Qakbot Trojan IOCs - Part 12

remote access Trojan IOC

Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.

Qakbot Malware IOCs

Indicators of Compromise

IPv4 Port Combinations

  • 102.156.113.77:443
  • 102.157.69.217:995
  • 102.158.230.141:443
  • 102.159.188.241:443
  • 103.55.67.180:443
  • 105.103.33.225:32103
  • 105.103.33.225:990
  • 105.103.33.225:993
  • 105.103.33.225:995
  • 105.111.45.51:995
  • 105.184.161.175:443
  • 105.184.161.242:443
  • 108.44.207.232:443
  • 108.6.249.139:443
  • 109.11.175.42:2222
  • 109.145.27.139:443
  • 109.149.147.221:2222
  • 109.152.70.207:50000
  • 109.218.233.44:2222
  • 116.74.163.221:443
  • 12.172.173.82:2087
  • 12.172.173.82:21
  • 12.172.173.82:22
  • 12.172.173.82:443
  • 12.172.173.82:465
  • 12.172.173.82:50001
  • 12.172.173.82:990
  • 12.172.173.82:993
  • 12.172.173.82:995
  • 121.122.99.151:995
  • 125.27.3.221:995
  • 136.35.241.159:443
  • 139.216.164.122:443
  • 142.119.40.220:2222
  • 142.161.27.232:2222
  • 144.202.15.58:443
  • 151.32.168.124:443
  • 154.247.94.160:32103
  • 157.231.42.190:443
  • 157.231.42.190:995
  • 170.249.59.153:443
  • 170.253.25.35:443
  • 172.117.139.142:995
  • 172.90.139.138:2222
  • 173.18.126.3:443
  • 173.239.94.212:443
  • 173.32.181.236:443
  • 174.101.111.4:443
  • 174.104.184.149:443
  • 174.112.25.29:2078
  • 174.112.25.29:2222
  • 174.45.15.123:443
  • 174.58.146.57:443
  • 174.60.47.98:443
  • 174.77.209.5:443
  • 175.205.2.54:443
  • 176.137.187.206:995
  • 176.142.207.63:443
  • 176.151.15.101:443
  • 177.205.114.49:2222
  • 177.205.92.100:2222
  • 178.147.24.70:995
  • 178.169.196.115:443
  • 180.156.240.239:995
  • 181.118.183.116:443
  • 182.66.197.35:443
  • 183.82.100.110:2222
  • 184.153.132.82:443
  • 184.155.91.69:443
  • 184.176.154.83:995
  • 184.20.10.236:443
  • 186.188.2.193:443
  • 187.199.224.16:32103
  • 188.127.169.210:443
  • 188.4.142.139:995
  • 188.54.79.88:995
  • 188.92.64.68:443
  • 190.11.198.68:443
  • 190.24.45.24:995
  • 190.36.189.154:2222
  • 190.74.23.139:443
  • 193.3.19.137:443
  • 197.148.17.17:2078
  • 199.83.165.233:443
  • 2.8.39.175:2222
  • 2.83.62.105:443
  • 2.84.98.228:2222
  • 2.98.146.106:995
  • 200.233.108.153:995
  • 200.44.208.217:2222
  • 200.84.201.101:993
  • 200.93.14.206:2222
  • 201.192.179.221:443
  • 212.251.122.147:995
  • 213.67.255.57:2222
  • 213.91.235.146:443
  • 217.128.91.196:2222
  • 221.161.103.6:443
  • 23.240.47.58:995
  • 24.116.45.121:443
  • 24.142.218.202:443
  • 24.206.27.39:443
  • 24.4.239.157:443
  • 24.49.232.96:443
  • 24.64.114.59:2078
  • 24.64.114.59:2222
  • 24.64.114.59:3389
  • 27.110.134.202:995
  • 31.167.227.31:443
  • 37.128.17.176:2222
  • 41.228.223.122:995
  • 41.35.196.18:995
  • 41.97.183.39:443
  • 41.99.177.175:443
  • 41.99.249.38:443
  • 45.248.169.101:443
  • 45.49.137.80:443
  • 46.177.99.230:995
  • 46.190.93.247:50000
  • 46.229.194.17:443
  • 47.16.73.77:2222
  • 47.176.30.75:443
  • 47.185.141.97:443
  • 47.229.96.60:443
  • 47.34.30.133:443
  • 47.41.154.250:443
  • 49.175.72.56:443
  • 50.37.154.115:443
  • 50.68.204.71:443
  • 50.68.204.71:993
  • 50.68.204.71:995
  • 50.90.249.161:443
  • 58.162.223.233:443
  • 58.247.115.126:995
  • 60.48.250.151:2222
  • 61.92.123.169:443
  • 62.31.130.138:465
  • 63.248.148.87:443
  • 64.121.161.102:443
  • 64.207.237.118:443
  • 64.228.191.212:2222
  • 66.180.227.170:2222
  • 66.191.69.18:995
  • 68.47.128.161:443
  • 69.119.123.159:2222
  • 69.133.162.35:443
  • 70.115.104.126:995
  • 70.64.77.115:443
  • 70.66.199.12:443
  • 70.95.236.129:443
  • 71.183.236.133:443
  • 71.247.10.63:2083
  • 71.247.10.63:50003
  • 71.247.10.63:995
  • 71.31.101.183:443
  • 72.133.240.122:2083
  • 72.140.137.221:443
  • 72.53.103.56:443
  • 72.82.136.90:443
  • 72.88.245.71:443
  • 73.161.176.218:443
  • 73.165.119.20:443
  • 73.230.28.7:443
  • 73.36.196.11:443
  • 74.33.84.227:443
  • 74.66.134.24:443
  • 74.92.243.113:50000
  • 74.92.243.113:995
  • 75.143.236.149:443
  • 75.156.125.215:995
  • 75.158.15.211:443
  • 75.191.246.70:443
  • 75.98.154.19:443
  • 75.99.125.238:2222
  • 76.127.192.23:443
  • 76.184.95.190:993
  • 76.20.42.45:443
  • 76.68.34.167:2222
  • 76.80.180.154:995
  • 77.126.81.208:443
  • 78.253.154.211:50000
  • 78.92.133.215:443
  • 79.166.120.168:995
  • 79.169.119.144:2222
  • 79.37.204.67:443
  • 80.103.77.44:2222
  • 80.121.8.212:995
  • 80.13.179.151:2222
  • 80.189.213.49:2222
  • 80.233.87.78:995
  • 81.156.198.115:2222
  • 81.229.117.95:2222
  • 81.250.33.243:2222
  • 82.121.237.106:2222
  • 82.121.73.56:2222
  • 82.155.111.187:443
  • 82.31.37.241:443
  • 82.34.170.37:443
  • 82.36.36.76:443
  • 82.9.210.36:443
  • 83.79.150.24:2222
  • 84.113.121.103:443
  • 84.35.26.14:995
  • 85.139.176.42:2222
  • 85.241.105.6:443
  • 85.241.180.94:443
  • 85.59.61.52:2222
  • 85.74.158.150:2222
  • 86.129.13.178:2222
  • 86.130.9.167:2222
  • 86.158.3.195:443
  • 86.165.15.180:2222
  • 86.167.26.227:2222
  • 86.171.75.63:443
  • 86.175.128.143:443
  • 86.180.222.237:2222
  • 86.195.32.149:2222
  • 86.217.250.15:2222
  • 86.225.214.138:2222
  • 86.45.66.141:2222
  • 87.202.101.164:50000
  • 87.220.205.14:2222
  • 87.220.68.51:2222
  • 87.223.80.45:443
  • 87.223.83.164:443
  • 87.65.160.87:995
  • 88.126.94.4:50000
  • 88.152.182.39:443
  • 89.129.109.27:2222
  • 89.152.120.181:443
  • 89.216.114.163:443
  • 90.104.22.28:2222
  • 90.78.85.59:2222
  • 90.89.95.158:2222
  • 91.165.188.74:50000
  • 91.169.12.198:32100
  • 91.180.68.95:2222
  • 91.254.215.167:443
  • 91.68.227.219:443
  • 92.106.70.62:2222
  • 92.137.74.174:2222
  • 92.149.205.238:2222
  • 92.189.214.236:2222
  • 92.191.49.255:2222
  • 92.207.132.174:2222
  • 92.24.200.226:995
  • 92.27.86.48:2222
  • 93.156.103.241:443
  • 93.164.248.234:443
  • 94.15.58.251:443
  • 94.60.141.48:995
  • 94.63.65.146:443
  • 95.214.107.21:443
  • 95.94.33.189:2222
  • 98.145.23.67:443
  • 98.147.155.235:443
  • 98.187.21.2:443
  • 99.229.146.120:443
  • 99.238.106.45:443

