Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.
Indicators of Compromise
IPv4 Port Combinations
- 100.6.8.7:443
- 103.144.201.62:2078
- 103.71.21.107:443
- 108.162.6.34:443
- 108.6.249.139:443
- 109.11.175.42:2222
- 116.74.163.218:443
- 12.172.173.82:21
- 12.172.173.82:22
- 12.172.173.82:465
- 12.172.173.82:50001
- 12.172.173.82:990
- 12.172.173.82:993
- 12.172.173.82:995
- 121.121.100.148:995
- 121.122.99.223:995
- 123.3.240.16:995
- 124.122.55.68:443
- 124.122.55.7:443
- 136.232.184.134:995
- 137.186.193.226:3389
- 139.5.239.14:443
- 142.161.27.232:2222
- 149.126.159.106:443
- 150.107.231.59:2222
- 151.65.67.211:443
- 156.220.229.249:993
- 162.248.14.107:443
- 172.117.139.142:995
- 172.248.42.122:443
- 172.90.139.138:2222
- 173.18.126.3:443
- 173.239.94.212:443
- 174.104.184.149:443
- 174.58.146.57:443
- 174.77.209.5:443
- 176.142.207.63:443
- 176.151.15.101:443
- 176.177.136.35:443
- 178.152.126.55:443
- 181.118.183.44:443
- 181.118.183.50:443
- 181.164.194.223:443
- 182.75.189.42:995
- 183.82.100.110:2222
- 184.153.132.82:443
- 184.176.154.83:995
- 184.68.116.146:2078
- 184.68.116.146:2222
- 184.68.116.146:3389
- 184.68.116.146:50010
- 184.68.116.146:61202
- 188.176.170.61:443
- 188.48.116.37:995
- 190.18.236.175:443
- 190.199.169.127:993
- 190.24.45.24:995
- 190.29.228.61:443
- 197.26.142.159:443
- 197.94.219.133:443
- 198.2.51.242:993
- 199.83.165.233:443
- 2.83.12.243:443
- 2.99.47.198:2222
- 201.208.139.250:2222
- 213.191.164.70:443
- 213.67.255.57:2222
- 216.82.134.133:443
- 23.242.141.218:2222
- 24.142.218.202:443
- 24.206.27.39:443
- 24.228.132.224:2222
- 24.71.120.191:443
- 27.109.19.90:2078
- 37.14.229.220:2222
- 37.56.111.49:995
- 41.98.21.114:443
- 46.10.198.106:443
- 47.149.137.40:443
- 47.203.227.114:443
- 47.34.30.133:443
- 47.41.154.250:443
- 49.175.72.56:443
- 49.245.119.12:2222
- 50.68.204.71:443
- 50.68.204.71:993
- 50.68.204.71:995
- 60.234.194.12:2222
- 61.69.198.59:443
- 64.121.161.102:443
- 64.237.214.193:443
- 66.191.69.18:995
- 69.119.123.159:2222
- 69.133.162.35:443
- 70.115.104.126:995
- 70.120.228.205:443
- 70.55.120.16:2222
- 70.64.77.115:443
- 70.66.199.12:443
- 70.77.116.233:443
- 71.247.10.63:995
- 71.31.101.183:443
- 72.200.109.104:443
- 72.53.103.56:443
- 72.80.7.6:995
- 73.155.10.79:443
- 73.161.176.218:443
- 73.223.248.31:443
- 73.230.28.7:443
- 73.29.92.128:443
- 73.36.196.11:443
- 74.66.134.24:443
- 74.83.128.70:2083
- 75.143.236.149:443
- 75.158.15.211:443
- 75.98.154.19:443
- 75.99.125.236:2222
- 76.100.159.250:443
- 76.11.14.249:443
- 76.20.42.45:443
- 76.80.180.154:995
- 77.86.98.236:443
- 78.101.91.215:2222
- 78.213.14.206:443
- 78.247.21.20:443
- 78.69.251.252:2222
- 78.92.133.215:443
- 79.13.202.140:443
