Qbot Trojan IOCs

Qbot (также известный как Qakbot, Quakbot и Pinkslipbot) - это модульный банковский троян для Windows с функциями червя, используемый как минимум с 2007 года для кражи банковских реквизитов, личной информации и финансовых данных, а также для установки бэкдоров на взломанных компьютерах и развертывания маяков Cobalt Strike.

Содержание

Indicators of Compromise

IPv4

1.161.101.20
102.182.232.3
103.246.242.202
104.34.212.7
105.27.172.6
106.51.48.170
108.60.213.141
109.12.111.14
111.125.245.116
117.248.109.38
120.150.218.241
120.61.1.114
121.7.223.45
124.109.35.32
124.40.244.115
125.24.187.183
140.82.49.12
140.82.63.183
143.0.219.6
144.202.2.175
144.202.3.39
148.0.56.63
148.64.96.100
149.28.238.199
172.114.160.81
172.115.177.204
173.174.216.62
173.21.10.71
174.69.215.101
175.145.235.37
176.67.56.94
177.156.191.231
177.205.155.85
177.209.202.242
177.94.57.126
179.100.20.32
179.158.105.44
180.129.108.214
182.191.92.203
186.90.153.162
187.149.236.5
187.207.131.50
187.251.132.144
189.146.90.232
189.253.206.105
190.252.242.69
191.112.25.187
196.203.37.215
197.164.182.46
197.89.8.51
201.142.177.168
201.145.165.25
201.172.23.68
201.242.175.29
202.134.152.2
208.101.82.0
208.107.221.224
210.246.4.69
217.128.122.65
217.164.121.161
217.165.176.49
217.165.79.88
24.139.72.117
24.178.196.158
24.55.67.176
31.35.28.29
31.48.174.63
32.221.224.140
37.186.54.254
37.34.253.233
38.70.253.226
39.41.29.200
39.44.158.215
39.44.213.68
39.49.96.122
39.52.41.80
40.134.246.185
41.215.153.104
41.230.62.211
41.38.167.179
41.84.229.240
41.86.42.158
42.228.224.249
45.46.53.140
45.63.1.12
45.76.167.26
46.107.48.202
47.156.131.10
47.157.227.70
47.23.89.60
5.203.199.157
5.32.41.45
63.143.92.99
67.165.206.193
67.209.195.198
67.69.166.79
69.14.172.24
70.46.220.114
70.51.135.90
71.24.118.253
72.252.157.93
72.27.33.160
73.151.236.31
74.14.5.179
75.99.168.194
76.25.142.196
76.70.9.169
78.101.193.241
79.80.80.29
80.11.74.81
81.215.196.174
82.152.39.39
82.41.63.217
83.110.218.147
83.110.92.106
84.241.8.23
85.246.82.244
85.255.232.18
86.195.158.178
86.97.9.190
86.98.149.168
88.224.254.172
89.101.97.139
89.211.179.247
89.86.33.217
90.120.65.153
91.177.173.10
92.132.172.197
93.48.80.198
94.26.122.9
94.36.193.176
94.71.169.212
96.37.113.36

