Qakbot Trojan IOCs - Part 18

remote access Trojan IOC

Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.

Indicators of Compromise

IPv4 Port Combinations

  • 100.6.8.7:443
  • 103.144.201.62:2078
  • 103.71.21.107:443
  • 108.162.6.34:443
  • 108.6.249.139:443
  • 109.11.175.42:2222
  • 116.74.163.218:443
  • 12.172.173.82:21
  • 12.172.173.82:22
  • 12.172.173.82:465
  • 12.172.173.82:50001
  • 12.172.173.82:990
  • 12.172.173.82:993
  • 12.172.173.82:995
  • 121.121.100.148:995
  • 121.122.99.223:995
  • 123.3.240.16:995
  • 124.122.55.68:443
  • 124.122.55.7:443
  • 136.232.184.134:995
  • 137.186.193.226:3389
  • 139.5.239.14:443
  • 142.161.27.232:2222
  • 149.126.159.106:443
  • 150.107.231.59:2222
  • 151.65.67.211:443
  • 156.220.229.249:993
  • 162.248.14.107:443
  • 172.117.139.142:995
  • 172.248.42.122:443
  • 172.90.139.138:2222
  • 173.18.126.3:443
  • 173.239.94.212:443
  • 174.104.184.149:443
  • 174.58.146.57:443
  • 174.77.209.5:443
  • 176.142.207.63:443
  • 176.151.15.101:443
  • 176.177.136.35:443
  • 178.152.126.55:443
  • 181.118.183.44:443
  • 181.118.183.50:443
  • 181.164.194.223:443
  • 182.75.189.42:995
  • 183.82.100.110:2222
  • 184.153.132.82:443
  • 184.176.154.83:995
  • 184.68.116.146:2078
  • 184.68.116.146:2222
  • 184.68.116.146:3389
  • 184.68.116.146:50010
  • 184.68.116.146:61202
  • 188.176.170.61:443
  • 188.48.116.37:995
  • 190.18.236.175:443
  • 190.199.169.127:993
  • 190.24.45.24:995
  • 190.29.228.61:443
  • 197.26.142.159:443
  • 197.94.219.133:443
  • 198.2.51.242:993
  • 199.83.165.233:443
  • 2.83.12.243:443
  • 2.99.47.198:2222
  • 201.208.139.250:2222
  • 213.191.164.70:443
  • 213.67.255.57:2222
  • 216.82.134.133:443
  • 23.242.141.218:2222
  • 24.142.218.202:443
  • 24.206.27.39:443
  • 24.228.132.224:2222
  • 24.71.120.191:443
  • 27.109.19.90:2078
  • 37.14.229.220:2222
  • 37.56.111.49:995
  • 41.98.21.114:443
  • 46.10.198.106:443
  • 47.149.137.40:443
  • 47.203.227.114:443
  • 47.34.30.133:443
  • 47.41.154.250:443
  • 49.175.72.56:443
  • 49.245.119.12:2222
  • 50.68.204.71:443
  • 50.68.204.71:993
  • 50.68.204.71:995
  • 60.234.194.12:2222
  • 61.69.198.59:443
  • 64.121.161.102:443
  • 64.237.214.193:443
  • 66.191.69.18:995
  • 69.119.123.159:2222
  • 69.133.162.35:443
  • 70.115.104.126:995
  • 70.120.228.205:443
  • 70.55.120.16:2222
  • 70.64.77.115:443
  • 70.66.199.12:443
  • 70.77.116.233:443
  • 71.247.10.63:995
  • 71.31.101.183:443
  • 72.200.109.104:443
  • 72.53.103.56:443
  • 72.80.7.6:995
  • 73.155.10.79:443
  • 73.161.176.218:443
  • 73.223.248.31:443
  • 73.230.28.7:443
  • 73.29.92.128:443
  • 73.36.196.11:443
  • 74.66.134.24:443
  • 74.83.128.70:2083
  • 75.143.236.149:443
  • 75.158.15.211:443
  • 75.98.154.19:443
  • 75.99.125.236:2222
  • 76.100.159.250:443
  • 76.11.14.249:443
  • 76.20.42.45:443
  • 76.80.180.154:995
  • 77.86.98.236:443
  • 78.101.91.215:2222
  • 78.213.14.206:443
  • 78.247.21.20:443
  • 78.69.251.252:2222
  • 78.92.133.215:443
  • 79.13.202.140:443
  • 79.77.142.22:2222
  • 80.0.74.165:443
  • 80.44.148.126:2222
  • 81.111.108.123:443
  • 81.131.210.167:443
  • 81.229.117.95:2222
  • 81.248.77.37:2222
  • 82.9.210.36:443
  • 83.114.60.6:2222
  • 83.213.201.104:993
  • 83.92.85.93:443
  • 84.113.121.103:443
  • 84.215.202.22:443
  • 84.35.26.14:995
  • 85.152.152.46:443
  • 85.61.165.153:2222
  • 86.130.9.250:2222
  • 86.159.48.25:2222
  • 86.169.19.140:2222
  • 86.176.83.127:2222
  • 86.225.214.138:2222
  • 86.96.75.237:2222
  • 86.98.23.199:443
  • 86.99.14.46:2222
  • 87.220.68.51:2222
  • 87.221.197.110:2222
  • 87.65.160.87:995
  • 88.126.94.4:50000
  • 89.129.109.27:2222
  • 90.104.22.28:2222
  • 90.66.229.185:2222
  • 90.89.95.158:2222
  • 91.165.188.74:50000
  • 91.169.12.198:32100
  • 91.68.227.219:443
  • 92.145.203.167:2222
  • 92.154.17.149:2222
  • 92.189.214.236:2222
  • 92.207.132.174:2222
  • 92.24.200.226:995
  • 92.8.190.211:2222
  • 94.105.123.53:443
  • 94.63.65.146:443
  • 94.71.209.47:2222
  • 98.145.23.67:443
  • 98.178.242.28:443