- 79.77.142.22:2222
- 80.0.74.165:443
- 80.44.148.126:2222
- 81.111.108.123:443
- 81.131.210.167:443
- 81.229.117.95:2222
- 81.248.77.37:2222
- 82.9.210.36:443
- 83.114.60.6:2222
- 83.213.201.104:993
- 83.92.85.93:443
- 84.113.121.103:443
- 84.215.202.22:443
- 84.35.26.14:995
- 85.152.152.46:443
- 85.61.165.153:2222
- 86.130.9.250:2222
- 86.159.48.25:2222
- 86.169.19.140:2222
- 86.176.83.127:2222
- 86.225.214.138:2222
- 86.96.75.237:2222
- 86.98.23.199:443
- 86.99.14.46:2222
- 87.220.68.51:2222
- 87.221.197.110:2222
- 87.65.160.87:995
- 88.126.94.4:50000
- 89.129.109.27:2222
- 90.104.22.28:2222
- 90.66.229.185:2222
- 90.89.95.158:2222
- 91.165.188.74:50000
- 91.169.12.198:32100
- 91.68.227.219:443
- 92.145.203.167:2222
- 92.154.17.149:2222
- 92.189.214.236:2222
- 92.207.132.174:2222
- 92.24.200.226:995
- 92.8.190.211:2222
- 94.105.123.53:443
- 94.63.65.146:443
- 94.71.209.47:2222
- 98.145.23.67:443
- 98.178.242.28:443
Domains
- afccoservices.com
- galaxyengineers.net
- lesindispensables01.fr
- psinformatica.inf.br
- rivashaa.com
- ultimateservices.org
- uniconnectcentre.com
URLs
- https://afccoservices.com/imlo/index.php?euntetr=5
- https://galaxyengineers.net/am/index.php?te=9
- https://lesindispensables01.fr/atta/index.php?iuqa=5
- https://psinformatica.inf.br/uvp/index.php?qiu=2
- https://rivashaa.com/rod/index.php?cduniint=8
- https://ultimateservices.org/uiqe/index.php?eds=5
- https://uniconnectcentre.com/ed/index.php?sti=2
Emails
- a.attas@ajt-electric.com
- aerdnvvtvor@hondamobilbdg.com
- aktuar@sportverein-rehetobel.ch
- awid.zetljieunli@achtaritv.com
- daaij53@niramayahomoeoclinic.com
- dovie26@maldivemusic.com
- mika.tikkamaki@anvianet.fi
- nnlboa@beiesa.com
- pcgaaz@creativeisolutions.com
- xwest@ashtonwellsbrand.com
MD5
- 2adc8bf66db7bff6be91e385f337fc75
- 2ef11c9517fb087f05de67a80ec2e43e
- 3cde3a79472e1f94d723b564dfa47b0e
- 43a8972dde8f5671be04e6bc18d9b897
- 51245ecb752d5a97d5e1f94f1de8e298
- 51358e663185ccd494a4d91cb151e7be
- 5658eb25ed75f458fa0678814f2871f6
- 5ade6344d47bc6938ee07d64a27843e4
- 5cb487bb63a7a71e245c9a10e834d8b6
- 6b9cea3f9a613626db09ac19d4ca85f4
- 71dbea29516aab505d2e9c65c923a9e4
- 882d04119103e7bc817aa9113e4abd22
- 910ddbf2e1576c25a529a3eff6d35676
- 94c271aa41c9ef12558a44f11f7ca163
- 990e97fe9fa3f6aea2a9b5bcf678d8de
- 9b1e2fc34826bb9cf2cbdff26ad2d06d
- 9c15324b01defb855b297941dff50a9b
- a03fa29a66f49d6bcd0de74ba7ad0cb1
- a1e1638a19adf7120af3bbbda348d49a
- c76ad74c1971686ffc07bde86b389993
- cbb92ddf4f2756292db84d3ba1810313
- d068f9bf2ffe2a98b4d248fc70db8daa
- d156671f365de38082dfdd89580dee5d
- e20facbe270c78f4ee1db08ff392aa4d
- e72eaf4c052b57413d1bc89ace2c2e7f
- eb91f1056bfab96f30c5afee7fc77c8e
- fe2307d0b8ae3e784efb735dbd68891b