Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.
Indicators of Compromise
IPv4 Port Combinations
- 102.156.154.112:443
- 102.156.174.28:443
- 102.158.206.194:443
- 102.158.37.226:443
- 103.141.50.151:995
- 103.144.201.53:2078
- 103.212.19.254:995
- 103.252.7.228:443
- 103.42.86.246:995
- 105.186.138.165:995
- 107.146.12.26:2222
- 108.2.111.66:995
- 109.159.119.95:2222
- 112.141.184.246:995
- 113.188.252.28:443
- 114.143.176.234:443
- 114.79.144.210:443
- 116.72.250.18:443
- 116.75.63.184:443
- 119.82.122.226:443
- 12.172.173.82:20
- 12.172.173.82:2087
- 12.172.173.82:32101
- 12.172.173.82:465
- 12.172.173.82:50001
- 12.172.173.82:990
- 12.172.173.82:995
- 121.121.100.207:995
- 123.3.240.16:995
- 125.20.112.94:443
- 130.43.172.217:2222
- 136.232.184.134:995
- 136.244.25.165:443
- 143.159.167.231:2222
- 150.107.231.59:2222
- 151.65.168.222:443
- 156.217.208.137:995
- 156.217.247.173:995
- 161.142.104.187:995
- 162.248.14.107:443
- 171.97.42.67:443
- 172.248.42.122:443
- 172.90.139.138:2222
- 173.178.151.233:443
- 173.18.126.3:443
- 173.76.49.61:443
- 174.104.184.149:443
- 175.139.129.94:2222
- 176.142.207.63:443
- 176.202.38.188:443
- 181.118.183.2:443
- 181.118.206.65:995
- 183.87.163.165:443
- 184.153.132.82:443
- 184.155.91.69:443
- 190.199.188.186:2222
- 197.148.17.17:2078
- 197.204.184.160:443
- 198.2.51.242:993
- 2.98.146.106:995
- 200.109.207.186:2222
- 201.244.108.183:995
- 202.142.98.62:443
- 202.142.98.62:995
- 206.188.201.143:2222
- 213.31.90.183:2222
- 213.67.255.57:2222
- 217.128.200.114:2222
- 217.128.91.196:2222
- 24.228.132.224:2222
- 24.64.112.40:2222
- 24.64.112.40:3389
- 24.71.120.191:443
- 24.9.220.167:443
- 27.0.48.205:443
- 27.0.48.233:443
- 27.109.19.90:2078
- 31.120.202.209:443
- 31.167.254.199:995
- 31.53.29.161:2222
- 47.196.203.73:443
- 47.21.51.138:995
- 47.34.30.133:443
- 47.61.70.188:2078
- 49.175.72.56:443
- 5.163.163.51:995
- 50.60.157.175:995
- 50.68.186.195:443
- 50.68.204.71:443
- 50.68.204.71:993
- 50.68.204.71:995
- 58.186.75.42:443
- 58.247.115.126:995
- 60.254.51.168:443
- 62.35.67.88:443
- 65.95.85.172:2222
- 67.10.175.47:2222
- 68.150.18.161:443
- 69.119.123.159:2222
- 69.133.162.35:443
- 69.159.158.183:2222
- 70.66.199.12:443
- 70.77.116.233:443
- 71.112.212.166:443
- 71.31.101.183:443
- 71.46.234.171:443
- 72.80.7.6:995
- 73.161.176.218:443
- 73.165.119.20:443
- 73.22.121.210:443
- 73.36.196.11:443
- 74.33.196.114:443
- 74.92.243.113:50000
- 75.143.236.149:443
- 75.98.154.19:443
- 76.170.252.153:995
- 76.80.180.154:995
- 76.93.147.187:443
- 78.193.176.97:443
- 79.9.64.37:995
- 81.151.102.224:443
- 81.229.117.95:2222
- 82.121.195.187:2222
- 82.15.58.109:2222
- 82.36.36.76:443
- 84.108.200.161:443
- 84.215.202.22:443
- 84.219.213.130:6881
- 84.35.26.14:995
- 85.241.180.94:443
- 85.59.61.52:2222
- 85.7.61.22:2222