Domains

  • afccoservices.com
  • galaxyengineers.net
  • lesindispensables01.fr
  • psinformatica.inf.br
  • rivashaa.com
  • ultimateservices.org
  • uniconnectcentre.com

URLs

  • https://afccoservices.com/imlo/index.php?euntetr=5
  • https://galaxyengineers.net/am/index.php?te=9
  • https://lesindispensables01.fr/atta/index.php?iuqa=5
  • https://psinformatica.inf.br/uvp/index.php?qiu=2
  • https://rivashaa.com/rod/index.php?cduniint=8
  • https://ultimateservices.org/uiqe/index.php?eds=5
  • https://uniconnectcentre.com/ed/index.php?sti=2

Emails

  • a.attas@ajt-electric.com
  • aerdnvvtvor@hondamobilbdg.com
  • aktuar@sportverein-rehetobel.ch
  • awid.zetljieunli@achtaritv.com
  • daaij53@niramayahomoeoclinic.com
  • dovie26@maldivemusic.com
  • mika.tikkamaki@anvianet.fi
  • nnlboa@beiesa.com
  • pcgaaz@creativeisolutions.com
  • xwest@ashtonwellsbrand.com

MD5

  • 2adc8bf66db7bff6be91e385f337fc75
  • 2ef11c9517fb087f05de67a80ec2e43e
  • 3cde3a79472e1f94d723b564dfa47b0e
  • 43a8972dde8f5671be04e6bc18d9b897
  • 51245ecb752d5a97d5e1f94f1de8e298
  • 51358e663185ccd494a4d91cb151e7be
  • 5658eb25ed75f458fa0678814f2871f6
  • 5ade6344d47bc6938ee07d64a27843e4
  • 5cb487bb63a7a71e245c9a10e834d8b6
  • 6b9cea3f9a613626db09ac19d4ca85f4
  • 71dbea29516aab505d2e9c65c923a9e4
  • 882d04119103e7bc817aa9113e4abd22
  • 910ddbf2e1576c25a529a3eff6d35676
  • 94c271aa41c9ef12558a44f11f7ca163
  • 990e97fe9fa3f6aea2a9b5bcf678d8de
  • 9b1e2fc34826bb9cf2cbdff26ad2d06d
  • 9c15324b01defb855b297941dff50a9b
  • a03fa29a66f49d6bcd0de74ba7ad0cb1
  • a1e1638a19adf7120af3bbbda348d49a
  • c76ad74c1971686ffc07bde86b389993
  • cbb92ddf4f2756292db84d3ba1810313
  • d068f9bf2ffe2a98b4d248fc70db8daa
  • d156671f365de38082dfdd89580dee5d
  • e20facbe270c78f4ee1db08ff392aa4d
  • e72eaf4c052b57413d1bc89ace2c2e7f
  • eb91f1056bfab96f30c5afee7fc77c8e
  • fe2307d0b8ae3e784efb735dbd68891b
SEC-1275-1
Добавить комментарий