Qakbot Trojan IOCs - Part 18

Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.

Indicators of Compromise

IPv4 Port Combinations

• 100.6.8.7:443
• 103.144.201.62:2078
• 103.71.21.107:443
• 108.162.6.34:443
• 108.6.249.139:443
• 109.11.175.42:2222
• 116.74.163.218:443
• 12.172.173.82:21
• 12.172.173.82:22
• 12.172.173.82:465
• 12.172.173.82:50001
• 12.172.173.82:990
• 12.172.173.82:993
• 12.172.173.82:995
• 121.121.100.148:995
• 121.122.99.223:995
• 123.3.240.16:995
• 124.122.55.68:443
• 124.122.55.7:443
• 136.232.184.134:995
• 137.186.193.226:3389
• 139.5.239.14:443
• 142.161.27.232:2222
• 149.126.159.106:443
• 150.107.231.59:2222
• 151.65.67.211:443
• 156.220.229.249:993
• 162.248.14.107:443
• 172.117.139.142:995
• 172.248.42.122:443
• 172.90.139.138:2222
• 173.18.126.3:443
• 173.239.94.212:443
• 174.104.184.149:443
• 174.58.146.57:443
• 174.77.209.5:443
• 176.142.207.63:443
• 176.151.15.101:443
• 176.177.136.35:443
• 178.152.126.55:443
• 181.118.183.44:443
• 181.118.183.50:443
• 181.164.194.223:443
• 182.75.189.42:995
• 183.82.100.110:2222
• 184.153.132.82:443
• 184.176.154.83:995
• 184.68.116.146:2078
• 184.68.116.146:2222
• 184.68.116.146:3389
• 184.68.116.146:50010
• 184.68.116.146:61202
• 188.176.170.61:443
• 188.48.116.37:995
• 190.18.236.175:443
• 190.199.169.127:993
• 190.24.45.24:995
• 190.29.228.61:443
• 197.26.142.159:443
• 197.94.219.133:443
• 198.2.51.242:993
• 199.83.165.233:443
• 2.83.12.243:443
• 2.99.47.198:2222
• 201.208.139.250:2222
• 213.191.164.70:443
• 213.67.255.57:2222
• 216.82.134.133:443
• 23.242.141.218:2222
• 24.142.218.202:443
• 24.206.27.39:443
• 24.228.132.224:2222
• 24.71.120.191:443
• 27.109.19.90:2078
• 37.14.229.220:2222
• 37.56.111.49:995
• 41.98.21.114:443
• 46.10.198.106:443
• 47.149.137.40:443
• 47.203.227.114:443
• 47.34.30.133:443
• 47.41.154.250:443
• 49.175.72.56:443
• 49.245.119.12:2222
• 50.68.204.71:443
• 50.68.204.71:993
• 50.68.204.71:995
• 60.234.194.12:2222
• 61.69.198.59:443
• 64.121.161.102:443
• 64.237.214.193:443
• 66.191.69.18:995
• 69.119.123.159:2222
• 69.133.162.35:443
• 70.115.104.126:995
• 70.120.228.205:443
• 70.55.120.16:2222
• 70.64.77.115:443
• 70.66.199.12:443
• 70.77.116.233:443
• 71.247.10.63:995
• 71.31.101.183:443
• 72.200.109.104:443
• 72.53.103.56:443
• 72.80.7.6:995
• 73.155.10.79:443
• 73.161.176.218:443
• 73.223.248.31:443
• 73.230.28.7:443
• 73.29.92.128:443
• 73.36.196.11:443
• 74.66.134.24:443
• 74.83.128.70:2083
• 75.143.236.149:443
• 75.158.15.211:443
• 75.98.154.19:443
• 75.99.125.236:2222
• 76.100.159.250:443
• 76.11.14.249:443
• 76.20.42.45:443
• 76.80.180.154:995
• 77.86.98.236:443
• 78.101.91.215:2222
• 78.213.14.206:443
• 78.247.21.20:443
• 78.69.251.252:2222
• 78.92.133.215:443
• 79.13.202.140:443
• 79.77.142.22:2222
• 80.0.74.165:443
• 80.44.148.126:2222
• 81.111.108.123:443
• 81.131.210.167:443
• 81.229.117.95:2222
• 81.248.77.37:2222
• 82.9.210.36:443
• 83.114.60.6:2222
• 83.213.201.104:993
• 83.92.85.93:443
• 84.113.121.103:443
• 84.215.202.22:443
• 84.35.26.14:995
• 85.152.152.46:443
• 85.61.165.153:2222
• 86.130.9.250:2222
• 86.159.48.25:2222
• 86.169.19.140:2222
• 86.176.83.127:2222
• 86.225.214.138:2222
• 86.96.75.237:2222
• 86.98.23.199:443
• 86.99.14.46:2222
• 87.220.68.51:2222
• 87.221.197.110:2222
• 87.65.160.87:995
• 88.126.94.4:50000
• 89.129.109.27:2222
• 90.104.22.28:2222
• 90.66.229.185:2222
• 90.89.95.158:2222
• 91.165.188.74:50000
• 91.169.12.198:32100
• 91.68.227.219:443
• 92.145.203.167:2222
• 92.154.17.149:2222
• 92.189.214.236:2222
• 92.207.132.174:2222
• 92.24.200.226:995
• 92.8.190.211:2222
• 94.105.123.53:443
• 94.63.65.146:443
• 94.71.209.47:2222
• 98.145.23.67:443
• 98.178.242.28:443

