Qakbot Trojan IOCs - Part 22

remote access Trojan IOC

Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.

Indicators of Compromise

IPv4 Port Combinations

  • 102.156.154.112:443
  • 102.156.174.28:443
  • 102.158.206.194:443
  • 102.158.37.226:443
  • 103.141.50.151:995
  • 103.144.201.53:2078
  • 103.212.19.254:995
  • 103.252.7.228:443
  • 103.42.86.246:995
  • 105.186.138.165:995
  • 107.146.12.26:2222
  • 108.2.111.66:995
  • 109.159.119.95:2222
  • 112.141.184.246:995
  • 113.188.252.28:443
  • 114.143.176.234:443
  • 114.79.144.210:443
  • 116.72.250.18:443
  • 116.75.63.184:443
  • 119.82.122.226:443
  • 12.172.173.82:20
  • 12.172.173.82:2087
  • 12.172.173.82:32101
  • 12.172.173.82:465
  • 12.172.173.82:50001
  • 12.172.173.82:990
  • 12.172.173.82:995
  • 121.121.100.207:995
  • 123.3.240.16:995
  • 125.20.112.94:443
  • 130.43.172.217:2222
  • 136.232.184.134:995
  • 136.244.25.165:443
  • 143.159.167.231:2222
  • 150.107.231.59:2222
  • 151.65.168.222:443
  • 156.217.208.137:995
  • 156.217.247.173:995
  • 161.142.104.187:995
  • 162.248.14.107:443
  • 171.97.42.67:443
  • 172.248.42.122:443
  • 172.90.139.138:2222
  • 173.178.151.233:443
  • 173.18.126.3:443
  • 173.76.49.61:443
  • 174.104.184.149:443
  • 175.139.129.94:2222
  • 176.142.207.63:443
  • 176.202.38.188:443
  • 181.118.183.2:443
  • 181.118.206.65:995
  • 183.87.163.165:443
  • 184.153.132.82:443
  • 184.155.91.69:443
  • 190.199.188.186:2222
  • 197.148.17.17:2078
  • 197.204.184.160:443
  • 198.2.51.242:993
  • 2.98.146.106:995
  • 200.109.207.186:2222
  • 201.244.108.183:995
  • 202.142.98.62:443
  • 202.142.98.62:995
  • 206.188.201.143:2222
  • 213.31.90.183:2222
  • 213.67.255.57:2222
  • 217.128.200.114:2222
  • 217.128.91.196:2222
  • 24.228.132.224:2222
  • 24.64.112.40:2222
  • 24.64.112.40:3389
  • 24.71.120.191:443
  • 24.9.220.167:443
  • 27.0.48.205:443
  • 27.0.48.233:443
  • 27.109.19.90:2078
  • 31.120.202.209:443
  • 31.167.254.199:995
  • 31.53.29.161:2222
  • 47.196.203.73:443
  • 47.21.51.138:995
  • 47.34.30.133:443
  • 47.61.70.188:2078
  • 49.175.72.56:443
  • 5.163.163.51:995
  • 50.60.157.175:995
  • 50.68.186.195:443
  • 50.68.204.71:443
  • 50.68.204.71:993
  • 50.68.204.71:995
  • 58.186.75.42:443
  • 58.247.115.126:995
  • 60.254.51.168:443
  • 62.35.67.88:443
  • 65.95.85.172:2222
  • 67.10.175.47:2222
  • 68.150.18.161:443
  • 69.119.123.159:2222
  • 69.133.162.35:443
  • 69.159.158.183:2222
  • 70.66.199.12:443
  • 70.77.116.233:443
  • 71.112.212.166:443
  • 71.31.101.183:443
  • 71.46.234.171:443
  • 72.80.7.6:995
  • 73.161.176.218:443
  • 73.165.119.20:443
  • 73.22.121.210:443
  • 73.36.196.11:443
  • 74.33.196.114:443
  • 74.92.243.113:50000
  • 75.143.236.149:443
  • 75.98.154.19:443
  • 76.170.252.153:995
  • 76.80.180.154:995
  • 76.93.147.187:443
  • 78.193.176.97:443
  • 79.9.64.37:995
  • 81.151.102.224:443
  • 81.229.117.95:2222
  • 82.121.195.187:2222
  • 82.15.58.109:2222
  • 82.36.36.76:443
  • 84.108.200.161:443
  • 84.215.202.22:443
  • 84.219.213.130:6881
  • 84.35.26.14:995
  • 85.241.180.94:443
  • 85.59.61.52:2222
  • 85.7.61.22:2222
  • 86.130.9.182:2222
  • 86.151.21.134:2222
  • 86.194.156.14:2222
  • 86.195.14.72:2222
  • 86.196.12.21:2222
  • 86.207.227.152:2222
  • 86.225.214.138:2222
  • 86.250.12.217:2222
  • 86.96.72.139:2222
  • 87.10.205.117:443
  • 87.202.101.164:50000
  • 87.221.197.113:2222
  • 87.223.87.126:443
  • 87.243.146.59:443
  • 87.56.238.53:443
  • 88.126.94.4:50000
  • 88.169.33.180:2222
  • 89.115.196.99:443
  • 89.129.109.27:2222
  • 89.79.229.50:443
  • 90.104.22.28:2222
  • 90.162.45.154:2222
  • 91.165.188.74:50000
  • 91.169.12.198:32100
  • 91.231.173.199:995
  • 91.254.132.23:443
  • 91.68.227.219:443
  • 91.82.5.101:443
  • 92.136.182.108:2222
  • 92.154.17.149:2222
  • 92.154.45.81:2222
  • 92.186.69.229:2222
  • 92.207.132.174:2222
  • 92.27.86.48:2222
  • 92.8.190.175:2222
  • 93.147.235.8:443
  • 93.156.100.20:443
  • 93.238.63.3:995
  • 93.24.192.142:20
  • 95.94.41.77:2222
  • 98.145.23.67:443
  • 98.175.176.254:995

