Qakbot Trojan IOCs - Part 28

remote access Trojan IOC

Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.

Indicators of Compromise

IPv4 Port Combinations

  • 102.158.166.192:443
  • 103.12.133.134:2222
  • 103.169.83.89:443
  • 103.252.7.238:443
  • 104.35.24.154:443
  • 109.146.46.4:50000
  • 109.149.148.218:2222
  • 109.49.47.10:80
  • 12.172.173.82:20
  • 12.172.173.82:2087
  • 12.172.173.82:22
  • 12.172.173.82:32101
  • 12.172.173.82:465
  • 12.172.173.82:50001
  • 12.172.173.82:993
  • 122.184.143.86:443
  • 142.122.61.8:2222
  • 162.248.14.107:443
  • 174.104.184.149:443
  • 174.4.89.3:443
  • 178.175.187.254:443
  • 180.151.118.79:443
  • 183.87.163.165:443
  • 184.153.132.82:443
  • 184.176.35.223:2222
  • 184.189.41.80:443
  • 186.64.67.37:443
  • 190.199.184.114:2222
  • 197.14.148.149:443
  • 197.148.17.17:2078
  • 198.2.51.242:993
  • 2.14.137.60:2222
  • 2.50.16.41:995
  • 2.82.8.80:443
  • 2.98.147.157:995
  • 200.109.6.16:2222
  • 201.142.211.120:443
  • 201.244.108.183:995
  • 202.142.98.62:443
  • 208.180.17.32:2222
  • 213.67.255.57:2222
  • 213.91.235.146:443
  • 217.165.234.168:443
  • 223.167.12.241:995
  • 23.251.65.87:2222
  • 24.187.145.201:2222
  • 24.69.84.237:443
  • 27.109.19.90:2078
  • 31.53.29.156:2222
  • 35.143.97.145:995
  • 41.228.227.33:995
  • 45.50.233.214:443
  • 47.132.248.132:443
  • 47.16.77.194:2222
  • 47.196.225.236:443
  • 47.203.229.168:443
  • 47.32.78.150:443
  • 47.34.30.133:443
  • 49.245.95.124:2222
  • 50.68.186.195:443
  • 50.68.204.71:443
  • 50.68.204.71:993
  • 62.35.100.38:443
  • 64.229.76.172:2222
  • 64.237.245.195:443
  • 66.227.195.237:443
  • 67.10.2.240:995
  • 67.61.61.31:443
  • 67.71.21.193:2222
  • 68.109.240.71:443
  • 69.119.123.159:2222
  • 69.159.159.108:2222
  • 70.160.80.210:443
  • 70.51.152.61:2222
  • 70.53.96.223:995
  • 70.55.67.13:2222
  • 71.171.83.69:443
  • 71.65.145.108:443
  • 72.200.109.104:443
  • 72.203.216.98:2222
  • 72.222.73.150:443
  • 72.88.245.71:443
  • 73.161.176.218:443
  • 73.165.119.20:443
  • 73.22.121.210:443
  • 74.92.243.113:50000
  • 75.143.236.149:443
  • 76.170.252.153:995
  • 78.130.215.67:443
  • 78.159.144.244:995
  • 78.16.156.25:443
  • 78.192.109.105:2222
  • 78.218.230.28:443
  • 78.69.251.252:2222
  • 78.92.133.215:443
  • 80.12.88.148:2222
  • 80.3.209.218:443
  • 80.42.186.99:2222
  • 81.158.112.20:2222
  • 84.108.200.161:443
  • 84.216.198.124:6881
  • 85.231.105.49:2222
  • 85.241.180.94:443
  • 86.130.9.213:2222
  • 86.195.14.72:2222
  • 86.225.214.138:2222
  • 88.122.133.88:32100
  • 88.126.94.4:50000
  • 91.2.135.211:995
  • 91.254.229.61:443
  • 91.82.0.209:443
  • 92.154.17.149:2222
  • 92.159.173.52:2222
  • 94.30.86.216:32100
  • 95.242.101.251:995
  • 98.145.23.67:443
  • 98.147.155.235:443
  • 98.187.21.2:443
  • 98.22.24.81:995
  • 99.253.131.148:443

URLs

  • https://amazonneon.com/YDPjgv0/Fd49a7
  • https://embroidery-gulf.com/COAxZjb/fhhuyQiogM
  • https://fineadvicefoundation.org/3yxItyx/dFmub8
  • https://kpmasterchart.com/FkxW/unb0Bf6sYI
  • https://stoaindustria.com.br/DgebrQ/BpOgHClFg78I

SHA256

  • 7db36ccba92cac87c9e4d574eba06ca0adb1d44b4ff017910bfd82af677a1519
  • 8477b2737e6ba177568fd1e2f30838cb8acb751b60c4c1a9643d8bb0c95d5d3a
  • b1c429f67478263f0e896755c6866dd7804c508a1589d22b9fb148520b38c81a
Avatar for Gnostis
Gnostis
SEC-1275-1
Добавить комментарий