Domains

• afccoservices.com
• galaxyengineers.net
• lesindispensables01.fr
• psinformatica.inf.br
• rivashaa.com
• ultimateservices.org
• uniconnectcentre.com

URLs

• https://afccoservices.com/imlo/index.php?euntetr=5
• https://galaxyengineers.net/am/index.php?te=9
• https://lesindispensables01.fr/atta/index.php?iuqa=5
• https://psinformatica.inf.br/uvp/index.php?qiu=2
• https://rivashaa.com/rod/index.php?cduniint=8
• https://ultimateservices.org/uiqe/index.php?eds=5
• https://uniconnectcentre.com/ed/index.php?sti=2

Emails

• a.attas@ajt-electric.com
• aerdnvvtvor@hondamobilbdg.com
• aktuar@sportverein-rehetobel.ch
• awid.zetljieunli@achtaritv.com
• daaij53@niramayahomoeoclinic.com
• dovie26@maldivemusic.com
• mika.tikkamaki@anvianet.fi
• nnlboa@beiesa.com
• pcgaaz@creativeisolutions.com
• xwest@ashtonwellsbrand.com

MD5

• 2adc8bf66db7bff6be91e385f337fc75
• 2ef11c9517fb087f05de67a80ec2e43e
• 3cde3a79472e1f94d723b564dfa47b0e
• 43a8972dde8f5671be04e6bc18d9b897
• 51245ecb752d5a97d5e1f94f1de8e298
• 51358e663185ccd494a4d91cb151e7be
• 5658eb25ed75f458fa0678814f2871f6
• 5ade6344d47bc6938ee07d64a27843e4
• 5cb487bb63a7a71e245c9a10e834d8b6
• 6b9cea3f9a613626db09ac19d4ca85f4
• 71dbea29516aab505d2e9c65c923a9e4
• 882d04119103e7bc817aa9113e4abd22
• 910ddbf2e1576c25a529a3eff6d35676
• 94c271aa41c9ef12558a44f11f7ca163
• 990e97fe9fa3f6aea2a9b5bcf678d8de
• 9b1e2fc34826bb9cf2cbdff26ad2d06d
• 9c15324b01defb855b297941dff50a9b
• a03fa29a66f49d6bcd0de74ba7ad0cb1
• a1e1638a19adf7120af3bbbda348d49a
• c76ad74c1971686ffc07bde86b389993
• cbb92ddf4f2756292db84d3ba1810313
• d068f9bf2ffe2a98b4d248fc70db8daa
• d156671f365de38082dfdd89580dee5d
• e20facbe270c78f4ee1db08ff392aa4d
• e72eaf4c052b57413d1bc89ace2c2e7f
• eb91f1056bfab96f30c5afee7fc77c8e
• fe2307d0b8ae3e784efb735dbd68891b