Hunting Malicious Infrastructure using JARM and HTTP Response

Michael Koczwara
4 min readMay 16

Hunting QBot C2 and Brute Ratel C4 Infrastructure

In this blog, I will explain my hunting methodology with two practical examples.

  • QBot C2
  • Brute Ratel C4

I choose these two because despite the difference between Brute Ratel C4 and QBot this methodology (JARM and HTTP Response hash)…

Michael Koczwara