Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.
Indicators of Compromise
IPv4 Port Combinations
- 100.10.72.114:443
- 100.6.31.96:443
- 102.156.77.237:443
- 102.158.82.17:443
- 103.111.70.66:443
- 103.111.70.66:995
- 103.113.68.33:443
- 103.140.174.20:2222
- 103.144.201.53:2078
- 103.212.19.254:995
- 103.42.86.42:995
- 103.87.128.228:443
- 104.35.24.154:443
- 105.102.30.255:443
- 105.184.103.142:995
- 105.225.50.146:995
- 107.146.12.26:2222
- 108.32.72.145:443
- 109.11.175.42:2222
- 109.150.179.215:2222
- 109.154.254.126:2222
- 109.159.118.65:2222
- 109.218.86.223:2222
- 109.50.143.218:2222
- 112.222.83.147:6881
- 114.143.176.235:443
- 116.72.250.18:443
- 116.74.163.233:443
- 116.74.164.148:443
- 116.75.63.150:443
- 119.82.123.160:443
- 12.172.173.82:20
- 12.172.173.82:2087
- 12.172.173.82:21
- 12.172.173.82:22
- 12.172.173.82:32101
- 12.172.173.82:465
- 12.172.173.82:50001
- 12.172.173.82:993
- 12.172.173.82:995
- 122.184.143.83:443
- 122.186.210.254:443
- 123.3.240.16:995
- 125.99.76.102:443
- 136.232.184.134:995
- 136.244.25.165:443
- 139.226.47.229:995
- 144.64.226.144:443
- 147.219.4.194:443
- 151.51.235.22:443
- 151.62.55.207:443
- 151.65.213.208:443
- 157.119.85.203:443
- 161.142.103.5:995
- 162.248.14.107:443
- 172.115.17.50:443
- 174.171.10.179:443
- 174.4.89.3:443
- 176.142.207.63:443
- 176.171.4.107:2222
- 178.175.187.254:443
- 184.153.132.82:443
- 184.161.74.73:443
- 185.69.145.198:443
- 186.64.87.204:443
- 188.79.242.89:2222
- 190.191.35.122:443
- 190.78.69.250:2222
- 193.253.100.236:2222
- 197.0.146.16:443
- 197.1.218.172:443
- 197.204.234.123:443
- 197.3.198.241:443
- 197.92.131.255:443
- 197.94.95.20:443
- 198.2.51.242:993
- 2.237.150.131:2222
- 2.36.64.159:2078
- 2.82.8.80:443
- 201.244.108.183:995
- 202.142.98.62:443
- 202.142.98.62:995
- 202.184.218.218:443
- 209.225.132.130:443
- 209.93.207.224:2222
- 213.66.245.200:2222
- 213.67.139.53:2222
- 213.91.235.146:443
- 24.236.90.196:2078
- 27.0.48.233:443
- 27.109.19.90:2078
- 27.99.32.26:2222
- 35.143.97.145:995
- 36.152.128.5:6883
- 37.14.229.220:2222
- 37.189.1.102:443
- 41.227.217.128:443
- 41.62.194.136:443
- 41.96.194.114:443
- 43.243.215.206:443
- 45.50.233.214:443
- 47.199.241.39:443
- 47.205.25.170:443
- 47.21.51.138:443
- 47.34.30.133:443
- 49.175.72.99:443
- 49.245.95.124:2222
- 50.68.186.195:443
- 50.68.204.71:443
- 50.68.204.71:993
- 50.68.204.71:995
- 59.153.96.4:443
- 59.28.84.65:443
- 64.121.161.102:443
- 67.10.2.240:995
- 69.119.123.159:2222
- 69.133.162.35:443
- 70.112.206.5:443
- 70.160.80.210:443
- 70.28.50.223:1194
- 70.28.50.223:2083
- 70.28.50.223:2087
- 70.28.50.223:32100
- 70.51.153.108:2222
- 71.171.83.69:443
- 71.31.100.192:443
- 71.31.232.65:995
- 71.38.155.217:443
- 72.134.124.16:443
- 72.200.109.104:443
- 72.203.216.98:2222
- 73.36.196.11:443
- 74.66.134.24:443
- 74.92.243.115:50000
- 75.109.111.89:443
- 75.143.236.149:443
- 75.90.114.237:995
- 75.98.154.19:443
- 76.170.252.153:995
- 76.80.180.154:993
- 77.126.11.114:443
- 78.130.215.67:443
- 78.16.156.25:443
- 78.192.109.105:2222
- 78.69.251.252:2222
- 80.12.88.148:2222
- 80.13.205.69:2222
- 81.101.185.146:443
- 81.150.42.123:443
- 81.229.117.95:2222
- 82.122.128.149:2222
- 82.41.36.110:22
- 83.213.192.136:443
- 83.77.208.166:2222
- 83.92.85.93:443
- 84.155.13.118:995
- 84.215.202.8:443
- 84.35.26.14:995
- 85.241.180.94:443
- 85.61.165.153:2222
- 86.130.9.243:2222
- 86.143.119.184:995
- 86.154.216.221:2222
- 86.176.87.35:2222
- 86.195.14.72:2222
- 86.209.8.236:2222
- 86.225.214.138:2222
- 86.45.66.141:2222
- 86.97.66.70:2222
- 86.98.23.66:443
- 87.202.101.164:50000
- 87.223.89.244:443
- 87.243.146.59:443
- 88.122.133.88:32100