Domains

  • barm.ml
  • brikscorp.com
  • cellnetmw.com
  • charlotteblackfilmfestival.com
  • curve.best
  • desimart.ae
  • ebenezersecurelinks.com
  • ezintern.com
  • fcs-courier.com
  • glynebbwtravel.co.uk
  • gojireekitchen.in
  • isc901.com
  • jangidmotors.com
  • jkanordic.com
  • klearpressltd.com
  • kngshop.ci
  • maestrosantamaria.com
  • mbfashioninternationalltd.com
  • membrane.ae
  • milestonedestinations.com
  • moxii.com
  • mycallsystem.com
  • nmconcepts.com
  • nstechdemo.com
  • omshreejyotishyam.com
  • plasticsurgerydubaiuae.com
  • renaissance-chauffage-climatisation.com
  • selectsecurityservice.com
  • smartvizx.com
  • tangramgulf.com
  • tob-it.net
  • traholic.com
  • unitedmedicalspecialties.com
  • witchygypsy.com
  • zadehgallery.com

URLs

  • http://139.99.117.17/38673.dat
  • http://141.164.35.94/11690.dat
  • http://185.104.195.95/66538.dat
  • http://49.50.84.121/50007.dat
  • http://77.75.230.128/47787.dat
  • http://91.234.254.213/66198.dat
  • http://95.179.215.225/86355.dat
  • http://barm.ml/TOL.php?EDS=9
  • http://mycallsystem.com/VLI.php?e=W16.zip
  • http://mycallsystem.com/VLI.php?RLOBUAM=9
  • https://barm.ml/TOL.php?e=W16.zip
  • https://brikscorp.com/TTI.php?e=W16.zip
  • https://brikscorp.com/TTI.php?UOQ=3
  • https://cellnetmw.com/UUU.php?e=W16.zip
  • https://cellnetmw.com/UUU.php?OIOTP=1
  • https://charlotteblackfilmfestival.com/9r3wd/OI.png
  • https://codezian.com/Nt57/300123.gif
  • https://curve.best/AUDB.php?e=W16.zip
  • https://curve.best/AUDB.php?UME=5
  • https://desimart.ae/EE.php?e=W16.zip
  • https://desimart.ae/EE.php?RIDHEREENERTP=3
  • https://ebenezersecurelinks.com/oia5N/OI.png
  • https://ezintern.com/QdQjTTR/OI.png
  • https://fcs-courier.com/ntDAqGR/OI.png
  • https://glynebbwtravel.co.uk/EMQE.php?e=e18.zip
  • https://glynebbwtravel.co.uk/EMQE.php?MREUR=5
  • https://gojireekitchen.in/MSA.php?e=e18.zip
  • https://gojireekitchen.in/MSA.php?UIQ=2
  • https://isc901.com/IDN.php?DNSTEEUR=1
  • https://isc901.com/IDN.php?e=COR1.zip
  • https://jangidmotors.com/IU.php?BA=8
  • https://jkanordic.com/SME.php?AQEUE=10
  • https://jkanordic.com/SME.php?e=COR1.zip
  • https://klearpressltd.com/I2V7p/u.gif
  • https://kngshop.ci/AFA.php?e=W16.zip
  • https://kngshop.ci/AFA.php?ISNI=4
  • https://maestrosantamaria.com/SOT.php?BETRSUPMOI=4
  • https://maestrosantamaria.com/SOT.php?e=COR1.zip
  • https://mbfashioninternationalltd.com/OLRO.php?MUAER=8
  • https://membrane.ae/TIS.php?e=e18.zip
  • https://membrane.ae/TIS.php?SET=7
  • https://milestonedestinations.com/NTE.php?e=COR1.zip
  • https://milestonedestinations.com/NTE.php?ICEPEXUTR=9
  • https://moxii.com/PA.php?e=e18.zip
  • https://moxii.com/PA.php?OTDI=5
  • https://nmconcepts.com/EPI.php?e=COR1.zip
  • https://nmconcepts.com/EPI.php?MMNIIA=6
  • https://nstechdemo.com/RU.php?e=COR1.zip
  • https://nstechdemo.com/RU.php?TINS=5
  • https://omshreejyotishyam.com/PTTO.php?NSMOI=7
  • https://plasticsurgerydubaiuae.com/43wxl/OI.png
  • https://renaissance-chauffage-climatisation.com/RA.php?e=COR1.zip
  • https://renaissance-chauffage-climatisation.com/RA.php?EMTULAVTPO=6
  • https://selectsecurityservice.com/TI.php?ETAMU=3
  • https://smartvizx.com/UE.php?e=e18.zip
  • https://smartvizx.com/UE.php?TIOD=8
  • https://tangramgulf.com/RL.php?e=W16.zip
  • https://tangramgulf.com/RL.php?SSCUAMUCA=3
  • https://tob-it.net/IMT.php?CFIIFOA=10
  • https://tob-it.net/IMT.php?e=e18.zip
  • https://traholic.com/UI.php?e=pdf9.zip
  • https://traholic.com/UI.php?EBETAA=10
  • https://unitedmedicalspecialties.com/T1Gpp/OI.png
  • https://witchygypsy.com/IS.php?IANMMI=8
  • https://www.instructables.com/How-to-Make-a-message-box-using-VBScript/
  • https://zadehgallery.com/b842h1c/u.gif

