic from a Squirrelwaffle loader infection filtered in Wireshark._ _Shown above: Windows EXE for Cobalt Strike seen as follow-up malware._ _Shown above: Traffic filtered in Wireshark showing when Cobalt Strike activity started._ ----- [Click here to return to the main page.](https://www.malware-traffic-analysis.net/index.html) -----