Qakbot Trojan IOCs - Part 14

remote access Trojan IOC

Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.

Qakbot Malware IOCs

Indicators of Compromise

IPv4 Port Combinations

  • 102.159.83.36:443
  • 103.141.50.117:995
  • 106.212.18.255:995
  • 108.162.6.34:443
  • 108.162.6.34:995
  • 108.44.207.232:443
  • 108.6.249.139:443
  • 109.11.175.42:2222
  • 109.159.119.169:2222
  • 109.177.245.176:2222
  • 116.74.162.186:443
  • 12.172.173.82:21
  • 12.172.173.82:465
  • 12.172.173.82:50001
  • 12.172.173.82:990
  • 12.172.173.82:993
  • 12.172.173.82:995
  • 121.122.99.223:995
  • 123.3.240.16:995
  • 124.122.55.68:443
  • 130.43.99.103:995
  • 136.232.184.134:995
  • 142.161.27.232:2222
  • 156.216.253.65:995
  • 156.217.158.177:995
  • 166.62.145.54:443
  • 172.117.139.142:995
  • 172.90.139.138:2222
  • 173.18.126.3:443
  • 173.239.94.212:443
  • 174.104.184.149:443
  • 174.58.146.57:443
  • 174.77.209.5:443
  • 176.128.178.251:443
  • 176.133.4.230:995
  • 176.142.207.63:443
  • 178.153.195.40:443
  • 181.164.194.228:443
  • 182.66.197.35:443
  • 183.82.100.110:2222
  • 184.153.132.82:443
  • 184.155.91.69:443
  • 184.176.154.83:995
  • 185.135.120.81:443
  • 186.64.67.9:443
  • 188.54.99.243:995
  • 190.18.236.175:443
  • 193.154.207.221:443
  • 196.207.146.214:443
  • 197.2.209.208:995
  • 197.204.18.30:443
  • 197.92.135.188:443
  • 198.2.51.242:993
  • 199.83.165.233:443
  • 2.50.47.109:443
  • 201.208.139.250:2222
  • 213.191.164.70:443
  • 213.22.188.57:2222
  • 213.67.255.57:2222
  • 213.91.235.146:443
  • 216.196.245.102:2078
  • 216.196.245.102:2083
  • 216.196.245.102:2222
  • 216.82.134.218:443
  • 217.128.91.196:2222
  • 221.161.103.6:443
  • 24.142.218.202:443
  • 24.206.27.39:443
  • 24.228.132.224:2222
  • 24.64.114.59:2078
  • 24.64.114.59:2222
  • 24.64.114.59:3389
  • 24.64.114.59:61202
  • 37.14.229.220:2222
  • 41.100.146.58:443
  • 41.34.106.203:993
  • 41.62.182.1:443
  • 41.62.220.86:995
  • 46.246.245.152:995
  • 47.34.30.133:443
  • 47.41.154.250:443
  • 49.175.72.56:443
  • 50.68.204.71:993
  • 50.68.204.71:995
  • 50.90.249.161:443
  • 58.162.223.233:443
  • 58.247.115.126:995
  • 64.121.161.102:443
  • 66.191.69.18:995
  • 69.119.123.159:2222
  • 69.133.162.35:443
  • 70.115.104.126:995
  • 70.120.228.205:2083
  • 70.160.80.210:443
  • 70.51.136.94:2222
  • 70.66.199.12:443
  • 71.247.10.63:50003
  • 71.247.10.63:995
  • 71.31.101.183:443
  • 71.46.234.171:443
  • 72.200.109.104:443
  • 72.68.175.55:2222
  • 73.155.10.79:443
  • 73.161.176.218:443
  • 73.36.196.11:443
  • 74.66.134.24:443
  • 74.92.243.113:50000
  • 75.143.236.149:443
  • 75.158.15.211:443
  • 75.161.233.194:995
  • 75.84.234.68:443
  • 75.98.154.19:443
  • 75.99.125.235:2222
  • 76.100.159.250:443
  • 76.127.192.23:443
  • 76.20.42.45:443
  • 76.80.180.154:995
  • 77.126.81.208:443
  • 77.86.98.236:443
  • 78.100.230.10:995
  • 78.163.33.44:443
  • 78.69.251.252:2222
  • 80.0.74.165:443
  • 80.13.179.151:2222
  • 81.198.136.151:995
  • 81.229.117.95:2222
  • 82.11.242.219:443
  • 83.114.60.6:2222
  • 83.7.54.186:443
  • 83.92.85.93:443
  • 84.113.121.103:443
  • 84.35.26.14:995
  • 85.152.152.46:443
  • 85.231.105.49:2222
  • 85.59.61.52:2222
  • 85.61.165.153:2222
  • 86.159.48.25:2222
  • 86.195.32.149:2222
  • 86.225.214.138:2222
  • 87.202.101.164:50000
  • 87.221.197.110:2222
  • 87.223.84.190:443
  • 87.223.89.157:443
  • 87.57.13.215:443
  • 88.126.94.4:50000
  • 88.171.156.150:50000
  • 89.129.109.27:2222
  • 90.104.22.28:2222
  • 90.116.219.167:2222
  • 90.119.197.132:2222
  • 90.89.95.158:2222
  • 91.165.188.74:50000
  • 91.169.12.198:32100
  • 91.68.227.219:443
  • 92.106.70.62:2222
  • 92.149.205.238:2222
  • 92.185.204.18:2078
  • 92.186.69.229:2222
  • 92.189.214.236:2222
  • 92.207.132.174:2222
  • 92.239.81.124:443
  • 92.24.200.226:995
  • 92.27.86.48:2222
  • 92.98.72.220:2222
  • 93.156.103.241:443
  • 93.24.192.142:20
  • 94.63.65.146:443
  • 98.145.23.67:443
  • 98.147.155.235:443

SHA256

  • 24d7bb336cff00af352ee187d6c215dc037ac3f39ef1936deca18bb3ac472eb7
  • 4a6fa75896f4dca8e3ad9c5024037b10b61bd4a723819aaf0ea941f37a763411
  • 4e4ef37cbbe04766712cd6a9dd1985f718f7dd82fecf00ade30a018ad2146c7a
  • 53eafeee2c494c3418d47a25664a414619885cc92447a735657b2ceedad71cde
  • a6ee266834675fea92b4d1ac2317e79e16dd33939d883a2ba5af2bba3db9872f
  • b854bec9bc8a38e7c4e906f6d9696a11695087291ab8deefc2e56f73de08138a
  • b9efb8b9e271b08de4b59d78720796e7b428a989e8d7cb05f01713ea526b86dd
  • c40963bc270afc2d94e76fc822ded2263f45f6c00f4b82459d34df5b632fa790
  • ecd701720d825629eb26aa23f2390f629639250fc888dcf0b6e4b6a4c53fb81d
  • ef43ad2327c74d2ac4343209325b004a15f4f858bb68e871adcca5a320573025

SEC-1275-1
Добавить комментарий