Qakbot Trojan IOCs - Part 29

remote access Trojan IOC

Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.

Indicators of Compromise

IPv4 Port Combinations

  • 100.10.72.114:443
  • 100.6.31.96:443
  • 102.156.77.237:443
  • 102.158.82.17:443
  • 103.111.70.66:443
  • 103.111.70.66:995
  • 103.113.68.33:443
  • 103.140.174.20:2222
  • 103.144.201.53:2078
  • 103.212.19.254:995
  • 103.42.86.42:995
  • 103.87.128.228:443
  • 104.35.24.154:443
  • 105.102.30.255:443
  • 105.184.103.142:995
  • 105.225.50.146:995
  • 107.146.12.26:2222
  • 108.32.72.145:443
  • 109.11.175.42:2222
  • 109.150.179.215:2222
  • 109.154.254.126:2222
  • 109.159.118.65:2222
  • 109.218.86.223:2222
  • 109.50.143.218:2222
  • 112.222.83.147:6881
  • 114.143.176.235:443
  • 116.72.250.18:443
  • 116.74.163.233:443
  • 116.74.164.148:443
  • 116.75.63.150:443
  • 119.82.123.160:443
  • 12.172.173.82:20
  • 12.172.173.82:2087
  • 12.172.173.82:21
  • 12.172.173.82:22
  • 12.172.173.82:32101
  • 12.172.173.82:465
  • 12.172.173.82:50001
  • 12.172.173.82:993
  • 12.172.173.82:995
  • 122.184.143.83:443
  • 122.186.210.254:443
  • 123.3.240.16:995
  • 125.99.76.102:443
  • 136.232.184.134:995
  • 136.244.25.165:443
  • 139.226.47.229:995
  • 144.64.226.144:443
  • 147.219.4.194:443
  • 151.51.235.22:443
  • 151.62.55.207:443
  • 151.65.213.208:443
  • 157.119.85.203:443
  • 161.142.103.5:995
  • 162.248.14.107:443
  • 172.115.17.50:443
  • 174.171.10.179:443
  • 174.4.89.3:443
  • 176.142.207.63:443
  • 176.171.4.107:2222
  • 178.175.187.254:443
  • 184.153.132.82:443
  • 184.161.74.73:443
  • 185.69.145.198:443
  • 186.64.87.204:443
  • 188.79.242.89:2222
  • 190.191.35.122:443
  • 190.78.69.250:2222
  • 193.253.100.236:2222
  • 197.0.146.16:443
  • 197.1.218.172:443
  • 197.204.234.123:443
  • 197.3.198.241:443
  • 197.92.131.255:443
  • 197.94.95.20:443
  • 198.2.51.242:993
  • 2.237.150.131:2222
  • 2.36.64.159:2078
  • 2.82.8.80:443
  • 201.244.108.183:995
  • 202.142.98.62:443
  • 202.142.98.62:995
  • 202.184.218.218:443
  • 209.225.132.130:443
  • 209.93.207.224:2222
  • 213.66.245.200:2222
  • 213.67.139.53:2222
  • 213.91.235.146:443
  • 24.236.90.196:2078
  • 27.0.48.233:443
  • 27.109.19.90:2078
  • 27.99.32.26:2222
  • 35.143.97.145:995
  • 36.152.128.5:6883
  • 37.14.229.220:2222