- 86.130.9.182:2222
- 86.151.21.134:2222
- 86.194.156.14:2222
- 86.195.14.72:2222
- 86.196.12.21:2222
- 86.207.227.152:2222
- 86.225.214.138:2222
- 86.250.12.217:2222
- 86.96.72.139:2222
- 87.10.205.117:443
- 87.202.101.164:50000
- 87.221.197.113:2222
- 87.223.87.126:443
- 87.243.146.59:443
- 87.56.238.53:443
- 88.126.94.4:50000
- 88.169.33.180:2222
- 89.115.196.99:443
- 89.129.109.27:2222
- 89.79.229.50:443
- 90.104.22.28:2222
- 90.162.45.154:2222
- 91.165.188.74:50000
- 91.169.12.198:32100
- 91.231.173.199:995
- 91.254.132.23:443
- 91.68.227.219:443
- 91.82.5.101:443
- 92.136.182.108:2222
- 92.154.17.149:2222
- 92.154.45.81:2222
- 92.186.69.229:2222
- 92.207.132.174:2222
- 92.27.86.48:2222
- 92.8.190.175:2222
- 93.147.235.8:443
- 93.156.100.20:443
- 93.238.63.3:995
- 93.24.192.142:20
- 95.94.41.77:2222
- 98.145.23.67:443
- 98.175.176.254:995
Domains
- barm.ml
- brikscorp.com
- cellnetmw.com
- charlotteblackfilmfestival.com
- curve.best
- desimart.ae
- ebenezersecurelinks.com
- ezintern.com
- fcs-courier.com
- glynebbwtravel.co.uk
- gojireekitchen.in
- isc901.com
- jangidmotors.com
- jkanordic.com
- klearpressltd.com
- kngshop.ci
- maestrosantamaria.com
- mbfashioninternationalltd.com
- membrane.ae
- milestonedestinations.com
- moxii.com
- mycallsystem.com
- nmconcepts.com
- nstechdemo.com
- omshreejyotishyam.com
- plasticsurgerydubaiuae.com
- renaissance-chauffage-climatisation.com
- selectsecurityservice.com
- smartvizx.com
- tangramgulf.com
- tob-it.net
- traholic.com
- unitedmedicalspecialties.com
- witchygypsy.com
- zadehgallery.com
URLs
- http://139.99.117.17/38673.dat
- http://141.164.35.94/11690.dat
- http://185.104.195.95/66538.dat
- http://49.50.84.121/50007.dat
- http://77.75.230.128/47787.dat
- http://91.234.254.213/66198.dat
- http://95.179.215.225/86355.dat
- http://barm.ml/TOL.php?EDS=9
- http://mycallsystem.com/VLI.php?e=W16.zip
- http://mycallsystem.com/VLI.php?RLOBUAM=9
- https://barm.ml/TOL.php?e=W16.zip
- https://brikscorp.com/TTI.php?e=W16.zip
- https://brikscorp.com/TTI.php?UOQ=3
- https://cellnetmw.com/UUU.php?e=W16.zip
- https://cellnetmw.com/UUU.php?OIOTP=1
- https://charlotteblackfilmfestival.com/9r3wd/OI.png
- https://codezian.com/Nt57/300123.gif
- https://curve.best/AUDB.php?e=W16.zip
- https://curve.best/AUDB.php?UME=5
- https://desimart.ae/EE.php?e=W16.zip
- https://desimart.ae/EE.php?RIDHEREENERTP=3
- https://ebenezersecurelinks.com/oia5N/OI.png
- https://ezintern.com/QdQjTTR/OI.png
- https://fcs-courier.com/ntDAqGR/OI.png
- https://glynebbwtravel.co.uk/EMQE.php?e=e18.zip
- https://glynebbwtravel.co.uk/EMQE.php?MREUR=5
- https://gojireekitchen.in/MSA.php?e=e18.zip
- https://gojireekitchen.in/MSA.php?UIQ=2
- https://isc901.com/IDN.php?DNSTEEUR=1
- https://isc901.com/IDN.php?e=COR1.zip
- https://jangidmotors.com/IU.php?BA=8