- 88.126.94.4:50000
- 88.164.20.177:21
- 89.129.109.27:2222
- 89.79.229.50:443
- 90.211.192.113:443
- 90.55.106.37:2222
- 90.93.132.149:2222
- 91.165.188.74:50000
- 91.82.133.190:443
- 91.82.133.77:443
- 92.1.170.110:995
- 92.149.250.113:2222
- 92.154.17.149:2222
- 92.186.69.229:2222
- 92.20.199.185:2222
- 92.20.204.198:2222
- 92.239.81.124:443
- 92.27.86.48:2222
- 92.9.45.20:2222
- 92.97.115.255:2222
- 93.24.192.142:20
- 95.60.243.24:995
- 96.87.28.170:2222
- 98.145.23.67:443
- 98.37.25.99:443
- 99.228.131.116:2222
Domains
- alzheimersdigest.net
- antoinettegabriel.com
- choicefaz.com.br
- farmfutures.in
- medano355condominio.com
- milleniuninformatica.com.br
- qassimnews.com
- seicas.com
- stealingexcellence.com
- t-lows.com
URLs
- http://milleniuninformatica.com.br/Le9/JLOJaks
- http://milleniuninformatica.com.br/Le9/nLHrL0i
- http://rosewoodlaminates.com/hea/yWY9SJ4VOH
- http://unitedec-eg.com/IFU6llZ/cO5RcAa
- https://agtendelperu.com/FPu0Fa/EpN5Xvh
- https://alzheimersdigest.net/ZKpva/eJK5Yce0Yn
- https://alzheimersdigest.net/ZKpva/PlQU9
- https://antoinettegabriel.com/YuUE/JeGy3f
- https://antoinettegabriel.com/YuUE/tYEdjqT0WC
- https://bebessi.com.tr/Q9QbSi/puangaKPpjD
- https://blogdocisneiros.com.br/GOm/lD1vhf
- https://brevardbusinessguide.com/P4m9JdF/
- https://capitalperurrhh.com/vQ1iQg/u6oL8xlJ
- https://centerkick.com/IC5EQ8/2v6u6vKQwk8
- https://centraltrucks.com.br/jexc/
- https://chimpcity.com/h7e/p5FuepRZjx
- https://choicefaz.com.br/w1W2/JtIYt
- https://choicefaz.com.br/w1W2/swKtsZ
- https://comunidadehebrom.com.br/0P16/i4dlZCkHEk
- https://cozarqingenieria.com.mx/R5Awkh4/JZGpFCLYUsr
- https://farmfutures.in/tlUtBc/2rRxuCF
- https://farmfutures.in/tlUtBc/IyVX8ptn
- https://graficalevi.com.br/0p6P/R94icuyQ
- https://heraldoturismo.com.br/on3t7A/
- https://immunoliderazgoyoportunidad.com/xqa6Cny/Qt0pPfeBAM
- https://kmphi.com/FWovmB/8oZ0BOV5HqEX
- https://ladulceriacandiesnmorellc.com/
- https://medano355condominio.com/Tt7l/CkaQhsMIEQf
- https://medano355condominio.com/Tt7l/gkmKosM5
- https://pathways4success.com/ZsF1aj9/
- https://pishonhelpinghands.ca/odt/odt.php
- https://plantationlandscapingandirrigation.com/7EwmGoE/
- https://propertynear.co.uk/QyYWyp/XRgRWEdFv
- https://pryhmshift.com/Ow2/izhawDNIJ
- https://qassimnews.com/yweNej/3YXgYf
- https://qassimnews.com/yweNej/Fkx6Uh9iU
- https://seicas.com/KvtM0/IZG4MIirG0Ys
- https://seicas.com/KvtM0/r7jNjc8EtweM
- https://stealingexcellence.com/rVR9r/Hal5sirvckcT
- https://stealingexcellence.com/rVR9r/xC0Q6q
- https://temeculatireshop.com/1uwog/
- https://theshirtsummit.com/MwBGSm/lGP5mGh
- https://thewatchzonebd.com/tkh4PH/SBL8BMSeA2rY
- https://theyoungandtheratchet.com/IzvO/EuVTmZEBRFw
- https://t-lows.com/ggAJ2m/bX4qpXO
- https://t-lows.com/ggAJ2m/VlyWZg
- https://tomazellapresentes.com.br/ZeUvz7b/
Emails
MD5
- 21c51a8c7a408f62510ba211d2b35ef0
- b64c4eba4869bd392c951c621d9b67d8
- c95a798dcb5ba4623997cb1c860f58f6
- cbf062c11863b5df6db2ef7ac1cf03c7
- ce54104a9979a62ad0d8c31eb477cc50
- d6436592ec67e6a27e3babac1dc830d4
SHA256
- 17a5f734547bbc4a7c170f2e7f3812cf916ce7ac8dc948bf87afd3a29fb2148a
- 561af3176733040a90c62df0d19780b373da1f7e45a7c25a09f922fd96f6bc0f
- 72b9c35e5d062296103564db4d629b253030e5978757abdc059c67c4ad086aed
- 8869ef636622af19b136c0d69f8625bc0e0fb60cb1a4d8066792dc2b7d9936a4
- 8c30e0e3546829c7c7007b2720151342b945a6593be960cd060cee17829c95cd
- bcd857c32ed58724079f47ad46073c4b148db83fbd04c84a38e6bd832cbe48f3
- bebf0dbfc471717f27ff0a0ecbd591efdcdc6ed84e92380ef98284785c0e5750
- ce0b6e49d017a570bdaa463e51893014a7378fb4586e33fabbc6c4832c355663
- d7608b8f684e7465599a4673fefa329de646e38d934dd79e592288c68720bcfa