Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.
Indicators of Compromise
IPv4 Port Combinations
- 102.158.166.192:443
- 103.12.133.134:2222
- 103.169.83.89:443
- 103.252.7.238:443
- 104.35.24.154:443
- 109.146.46.4:50000
- 109.149.148.218:2222
- 109.49.47.10:80
- 12.172.173.82:20
- 12.172.173.82:2087
- 12.172.173.82:22
- 12.172.173.82:32101
- 12.172.173.82:465
- 12.172.173.82:50001
- 12.172.173.82:993
- 122.184.143.86:443
- 142.122.61.8:2222
- 162.248.14.107:443
- 174.104.184.149:443
- 174.4.89.3:443
- 178.175.187.254:443
- 180.151.118.79:443
- 183.87.163.165:443
- 184.153.132.82:443
- 184.176.35.223:2222
- 184.189.41.80:443
- 186.64.67.37:443
- 190.199.184.114:2222
- 197.14.148.149:443
- 197.148.17.17:2078
- 198.2.51.242:993
- 2.14.137.60:2222
- 2.50.16.41:995
- 2.82.8.80:443
- 2.98.147.157:995
- 200.109.6.16:2222
- 201.142.211.120:443
- 201.244.108.183:995
- 202.142.98.62:443
- 208.180.17.32:2222
- 213.67.255.57:2222
- 213.91.235.146:443
- 217.165.234.168:443
- 223.167.12.241:995
- 23.251.65.87:2222
- 24.187.145.201:2222
- 24.69.84.237:443
- 27.109.19.90:2078
- 31.53.29.156:2222
- 35.143.97.145:995
- 41.228.227.33:995
- 45.50.233.214:443
- 47.132.248.132:443
- 47.16.77.194:2222
- 47.196.225.236:443
- 47.203.229.168:443
- 47.32.78.150:443
- 47.34.30.133:443
- 49.245.95.124:2222
- 50.68.186.195:443
- 50.68.204.71:443
- 50.68.204.71:993
- 62.35.100.38:443
- 64.229.76.172:2222
- 64.237.245.195:443
- 66.227.195.237:443
- 67.10.2.240:995
- 67.61.61.31:443
- 67.71.21.193:2222
- 68.109.240.71:443
- 69.119.123.159:2222
- 69.159.159.108:2222
- 70.160.80.210:443
- 70.51.152.61:2222
- 70.53.96.223:995
- 70.55.67.13:2222
- 71.171.83.69:443
- 71.65.145.108:443
- 72.200.109.104:443
- 72.203.216.98:2222
- 72.222.73.150:443
- 72.88.245.71:443
- 73.161.176.218:443
- 73.165.119.20:443
- 73.22.121.210:443
- 74.92.243.113:50000
- 75.143.236.149:443
- 76.170.252.153:995
- 78.130.215.67:443
- 78.159.144.244:995
- 78.16.156.25:443
- 78.192.109.105:2222
- 78.218.230.28:443
- 78.69.251.252:2222
- 78.92.133.215:443
- 80.12.88.148:2222
- 80.3.209.218:443
- 80.42.186.99:2222
- 81.158.112.20:2222
- 84.108.200.161:443
- 84.216.198.124:6881
- 85.231.105.49:2222
- 85.241.180.94:443
- 86.130.9.213:2222
- 86.195.14.72:2222
- 86.225.214.138:2222
- 88.122.133.88:32100
- 88.126.94.4:50000
- 91.2.135.211:995
- 91.254.229.61:443
- 91.82.0.209:443
- 92.154.17.149:2222
- 92.159.173.52:2222
- 94.30.86.216:32100
- 95.242.101.251:995
- 98.145.23.67:443
- 98.147.155.235:443
- 98.187.21.2:443
- 98.22.24.81:995
- 99.253.131.148:443
URLs
- https://amazonneon.com/YDPjgv0/Fd49a7
- https://embroidery-gulf.com/COAxZjb/fhhuyQiogM
- https://fineadvicefoundation.org/3yxItyx/dFmub8
- https://kpmasterchart.com/FkxW/unb0Bf6sYI
- https://stoaindustria.com.br/DgebrQ/BpOgHClFg78I
SHA256
- 7db36ccba92cac87c9e4d574eba06ca0adb1d44b4ff017910bfd82af677a1519
- 8477b2737e6ba177568fd1e2f30838cb8acb751b60c4c1a9643d8bb0c95d5d3a
- b1c429f67478263f0e896755c6866dd7804c508a1589d22b9fb148520b38c81a