MD5

  • e9250edfb5d6e66baa968898fe58d3d1

SHA256

  • 1347142eb47ebfe2661df5a7f011ea369e3d6df6ba41a6140763e5a670f0ce15
  • 182d599918881d3a50d89f8cea088ce58b899cfde3d611971d351810ad8b5850
  • 38da16a3914632e7a476f73ca07d7202413f0ab59623825d8c5ea82fe14717fc
  • 4f80c976afde3828525f99f9f4cfce18504ba698869b50b1abba79da47047b2d
  • 616a1c3a65fed4142c80f37a67f87d4d83af6ce28fd842f20c184ed995908894
  • 77e3a3bc905f9a172e95ba70bf01c3236e6c6423f537fa728b1bda5a40a77fe3
  • 7931064741c00a59d78c92ed7bac30d8d84910a0c9e59d0969976e72d9423a90
  • 820c86717ed36270cd3dd2e4e659d559908ddfbc942686ddcbeec48a321b86c4
  • 8a389ed824d154eafb8975a2d951e0ccfeb76a9f4a186a346fea86c366b5f8f9
  • 91d37cde7ed92cf0c0a115536930365cfa07c6c2ab7ba650109196c149f14063
  • aaba1b6cef10304f93b1ade13dc59aba4c9fb385907d9b9cb2cb934a2c9b5b2f
  • c09e3974dc7456748939ee9a302c0504946890a9d096fe238479e3fc833586dd
  • c0fc5b84ba671a26027bddbd7a987eacc5917bdd1359cc1e72b754ba3517e805
  • e3743fdb208add38daa188c07aefb071a05c599460bd4aad56b5ad808bc56bce
  • e4525d4812d75697a4b6524258a3e0325e49fce605c1691ba9fb6c2cfd2620ce
SEC-1275-1
Добавить комментарий