Emails

  • aadmbko.eyal@tenisarenabydgoszcz.pl
  • aaloiglid.nlreln@kobianscientific.com
  • ai8s8i@topcargoservices.com
  • areor.sjed@advocaciabadu.com
  • arolfson@gurpreetchattha.com
  • azboncak@kawatmurah.com
  • bihr.aliediml@kamprdc.com
  • dlittle@impactnetwork.pk
  • dnlaia@kbwearoutfits.com
  • dsipes@akufiyatiizmir.com
  • el15anro@thebernscompany.com
  • email@instanttekwp.com
  • eusrek.clhhih@insynquecapital.com
  • eyh8lar@onlineworker.pk
  • fsnyder@respect-shoes.ru
  • g69uy@asequipos.com
  • iel1nrg4@pexbrick.com
  • ivsmth@arthawirawan.com
  • jcollier@rumiplastics.in
  • john37@easycoachingcenter.com
  • kwarden@shorelineskin.com
  • l.niaibas@sevaathome.com
  • n.lorlannfoees@envoyvirtual.com
  • ortiz.chadd@timeshareexitcost.com
  • re10etshe@iddcsolo.com
  • rohaya@slwholdings.com.my
  • rsvn@ashleeheights.com
  • sprohaska@forexremit.com
  • vrlhgeca@exxonwood.com
  • wquigley@aclgreens.com
  • yoaneelrdnimj.sr@smglobaledu.com
  • zlicnewh.sthu@sajedacargo.com

