{
	"id": "877845d5-8232-477c-a71b-8965176fc1fa",
	"created_at": "2026-04-06T00:10:47.867172Z",
	"updated_at": "2026-04-10T03:20:32.831789Z",
	"deleted_at": null,
	"sha1_hash": "f248ed91cd4e6e15a31c58edf7422fc85020b875",
	"title": "QakBot C2 Traffic",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 186396,
	"plain_text": "QakBot C2 Traffic\r\nBy Erik Hjelmvik\r\nPublished: 2023-03-02 · Archived: 2026-04-05 18:52:39 UTC\r\n, \r\nThursday, 02 March 2023 12:43:00 (UTC/GMT)\r\nIn this video I analyze network traffic from a QakBot (QBot) infection in order to identify the Command-and-Control (C2) traffic. The analyzed PCAP file is from malware-traffic-analysis.net.\r\nIOC List\r\nC2 IP and port: 80.47.61.240:2222\r\nC2 IP and port: 185.80.53.210:443\r\nQakBot proxy IP and port: 23.111.114.52:65400\r\nJA3: 72a589da586844d7f0818ce684948eea\r\nJA3S: ec74a5c51106f0419184d0dd08fb05bc\r\nJA3S: fd4bc6cea4877646ccd62f0792ec0b62\r\nmeieou.info X.509 cert hash: 9de2a1c39fbe1952221c4b78b8d21dc3afe53a3e\r\nmeieou.info X.509 cert Subject OU: Hoahud Duhcuv Dampvafrog\r\nmeieou.info X.509 cert Issuer O: Qdf Wah Uotvzke LLC.\r\ngifts.com X.509 cert hash: 0c7a37f55a0b0961c96412562dd0cf0b0b867d37\r\nHTML Body Hash: 22e5446e82b3e46da34b5ebce6de5751664fb867\r\nHTML Title: Welcome to CentOS\r\nLinks\r\n0:00 / 14:23\r\nhttps://www.netresec.com/?page=Blog\u0026month=2023-03\u0026post=QakBot-C2-Traffic\r\nPage 1 of 2\n\nQakBot PCAP download (malware-traffic-analysis.net)\r\n80.47.61.240 (VirusTotal)\r\n80.47.61.240:2222 (ThreatFox)\r\n80.47.61.240 (Feodo Tracker)\r\n80.47.61.240 (Censys)\r\n185.80.53.210 (Censys)\r\nFor more analysis of QakBot network traffic, check out my Hunting for C2 Traffic video.\r\nPosted by Erik Hjelmvik on Thursday, 02 March 2023 12:43:00 (UTC/GMT)\r\nTags: #QakBot#QBot#C2#Video#malware-traffic-analysis.net#ThreatFox#ec74a5c51106f0419184d0dd08fb05bc\r\n#fd4bc6cea4877646ccd62f0792ec0b62#CapLoader#NetworkMiner\r\nShort URL: https://netresec.com/?b=233eaa1\r\nSource: https://www.netresec.com/?page=Blog\u0026month=2023-03\u0026post=QakBot-C2-Traffic\r\nhttps://www.netresec.com/?page=Blog\u0026month=2023-03\u0026post=QakBot-C2-Traffic\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.netresec.com/?page=Blog\u0026month=2023-03\u0026post=QakBot-C2-Traffic"
	],
	"report_names": [
		"?page=Blog\u0026month=2023-03\u0026post=QakBot-C2-Traffic"
	],
	"threat_actors": [],
	"ts_created_at": 1775434247,
	"ts_updated_at": 1775791232,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f248ed91cd4e6e15a31c58edf7422fc85020b875.pdf",
		"text": "https://archive.orkl.eu/f248ed91cd4e6e15a31c58edf7422fc85020b875.txt",
		"img": "https://archive.orkl.eu/f248ed91cd4e6e15a31c58edf7422fc85020b875.jpg"
	}
}