- https://jkanordic.com/SME.php?AQEUE=10
- https://jkanordic.com/SME.php?e=COR1.zip
- https://klearpressltd.com/I2V7p/u.gif
- https://kngshop.ci/AFA.php?e=W16.zip
- https://kngshop.ci/AFA.php?ISNI=4
- https://maestrosantamaria.com/SOT.php?BETRSUPMOI=4
- https://maestrosantamaria.com/SOT.php?e=COR1.zip
- https://mbfashioninternationalltd.com/OLRO.php?MUAER=8
- https://membrane.ae/TIS.php?e=e18.zip
- https://membrane.ae/TIS.php?SET=7
- https://milestonedestinations.com/NTE.php?e=COR1.zip
- https://milestonedestinations.com/NTE.php?ICEPEXUTR=9
- https://moxii.com/PA.php?e=e18.zip
- https://moxii.com/PA.php?OTDI=5
- https://nmconcepts.com/EPI.php?e=COR1.zip
- https://nmconcepts.com/EPI.php?MMNIIA=6
- https://nstechdemo.com/RU.php?e=COR1.zip
- https://nstechdemo.com/RU.php?TINS=5
- https://omshreejyotishyam.com/PTTO.php?NSMOI=7
- https://plasticsurgerydubaiuae.com/43wxl/OI.png
- https://renaissance-chauffage-climatisation.com/RA.php?e=COR1.zip
- https://renaissance-chauffage-climatisation.com/RA.php?EMTULAVTPO=6
- https://selectsecurityservice.com/TI.php?ETAMU=3
- https://smartvizx.com/UE.php?e=e18.zip
- https://smartvizx.com/UE.php?TIOD=8
- https://tangramgulf.com/RL.php?e=W16.zip
- https://tangramgulf.com/RL.php?SSCUAMUCA=3
- https://tob-it.net/IMT.php?CFIIFOA=10
- https://tob-it.net/IMT.php?e=e18.zip
- https://traholic.com/UI.php?e=pdf9.zip
- https://traholic.com/UI.php?EBETAA=10
- https://unitedmedicalspecialties.com/T1Gpp/OI.png
- https://witchygypsy.com/IS.php?IANMMI=8
- https://www.instructables.com/How-to-Make-a-message-box-using-VBScript/
- https://zadehgallery.com/b842h1c/u.gif
Emails
- aadmbko.eyal@tenisarenabydgoszcz.pl
- aaloiglid.nlreln@kobianscientific.com
- ai8s8i@topcargoservices.com
- areor.sjed@advocaciabadu.com
- arolfson@gurpreetchattha.com
- azboncak@kawatmurah.com
- bihr.aliediml@kamprdc.com
- dlittle@impactnetwork.pk
- dnlaia@kbwearoutfits.com
- dsipes@akufiyatiizmir.com
- el15anro@thebernscompany.com
- email@instanttekwp.com
- eusrek.clhhih@insynquecapital.com
- eyh8lar@onlineworker.pk
- fsnyder@respect-shoes.ru
- g69uy@asequipos.com
- iel1nrg4@pexbrick.com
- ivsmth@arthawirawan.com
- jcollier@rumiplastics.in
- john37@easycoachingcenter.com
- kwarden@shorelineskin.com
- l.niaibas@sevaathome.com
- n.lorlannfoees@envoyvirtual.com
- ortiz.chadd@timeshareexitcost.com
- re10etshe@iddcsolo.com
- rohaya@slwholdings.com.my
- rsvn@ashleeheights.com
- sprohaska@forexremit.com
- vrlhgeca@exxonwood.com
- wquigley@aclgreens.com
- yoaneelrdnimj.sr@smglobaledu.com
- zlicnewh.sthu@sajedacargo.com
MD5
- 00b76334f97c2e5f900249609e202864
- 034a68e3fa00ab46a938fb00a4bd5611
- 06fef0ad73441d71d1e29047a9343ac5
- 0b3ec91b2828954027a3ce134aa69aa1
- 0b7cdb46f9995c1f3e9dfed92640fb27
- 0eac12a3255a9dd5c9bd6ddb09a71e25
- 0ec94010fbcd82eb53c4ea22c8577208
- 1223d6fdc21f6bf32f6aa76950f7a5da
