Qakbot Trojan IOCs - Part 27

remote access Trojan IOC

Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.

Indicators of Compromise

IPv4 Port Combinations

  • 102.158.52.4:443
  • 102.159.216.44:443
  • 103.111.70.115:995
  • 103.123.223.132:443
  • 103.140.174.19:2222
  • 103.231.216.238:443
  • 103.252.7.231:443
  • 103.42.86.110:995
  • 105.186.191.244:995
  • 109.11.175.42:2222
  • 109.146.46.4:50000
  • 109.49.47.10:80
  • 114.143.176.235:443
  • 116.75.63.7:443
  • 119.82.120.175:443
  • 12.172.173.82:20
  • 12.172.173.82:2087
  • 12.172.173.82:22
  • 12.172.173.82:32101
  • 12.172.173.82:465
  • 12.172.173.82:50001
  • 12.172.173.82:993
  • 12.172.173.82:995
  • 122.184.143.86:443
  • 123.3.240.16:995
  • 144.64.226.144:443
  • 157.119.85.203:443
  • 162.248.14.107:443
  • 171.96.204.10:443
  • 174.104.184.149:443
  • 174.119.104.47:443
  • 174.4.89.3:443
  • 175.143.63.68:2222
  • 178.152.121.81:443
  • 178.175.187.254:443
  • 180.151.104.240:443
  • 182.178.178.105:995
  • 183.87.163.165:443
  • 184.153.132.82:443
  • 184.176.110.61:61202
  • 184.176.35.223:2222
  • 186.64.67.54:443
  • 188.79.242.89:2222
  • 190.11.198.76:443
  • 190.191.35.122:443
  • 190.199.184.114:2222
  • 197.14.148.149:443
  • 197.148.17.17:2078
  • 197.207.61.243:2078
  • 198.2.51.242:993
  • 2.14.137.60:2222
  • 2.98.147.157:995
  • 200.109.6.16:2222
  • 201.210.105.249:2222
  • 201.244.108.183:995
  • 202.142.98.62:443
  • 202.142.98.62:995
  • 202.187.87.178:995
  • 209.171.163.72:995
  • 213.31.90.183:2222
  • 213.67.255.57:2222
  • 213.91.235.146:443
  • 216.210.65.47:443
  • 217.165.247.145:2222
  • 24.117.237.157:443
  • 24.178.201.230:2222
  • 24.69.84.237:443
  • 27.61.191.67:443
  • 31.48.18.52:443
  • 31.53.29.195:2222
  • 35.143.97.145:995
  • 37.14.229.220:2222
  • 45.50.233.214:443
  • 47.196.225.236:443
  • 47.32.78.150:443
  • 47.34.30.133:443
  • 47.61.11.253:2078
  • 49.245.82.178:2222
  • 49.245.95.124:2222
  • 50.68.186.195:443
  • 50.68.204.71:443
  • 50.68.204.71:993
  • 50.68.204.71:995
  • 50.86.217.209:443
  • 62.35.100.38:443
  • 64.237.245.195:443
  • 65.25.116.200:443
  • 67.253.226.137:995
  • 69.119.123.159:2222
  • 69.133.162.35:443
  • 70.160.80.210:443
  • 70.51.152.61:2222
  • 70.53.31.142:2222
  • 70.53.96.223:995
  • 71.171.83.69:443
  • 71.231.150.81:443
  • 71.46.234.171:443
  • 71.65.145.108:443
  • 72.200.109.104:443
  • 72.203.216.98:2222
  • 72.80.7.6:50003
  • 72.80.94.230:443
  • 73.165.119.20:443
  • 73.36.196.11:443
  • 73.88.173.113:443
  • 74.58.71.237:443
  • 74.66.134.24:443
  • 74.92.243.113:50000
  • 75.143.236.149:443
  • 76.170.252.153:995
  • 76.71.137.91:2222
  • 76.80.180.154:995
  • 77.86.98.236:443
  • 78.130.215.67:443
  • 78.159.144.244:995
  • 78.16.156.25:443
  • 78.218.230.28:443
  • 78.69.251.252:2222
  • 79.92.15.6:443
  • 80.1.152.201:443
  • 80.12.88.148:2222
  • 80.42.186.99:2222
  • 80.76.163.207:2222
  • 81.133.163.79:2222
  • 81.158.112.20:2222
  • 81.229.117.95:2222
  • 82.127.172.214:2222
  • 82.155.108.153:443
  • 83.114.60.6:2222
  • 83.213.192.136:443
  • 83.92.85.93:443
  • 84.108.200.161:443
  • 84.216.198.124:6881
  • 85.241.180.94:443
  • 85.245.51.95:443
  • 85.61.165.153:2222
  • 86.130.9.213:2222
  • 86.176.144.240:2222
  • 86.188.92.7:443
  • 86.190.223.11:2222
  • 86.191.9.6:995
  • 86.195.14.72:2222
  • 86.196.12.21:2222
  • 86.225.214.138:2222
  • 86.45.66.141:2222
  • 86.97.85.42:2222
  • 86.98.17.65:443
  • 87.221.197.44:2222
  • 87.243.146.59:443
  • 88.126.94.4:50000
  • 88.171.156.150:50000
  • 89.129.109.27:2222
  • 89.79.229.50:443
  • 90.104.22.28:2222
  • 90.165.109.4:2222
  • 90.55.105.42:2222
  • 91.2.135.211:995
  • 91.254.229.61:443
  • 91.68.227.219:443
  • 92.1.170.110:995
  • 92.149.250.113:2222
  • 92.154.17.149:2222
  • 92.154.45.81:2222
  • 92.159.173.52:2222
  • 92.186.69.229:2222
  • 92.239.81.124:443
  • 92.27.86.48:2222
  • 93.147.134.85:443
  • 94.5.98.77:443
  • 95.242.101.251:995
  • 98.145.23.67:443
  • 98.37.25.99:443
  • 99.253.131.148:443

URLs

  • https://broker-asigurari.eu/gss/gss.js
  • https://canadianused.com/euSgOJA/Rvcl20AeOB
  • https://discountlandllc.com/uUbH/2941D
  • https://getcash2surveys.com/0HFE0G/wzcTiAd
  • https://kingzunlimited.com/VvAmv/F2ijOjmHRBu
  • https://odwazig.nl/xNV7x/UXFPBvqbKl6
  • https://okkoud.com/eii/eii.js
  • https://onestopsilkscreeners.ca/o6g4bt1/eSe1yNvyMF
  • https://smeolbd.com/ntaUX/djBxQFf
  • https://sobanaze.com/cJn7i/0mI5MZvJ

SHA256

  • 293c6bb43cc267a6f0dd9f2da1d62144ddb63159a8f93a2ea2c963e0e44d87f4
  • 3a4116404cc6629abe37c1ad25bd1806179197e4acbfad733ce23e3deb5eed74
  • 5185043911373159773d7b8b4495e90c9c0ca5ea8daf11c60dac3562687b4155
  • 66416ebc59241a78024b8fa0b8fc376d66ed5e0f818aebccf8260c6a51bae9fd
  • 726b21c627f3b46ffbbfb76cc182e16461afe83ab062403f5e9d491cc58bfba5
  • 7f81fa66b8bc4e631470a573a3a71d0d66d1184115c2848793f223fcd7316f83
SEC-1275-1
Добавить комментарий