  • 37.189.1.102:443
  • 41.227.217.128:443
  • 41.62.194.136:443
  • 41.96.194.114:443
  • 43.243.215.206:443
  • 45.50.233.214:443
  • 47.199.241.39:443
  • 47.205.25.170:443
  • 47.21.51.138:443
  • 47.34.30.133:443
  • 49.175.72.99:443
  • 49.245.95.124:2222
  • 50.68.186.195:443
  • 50.68.204.71:443
  • 50.68.204.71:993
  • 50.68.204.71:995
  • 59.153.96.4:443
  • 59.28.84.65:443
  • 64.121.161.102:443
  • 67.10.2.240:995
  • 69.119.123.159:2222
  • 69.133.162.35:443
  • 70.112.206.5:443
  • 70.160.80.210:443
  • 70.28.50.223:1194
  • 70.28.50.223:2083
  • 70.28.50.223:2087
  • 70.28.50.223:32100
  • 70.51.153.108:2222
  • 71.171.83.69:443
  • 71.31.100.192:443
  • 71.31.232.65:995
  • 71.38.155.217:443
  • 72.134.124.16:443
  • 72.200.109.104:443
  • 72.203.216.98:2222
  • 73.36.196.11:443
  • 74.66.134.24:443
  • 74.92.243.115:50000
  • 75.109.111.89:443
  • 75.143.236.149:443
  • 75.90.114.237:995
  • 75.98.154.19:443
  • 76.170.252.153:995
  • 76.80.180.154:993
  • 77.126.11.114:443
  • 78.130.215.67:443
  • 78.16.156.25:443
  • 78.192.109.105:2222
  • 78.69.251.252:2222
  • 80.12.88.148:2222
  • 80.13.205.69:2222
  • 81.101.185.146:443
  • 81.150.42.123:443
  • 81.229.117.95:2222
  • 82.122.128.149:2222
  • 82.41.36.110:22
  • 83.213.192.136:443
  • 83.77.208.166:2222
  • 83.92.85.93:443
  • 84.155.13.118:995
  • 84.215.202.8:443
  • 84.35.26.14:995
  • 85.241.180.94:443
  • 85.61.165.153:2222
  • 86.130.9.243:2222
  • 86.143.119.184:995
  • 86.154.216.221:2222
  • 86.176.87.35:2222
  • 86.195.14.72:2222
  • 86.209.8.236:2222
  • 86.225.214.138:2222
  • 86.45.66.141:2222
  • 86.97.66.70:2222
  • 86.98.23.66:443
  • 87.202.101.164:50000
  • 87.223.89.244:443
  • 87.243.146.59:443
  • 88.122.133.88:32100
  • 88.126.94.4:50000
  • 88.164.20.177:21
  • 89.129.109.27:2222
  • 89.79.229.50:443
  • 90.211.192.113:443
  • 90.55.106.37:2222
  • 90.93.132.149:2222
  • 91.165.188.74:50000
  • 91.82.133.190:443
  • 91.82.133.77:443
  • 92.1.170.110:995
  • 92.149.250.113:2222
  • 92.154.17.149:2222
  • 92.186.69.229:2222
  • 92.20.199.185:2222
  • 92.20.204.198:2222
  • 92.239.81.124:443
  • 92.27.86.48:2222
  • 92.9.45.20:2222
  • 92.97.115.255:2222
  • 93.24.192.142:20
  • 95.60.243.24:995
  • 96.87.28.170:2222
  • 98.145.23.67:443
  • 98.37.25.99:443
  • 99.228.131.116:2222