IPv4 Port Combinations

1.161.101.20:443
1.161.101.20:995
102.182.232.3:995
103.246.242.202:443
104.34.212.7:32103
105.27.172.6:443
106.51.48.170:50001
108.60.213.141:443
109.12.111.14:443
111.125.245.116:995
117.248.109.38:21
120.150.218.241:995
120.61.1.114:443
121.7.223.45:2222
124.109.35.32:995
124.40.244.115:2222
125.24.187.183:443
140.82.49.12:443
140.82.63.183:443
140.82.63.183:995
143.0.219.6:995
144.202.2.175:443
144.202.2.175:995
144.202.3.39:443
144.202.3.39:995
148.0.56.63:443
148.64.96.100:443
149.28.238.199:443
149.28.238.199:995
172.114.160.81:995
172.115.177.204:2222
173.174.216.62:443
173.21.10.71:2222
174.69.215.101:443
175.145.235.37:443
176.67.56.94:443
177.156.191.231:443
177.205.155.85:443
177.209.202.242:2222
177.94.57.126:32101
179.100.20.32:32101
179.158.105.44:443
180.129.108.214:995
182.191.92.203:995
186.90.153.162:2222
187.149.236.5:443
187.207.131.50:61202
187.251.132.144:22
189.146.90.232:443
189.253.206.105:443
190.252.242.69:443
191.112.25.187:443
196.203.37.215:80
197.164.182.46:993
197.89.8.51:443
201.142.177.168:443
201.145.165.25:443
201.172.23.68:2222
201.242.175.29:2222
202.134.152.2:2222
208.101.82.0:443
208.107.221.224:443
210.246.4.69:995
217.128.122.65:2222
217.164.121.161:1194
217.164.121.161:2222
217.165.176.49:2222
217.165.79.88:443
24.139.72.117:443
24.178.196.158:2222
24.55.67.176:443
31.35.28.29:443
31.48.174.63:2078
32.221.224.140:995
37.186.54.254:995
37.34.253.233:443
38.70.253.226:2222
39.41.29.200:995
39.44.158.215:995
39.44.213.68:995
39.49.96.122:995
39.52.41.80:995
40.134.246.185:995
41.215.153.104:995
41.230.62.211:995
41.38.167.179:995
41.84.229.240:443
41.86.42.158:995
42.228.224.249:2222
45.46.53.140:2222
45.63.1.12:443
45.63.1.12:995
45.76.167.26:443
45.76.167.26:995
46.107.48.202:443
47.156.131.10:443
47.157.227.70:443
47.23.89.60:993
5.203.199.157:995
5.32.41.45:443
63.143.92.99:995
67.165.206.193:993
67.209.195.198:443
67.69.166.79:2222
69.14.172.24:443
70.46.220.114:443
70.51.135.90:2222
71.24.118.253:443
72.252.157.93:990
72.252.157.93:993
72.252.157.93:995
72.27.33.160:443
73.151.236.31:443
74.14.5.179:2222
75.99.168.194:443
75.99.168.194:61201
76.25.142.196:443
76.70.9.169:2222
78.101.193.241:6883
79.80.80.29:2222
80.11.74.81:2222
81.215.196.174:443
82.152.39.39:443
82.41.63.217:443
83.110.218.147:993
83.110.92.106:443
84.241.8.23:32103
85.246.82.244:443
85.255.232.18:443
86.195.158.178:2222
86.97.9.190:443
86.98.149.168:2222
88.224.254.172:443
89.101.97.139:443
89.211.179.247:2222
89.86.33.217:443
90.120.65.153:2078
91.177.173.10:995
92.132.172.197:2222
93.48.80.198:995
94.26.122.9:995
94.36.193.176:2222
94.71.169.212:995
96.37.113.36:993

MD5

043dcf0e3af3763b121423bb27a05a3e
045f5c2e8ea9dfe3ded8e91176395095
34cbac798b4b25b37a82848da9dfdb8d
492e2626e5003871fdd241fa5ccbb2f5
5a6c3f59ca2c344e905f86b0ba7ff89c
72cd69900fe8bb9f8325cea56d984e35
76390978f26d3c6d7f799257542796ce
835471c03eb940f1ab88f5441093e084
9333586140f22859b74628360783abed
95201e12aea339a8d210accd76d723c7
a314a96b868c21da796207e6ce4d5843
a32050027aea96b3b70e1056490a98c9
ae71f886aa772aeb99369c21d87df08f
b235a5748a1ae62fa658d64d491d16ce
c2beabe882ee182dc867898504bbb3ef
c4e01eebb7d9ab3ab4ff8a1703e8d105
e7015438268464cedad98b1544d643ad
ea1bee0d9169ac92714e056e9005197b
ef7f54e396edbdca3c4737baa290c2c6

Emails

claudia.defino@generalipinerolo.it
fakturace@spedice-kudrova.cz
grafix@carcaregib.com
info@redony-javitas.net
luc.bujold@shetush.ca
marcin@danstone.pl
margie@victory-supply-inc.com
piotr.schoenen@samson-personal.de
ralph.fotsing@egscmr.com

Indicators of Compromise

IPv4

IPv4 Port Combinations

MD5

Emails

Похожие записи: