Qakbot Trojan IOCs - Part 17

remote access Trojan IOC

Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.

Indicators of Compromise

IPv4 Port Combinations

  • 100.36.249.75:995
  • 100.6.8.7:443
  • 102.40.202.189:995
  • 103.141.50.151:995
  • 103.144.201.62:2078
  • 103.71.21.107:443
  • 108.162.6.34:443
  • 108.44.207.232:443
  • 108.6.249.139:443
  • 109.11.175.42:2222
  • 109.133.67.116:995
  • 116.74.163.218:443
  • 116.75.63.32:443
  • 12.172.173.82:21
  • 12.172.173.82:22
  • 12.172.173.82:465
  • 12.172.173.82:50001
  • 12.172.173.82:990
  • 12.172.173.82:993
  • 12.172.173.82:995
  • 121.121.100.148:995
  • 123.3.240.16:995
  • 124.122.55.7:443
  • 136.232.184.134:995
  • 142.161.27.232:2222
  • 147.148.234.231:2222
  • 149.126.159.106:443
  • 150.107.231.59:2222
  • 152.170.17.136:443
  • 156.220.0.161:993
  • 162.248.14.107:443
  • 167.58.235.148:443
  • 172.117.139.142:995
  • 172.248.42.122:443
  • 172.90.139.138:2222
  • 173.18.126.3:443
  • 173.239.94.212:443
  • 174.104.184.149:443
  • 174.58.146.57:443
  • 176.142.207.63:443
  • 176.151.15.101:443
  • 178.152.126.55:443
  • 178.152.27.222:443
  • 181.118.183.50:443
  • 181.164.194.223:443
  • 184.153.132.82:443
  • 184.176.154.83:995
  • 184.68.116.146:2078
  • 184.68.116.146:2222
  • 184.68.116.146:3389
  • 184.68.116.146:50010
  • 184.68.116.146:61202
  • 188.176.170.61:443
  • 188.48.116.37:995
  • 190.199.126.108:993
  • 190.201.157.16:443
  • 190.24.45.24:995
  • 190.29.228.61:443
  • 193.251.52.34:2222
  • 197.0.32.186:443
  • 197.94.86.141:443
  • 198.2.51.242:993
  • 199.83.165.233:443
  • 2.83.12.243:443
  • 2.83.32.104:443
  • 2.99.47.198:2222
  • 213.191.164.70:443
  • 216.82.134.133:443
  • 217.128.91.196:2222
  • 217.43.16.149:443
  • 23.242.141.218:2222
  • 24.142.218.202:443
  • 24.206.27.39:443
  • 24.228.132.224:2222
  • 24.71.120.191:443
  • 27.109.19.90:2078
  • 31.53.29.245:2222
  • 46.10.198.106:443
  • 47.149.137.40:443
  • 47.203.227.114:443
  • 47.34.30.133:443
  • 47.41.154.250:443
  • 49.175.72.56:443
  • 49.245.119.12:2222
  • 50.68.204.71:443
  • 50.68.204.71:993
  • 50.68.204.71:995
  • 51.183.20.212:443
  • 58.247.115.126:995
  • 60.234.194.12:2222
  • 61.69.198.59:443
  • 62.102.228.245:2222
  • 64.237.214.193:443
  • 65.30.139.145:995
  • 66.191.69.18:995
  • 66.90.198.204:443
  • 69.119.123.159:2222
  • 69.133.162.35:443
  • 70.115.104.126:995
  • 70.55.120.16:2222
  • 70.64.77.115:443
  • 70.77.116.233:443
  • 71.31.101.183:443
  • 72.200.109.104:443
  • 72.80.7.6:995
  • 73.155.10.79:443
  • 73.223.248.31:443
  • 73.230.28.7:443
  • 73.29.92.128:443
  • 73.36.196.11:443
  • 74.66.134.24:443
  • 74.83.128.70:2083
  • 75.143.236.149:443
  • 75.158.15.211:443
  • 75.98.154.19:443
  • 75.99.125.236:2222
  • 76.100.159.250:443
  • 76.20.42.45:443
  • 76.80.180.154:995
  • 77.86.98.236:443
  • 78.101.91.215:2222
  • 78.247.21.20:443
  • 78.92.133.215:443
  • 79.13.202.140:443
  • 79.77.142.22:2222
  • 80.0.74.165:443
  • 80.44.148.126:2222
  • 81.131.210.167:443
  • 81.229.117.95:2222
  • 82.6.99.234:443
  • 82.9.210.36:443
  • 84.113.121.103:443
  • 84.35.26.14:995
  • 85.241.180.94:443
  • 85.7.61.22:2222
  • 86.165.15.180:2222
  • 86.18.75.136:443
  • 86.225.214.138:2222
  • 86.96.75.237:2222
  • 86.98.23.199:443
  • 86.99.14.46:2222
  • 87.220.68.51:2222
  • 87.221.197.110:2222
  • 87.221.215.41:2222
  • 87.223.87.35:443
  • 87.65.160.87:995
  • 88.126.94.4:50000
  • 89.115.196.99:443
  • 90.104.22.28:2222
  • 90.119.197.132:2222
  • 90.194.186.175:443
  • 90.79.129.166:2222
  • 90.89.95.158:2222
  • 91.169.12.198:32100
  • 91.178.75.146:2222
  • 91.68.227.219:443
  • 92.154.17.149:2222
  • 92.154.45.81:2222
  • 92.189.214.236:2222
  • 92.207.132.174:2222
  • 92.24.200.226:995
  • 92.27.86.48:2222
  • 94.63.65.146:443
  • 94.71.209.47:2222
  • 98.145.23.67:443

SHA256

  • 0b391821f77915a6e73a9b8caf414cb7e0ddad66e87cade38d20e44d5ca5fe6b
  • 3bd9565b4913e7f39cefe1024d0e400c3fc29b0e4712789bf30b94c2b2fc20ce
  • 96bcdc8801252e98c32bdb640f7205eac2a8ba5231eb6b85c1cbcddfdae899d7
  • 991ec01fb1e190467b2520abee18952b4ef1f130e94bacb729e83e3b1c93320d
  • a62dcf9b94179a272e52607b21e873f1699ab02b68a371ef12b559bd8fafb59b
  • e0ce64cff43d5dcd8ccae61cb74b93b21f54860722a2f2f2c67213d04af72bf1
  • e5105f39021d3e0c6457dd51b4775411e0f9e169ed63f815543f86d3d6ac9285
SEC-1275-1
Добавить комментарий