Domains

  • alzheimersdigest.net
  • antoinettegabriel.com
  • choicefaz.com.br
  • farmfutures.in
  • medano355condominio.com
  • milleniuninformatica.com.br
  • qassimnews.com
  • seicas.com
  • stealingexcellence.com
  • t-lows.com

URLs

  • http://milleniuninformatica.com.br/Le9/JLOJaks
  • http://milleniuninformatica.com.br/Le9/nLHrL0i
  • http://rosewoodlaminates.com/hea/yWY9SJ4VOH
  • http://unitedec-eg.com/IFU6llZ/cO5RcAa
  • https://agtendelperu.com/FPu0Fa/EpN5Xvh
  • https://alzheimersdigest.net/ZKpva/eJK5Yce0Yn
  • https://alzheimersdigest.net/ZKpva/PlQU9
  • https://antoinettegabriel.com/YuUE/JeGy3f
  • https://antoinettegabriel.com/YuUE/tYEdjqT0WC
  • https://bebessi.com.tr/Q9QbSi/puangaKPpjD
  • https://blogdocisneiros.com.br/GOm/lD1vhf
  • https://brevardbusinessguide.com/P4m9JdF/
  • https://capitalperurrhh.com/vQ1iQg/u6oL8xlJ
  • https://centerkick.com/IC5EQ8/2v6u6vKQwk8
  • https://centraltrucks.com.br/jexc/
  • https://chimpcity.com/h7e/p5FuepRZjx
  • https://choicefaz.com.br/w1W2/JtIYt
  • https://choicefaz.com.br/w1W2/swKtsZ
  • https://comunidadehebrom.com.br/0P16/i4dlZCkHEk
  • https://cozarqingenieria.com.mx/R5Awkh4/JZGpFCLYUsr
  • https://farmfutures.in/tlUtBc/2rRxuCF
  • https://farmfutures.in/tlUtBc/IyVX8ptn
  • https://graficalevi.com.br/0p6P/R94icuyQ
  • https://heraldoturismo.com.br/on3t7A/
  • https://immunoliderazgoyoportunidad.com/xqa6Cny/Qt0pPfeBAM
  • https://kmphi.com/FWovmB/8oZ0BOV5HqEX
  • https://ladulceriacandiesnmorellc.com/
  • https://medano355condominio.com/Tt7l/CkaQhsMIEQf
  • https://medano355condominio.com/Tt7l/gkmKosM5
  • https://pathways4success.com/ZsF1aj9/
  • https://pishonhelpinghands.ca/odt/odt.php
  • https://plantationlandscapingandirrigation.com/7EwmGoE/
  • https://propertynear.co.uk/QyYWyp/XRgRWEdFv
  • https://pryhmshift.com/Ow2/izhawDNIJ
  • https://qassimnews.com/yweNej/3YXgYf
  • https://qassimnews.com/yweNej/Fkx6Uh9iU
  • https://seicas.com/KvtM0/IZG4MIirG0Ys
  • https://seicas.com/KvtM0/r7jNjc8EtweM
  • https://stealingexcellence.com/rVR9r/Hal5sirvckcT
  • https://stealingexcellence.com/rVR9r/xC0Q6q
  • https://temeculatireshop.com/1uwog/
  • https://theshirtsummit.com/MwBGSm/lGP5mGh
  • https://thewatchzonebd.com/tkh4PH/SBL8BMSeA2rY
  • https://theyoungandtheratchet.com/IzvO/EuVTmZEBRFw
  • https://t-lows.com/ggAJ2m/bX4qpXO
  • https://t-lows.com/ggAJ2m/VlyWZg
  • https://tomazellapresentes.com.br/ZeUvz7b/

Emails

MD5

  • 21c51a8c7a408f62510ba211d2b35ef0
  • b64c4eba4869bd392c951c621d9b67d8
  • c95a798dcb5ba4623997cb1c860f58f6
  • cbf062c11863b5df6db2ef7ac1cf03c7
  • ce54104a9979a62ad0d8c31eb477cc50
  • d6436592ec67e6a27e3babac1dc830d4

SHA256

  • 17a5f734547bbc4a7c170f2e7f3812cf916ce7ac8dc948bf87afd3a29fb2148a
  • 561af3176733040a90c62df0d19780b373da1f7e45a7c25a09f922fd96f6bc0f
  • 72b9c35e5d062296103564db4d629b253030e5978757abdc059c67c4ad086aed
  • 8869ef636622af19b136c0d69f8625bc0e0fb60cb1a4d8066792dc2b7d9936a4
  • 8c30e0e3546829c7c7007b2720151342b945a6593be960cd060cee17829c95cd
  • bcd857c32ed58724079f47ad46073c4b148db83fbd04c84a38e6bd832cbe48f3
  • bebf0dbfc471717f27ff0a0ecbd591efdcdc6ed84e92380ef98284785c0e5750
  • ce0b6e49d017a570bdaa463e51893014a7378fb4586e33fabbc6c4832c355663
  • d7608b8f684e7465599a4673fefa329de646e38d934dd79e592288c68720bcfa
Avatar for Gnostis
Gnostis
SEC-1275-1
Добавить комментарий