Qakbot Trojan IOCs - Part 16

remote access Trojan IOC

Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.

Indicators of Compromise

IPv4 Port Combinations

  • 102.46.139.82:993
  • 103.141.50.117:995
  • 103.144.201.62:2078
  • 103.55.67.180:443
  • 104.152.223.133:443
  • 105.103.56.28:2078
  • 105.103.56.28:990
  • 108.6.249.139:443
  • 109.150.179.158:2222
  • 116.74.164.2:443
  • 117.186.222.30:993
  • 12.172.173.82:21
  • 12.172.173.82:22
  • 12.172.173.82:465
  • 12.172.173.82:50001
  • 12.172.173.82:990
  • 12.172.173.82:993
  • 12.172.173.82:995
  • 121.122.99.223:995
  • 123.3.240.16:995
  • 136.232.184.134:995
  • 136.244.25.165:443
  • 137.186.193.226:3389
  • 139.216.164.122:443
  • 142.161.27.232:2222
  • 149.126.159.106:443
  • 162.248.14.107:443
  • 172.90.139.138:2222
  • 173.18.126.3:443
  • 173.239.94.212:443
  • 174.101.111.4:443
  • 174.104.184.149:443
  • 176.142.207.63:443
  • 176.151.15.101:443
  • 181.118.183.44:443
  • 181.164.194.228:443
  • 183.82.100.110:2222
  • 184.101.163.128:443
  • 184.153.132.82:443
  • 184.155.91.69:443
  • 184.176.154.83:995
  • 186.64.67.9:443
  • 188.48.123.229:995
  • 190.134.138.61:443
  • 190.206.70.80:2222
  • 190.24.45.24:995
  • 193.154.202.210:443
  • 198.2.51.242:993
  • 199.83.165.233:443
  • 2.14.82.210:2222
  • 2.83.12.243:443
  • 2.99.47.198:2222
  • 200.109.14.93:2222
  • 201.210.107.223:993
  • 204.210.210.7:443
  • 213.67.255.57:2222
  • 213.91.235.146:443
  • 216.196.245.102:2078
  • 216.196.245.102:2083
  • 216.82.134.218:443
  • 221.161.103.6:443
  • 24.142.218.202:443
  • 24.177.111.153:443
  • 24.206.27.39:443
  • 24.228.132.224:2222
  • 24.64.114.59:2078
  • 24.64.114.59:2222
  • 24.64.114.59:3389
  • 24.64.114.59:61202
  • 27.32.171.38:443
  • 27.99.45.237:2222
  • 31.167.254.199:995
  • 37.14.229.220:2222
  • 38.166.242.12:2087
  • 41.44.19.36:995
  • 47.34.30.133:443
  • 47.41.154.250:443
  • 49.175.72.56:443
  • 50.68.204.71:443
  • 50.68.204.71:993
  • 50.68.204.71:995
  • 50.90.249.161:443
  • 58.162.223.233:443
  • 58.247.115.126:995
  • 62.31.130.138:465
  • 64.121.161.102:443
  • 65.30.139.145:995
  • 66.131.25.6:443
  • 66.176.250.180:443
  • 66.191.69.18:995
  • 69.119.123.159:2222
  • 69.133.162.35:443
  • 70.115.104.126:995
  • 70.120.228.205:2083
  • 70.160.80.210:443
  • 70.181.149.227:443
  • 70.64.77.115:443
  • 70.77.116.233:443
  • 70.95.236.129:443
  • 71.247.10.63:995
  • 72.200.109.104:443
  • 72.68.175.55:2222
  • 73.155.10.79:443
  • 73.161.176.218:443
  • 73.223.248.31:443
  • 73.36.196.11:443
  • 74.66.134.24:443
  • 74.92.243.113:50000
  • 74.93.148.97:995
  • 75.115.14.189:443
  • 75.143.236.149:443
  • 75.158.15.211:443
  • 75.98.154.19:443
  • 75.99.125.235:2222
  • 76.100.159.250:443
  • 76.20.42.45:443
  • 76.80.180.154:995
  • 77.86.98.236:443
  • 78.100.230.10:995
  • 78.17.157.5:443
  • 78.247.21.20:443
  • 78.69.251.252:2222
  • 78.92.133.215:443
  • 80.0.74.165:443
  • 80.13.179.151:2222
  • 81.131.210.167:443
  • 81.229.117.95:2222
  • 81.248.77.37:2222
  • 82.9.210.36:443
  • 83.7.54.186:443
  • 83.92.85.93:443
  • 84.113.121.103:443
  • 84.215.202.22:443
  • 84.35.26.14:995
  • 85.152.152.46:443
  • 85.241.180.94:443
  • 85.245.221.87:2078
  • 85.7.61.22:2222
  • 86.165.15.180:2222
  • 86.190.16.164:443
  • 86.217.250.15:2222
  • 86.225.214.138:2222
  • 86.96.75.237:2222
  • 86.98.23.199:443
  • 87.221.197.110:2222
  • 87.223.91.46:443
  • 87.65.160.87:995
  • 87.99.116.47:443
  • 88.126.94.4:50000
  • 89.115.196.99:443
  • 89.129.109.27:2222
  • 90.104.22.28:2222
  • 90.116.219.167:2222
  • 90.89.95.158:2222
  • 91.169.12.198:32100
  • 91.254.230.18:443
  • 91.68.227.219:443
  • 92.149.205.238:2222
  • 92.189.214.236:2222
  • 92.207.132.174:2222
  • 92.24.200.226:995
  • 93.164.248.234:443
  • 93.24.192.142:20
  • 94.63.65.146:443
  • 98.145.23.67:443

URLs

  • https://electrocus.com/suns/index.php?IUSMP=1
  • https://warismovers.com/se/index.php?abrloe=7

SHA256

  • 1d59b62092422db48a95109b96badc464461d6c0ebdc98cdf00741b4e5cf4de3
  • 2c9a1589ddb6fb301b4900816e51faf0cde4d90148e1c233d25862be62bb2dd8
  • 88bc05fa12f48b1775261f8710aef56ca5cb55b9b5331236ef05312dec137c13
  • 96d2f4131542e1b4a6e9bba0bf3807008cb8340e7d247b464fdbebe11031d9e2
  • ac738b061845ca506d186c7749080cdbf443f859e2b551dd0402474b2604b249
  • c22fee368833ff4303e6b563fe540c7759f2f4ff0102f3cb8867b30d1be5dda4
SEC-1275-1
Добавить комментарий