- 1552690ae5127cb2f8cc71da0189b088
- 1755550e201e670676852f51454efe89
- 1776970112d3f1bc890f833da6d48abd
- 181fe3263e9b6adfa3508b3e7386b0f9
- 19567c95f0795035bfffd44e87c6e4a7
- 1de7fa16ad96bd377e7f8e54c6917259
- 1ebfd9b978abc68a03188db3935fba7a
- 233be4c6eeb49fd653d5e29c2ae2e8f9
- 271ddd33adc571d04327082683372c74
- 2b6811dbedcbaf2b2ab28b3f77761c9f
- 3148bfb8a8776b30e73371dc24f32161
- 32438f7e1ad018969cca1d09515fbe91
- 3458024c259140af23839ba5812ec198
- 34b626bf682f838d70c33ca61da49868
- 356d18abc5520bb0a288d8c4d38c969b
- 36f29402a06a2f736bcf5acd5eab8667
- 394fa5088a0c22e347b62aeacd6e7907
- 397c816eb01380e85ea658d71fe8c654
- 3ff07f3398bd67ac314258ddd104bc85
- 438e9ee076ad3af4cf8d55ad79b92d4e
- 51ed605d8c0f5448b133a3261d08096a
- 53c9bf52c4dd7c7b70b29b908303a0a0
- 58bec5a5c1521e8cfb7c088fc382993b
- 62eb9c27b3f8165b7f968bb14694fc41
- 63217197ee535c9e8e2cdc4162762b55
- 63ea6e3e0b8840491cd01d889888ea4d
- 6aebb70d10d9aa721de1a5b99a02c674
- 6b15c7309be67e03f32011be4346250f
- 6e8af7fe378f05ab6e246dbc56e4b15f
- 7b26b236ded21d3b2b079ba82eb887c7
- 7f90faab63779f1b7d49018a06d34d1a
- 7fadff181d88ce6c52153d1fea90f8e4
- 80312af9be83832a64cf5b2fe119ac48
- 80894eb458c23d1213c68fe8f79d67c5
- 80b0bad10bf3a15324f157228504ac51
- 81da9c351134a4e2d989d27bcae894b1
- 88645e673b3b80fb28303459fb7804c6
- 8bc928cbe995e68c6f0349133cd4951b
- 8c84d70f6a4e2d07384bb4d4054fb983
- 8e8d32ae79db926cdbceb2119571fe27
- 8f930539859c1e5ce75b093ec1aad697
- 9440c0682e11ecf8b544372fe6b3e541
- 9537ddf7db2b6afb80719a4805f13fcd
- 997b9dd6dec75043396e090bb20cd066
- 999f069efec4f7a4a90f62b39e7bf072
- 9a7bfd55f507cbec55df75e1bffc6078
- a00ccb2a6a46ef8ad50b2911c05d0298
- a3f256feca49d13d94d0e1eefd66fa71
- a4177637b02d7162be9588e059dc45ed
- a535abfe54707654c81828a096cc7884
- a77eed8b23de7318a5cd48ae41e1b029
- aa90001339ba85027b5b22f38db2f16d
- abedfbfb65793977356d00a8462d6baf
- af16bb18e365677bc9af0544a9462f8e
- afed28a3586d42bca3a4623c033bf8f3
- b0fb74a44183d5ff0a1bafcbc60083d0
- b3197c7357fc1aac2cc1c0eb582c7f54
- b5bc328d0a2e9039ffe97785848d4971
- ba666b9656f214705bb8a90f506d2e2c
- beb9ca95d319e8517c83bab4a2eb31e5
- c343be8f557f5d9637153d92cfadef99
- c544b1ebbaa8ee835739b27553ed74dd
- cab7550d3a32675927ca3736fca8b642
- cd960256089ab1e5bf6df8ff97a75c86
- cf1c07882d606fe6e2a9e71954e6227a
- d0ddae62297c476bf6e0237d18ae4537
- d3f1a16b9cd4cf612c45e1de52d650cf
- d89448b9e4eb6ac9b4c1c893bfc458f2
- dcc935a770f8d854d0e0c0eb72196172
- df4e2417b424a4899bd7058dd3655c53
- e0d2bf9727437dc92460b42379a5b213
- e1ade3ab9e73cfe36122b9828e368892
- e2a7b614d0bf3b2b85e994cf4ad72d93
- e2a7cedd7eb4c3d8f77e0e7044f83700
- e364f5b87103a64cdf81dd6b5534f589
- e4e453f49b30adb744571eabe1aba89f
- e5c8ddd9ed00c96baf997f97848e8cc1
- e9e32eb12668fd041e7c8d2ec08066f6
- fc76bc5b63950ed3e1eb8635b4c9115e
- fd801933869e3e1d3a5e951ff5a8b200