MD5

  • 00b76334f97c2e5f900249609e202864
  • 034a68e3fa00ab46a938fb00a4bd5611
  • 06fef0ad73441d71d1e29047a9343ac5
  • 0b3ec91b2828954027a3ce134aa69aa1
  • 0b7cdb46f9995c1f3e9dfed92640fb27
  • 0eac12a3255a9dd5c9bd6ddb09a71e25
  • 0ec94010fbcd82eb53c4ea22c8577208
  • 1223d6fdc21f6bf32f6aa76950f7a5da
  • 1552690ae5127cb2f8cc71da0189b088
  • 1755550e201e670676852f51454efe89
  • 1776970112d3f1bc890f833da6d48abd
  • 181fe3263e9b6adfa3508b3e7386b0f9
  • 19567c95f0795035bfffd44e87c6e4a7
  • 1de7fa16ad96bd377e7f8e54c6917259
  • 1ebfd9b978abc68a03188db3935fba7a
  • 233be4c6eeb49fd653d5e29c2ae2e8f9
  • 271ddd33adc571d04327082683372c74
  • 2b6811dbedcbaf2b2ab28b3f77761c9f
  • 3148bfb8a8776b30e73371dc24f32161
  • 32438f7e1ad018969cca1d09515fbe91
  • 3458024c259140af23839ba5812ec198
  • 34b626bf682f838d70c33ca61da49868
  • 356d18abc5520bb0a288d8c4d38c969b
  • 36f29402a06a2f736bcf5acd5eab8667
  • 394fa5088a0c22e347b62aeacd6e7907
  • 397c816eb01380e85ea658d71fe8c654
  • 3ff07f3398bd67ac314258ddd104bc85
  • 438e9ee076ad3af4cf8d55ad79b92d4e
  • 51ed605d8c0f5448b133a3261d08096a
  • 53c9bf52c4dd7c7b70b29b908303a0a0
  • 58bec5a5c1521e8cfb7c088fc382993b
  • 62eb9c27b3f8165b7f968bb14694fc41
  • 63217197ee535c9e8e2cdc4162762b55
  • 63ea6e3e0b8840491cd01d889888ea4d
  • 6aebb70d10d9aa721de1a5b99a02c674
  • 6b15c7309be67e03f32011be4346250f
  • 6e8af7fe378f05ab6e246dbc56e4b15f
  • 7b26b236ded21d3b2b079ba82eb887c7
  • 7f90faab63779f1b7d49018a06d34d1a
  • 7fadff181d88ce6c52153d1fea90f8e4
  • 80312af9be83832a64cf5b2fe119ac48
  • 80894eb458c23d1213c68fe8f79d67c5
  • 80b0bad10bf3a15324f157228504ac51
  • 81da9c351134a4e2d989d27bcae894b1
  • 88645e673b3b80fb28303459fb7804c6
  • 8bc928cbe995e68c6f0349133cd4951b
  • 8c84d70f6a4e2d07384bb4d4054fb983
  • 8e8d32ae79db926cdbceb2119571fe27
  • 8f930539859c1e5ce75b093ec1aad697
  • 9440c0682e11ecf8b544372fe6b3e541
  • 9537ddf7db2b6afb80719a4805f13fcd
  • 997b9dd6dec75043396e090bb20cd066
  • 999f069efec4f7a4a90f62b39e7bf072
  • 9a7bfd55f507cbec55df75e1bffc6078
  • a00ccb2a6a46ef8ad50b2911c05d0298
  • a3f256feca49d13d94d0e1eefd66fa71
  • a4177637b02d7162be9588e059dc45ed
  • a535abfe54707654c81828a096cc7884
  • a77eed8b23de7318a5cd48ae41e1b029
  • aa90001339ba85027b5b22f38db2f16d
  • abedfbfb65793977356d00a8462d6baf
  • af16bb18e365677bc9af0544a9462f8e
  • afed28a3586d42bca3a4623c033bf8f3
  • b0fb74a44183d5ff0a1bafcbc60083d0
  • b3197c7357fc1aac2cc1c0eb582c7f54
  • b5bc328d0a2e9039ffe97785848d4971
  • ba666b9656f214705bb8a90f506d2e2c
  • beb9ca95d319e8517c83bab4a2eb31e5
  • c343be8f557f5d9637153d92cfadef99
  • c544b1ebbaa8ee835739b27553ed74dd
  • cab7550d3a32675927ca3736fca8b642
  • cd960256089ab1e5bf6df8ff97a75c86
  • cf1c07882d606fe6e2a9e71954e6227a
  • d0ddae62297c476bf6e0237d18ae4537
  • d3f1a16b9cd4cf612c45e1de52d650cf
  • d89448b9e4eb6ac9b4c1c893bfc458f2
  • dcc935a770f8d854d0e0c0eb72196172
  • df4e2417b424a4899bd7058dd3655c53
  • e0d2bf9727437dc92460b42379a5b213
  • e1ade3ab9e73cfe36122b9828e368892
  • e2a7b614d0bf3b2b85e994cf4ad72d93
  • e2a7cedd7eb4c3d8f77e0e7044f83700
  • e364f5b87103a64cdf81dd6b5534f589
  • e4e453f49b30adb744571eabe1aba89f
  • e5c8ddd9ed00c96baf997f97848e8cc1
  • e9e32eb12668fd041e7c8d2ec08066f6
  • fc76bc5b63950ed3e1eb8635b4c9115e
  • fd801933869e3e1d3a5e951ff5a8b200
SEC-1275-1
Добавить комментарий