Qbot Trojan IOCs

Qbot (также известный как Qakbot, Quakbot и Pinkslipbot) - это модульный банковский троян для Windows с функциями червя, используемый как минимум с 2007 года для кражи банковских реквизитов, личной информации и финансовых данных, а также для установки бэкдоров на взломанных компьютерах и развертывания маяков Cobalt Strike.

Indicators of Compromise

IPv4

  • 1.161.101.20
  • 102.182.232.3
  • 103.246.242.202
  • 104.34.212.7
  • 105.27.172.6
  • 106.51.48.170
  • 108.60.213.141
  • 109.12.111.14
  • 111.125.245.116
  • 117.248.109.38
  • 120.150.218.241
  • 120.61.1.114
  • 121.7.223.45
  • 124.109.35.32
  • 124.40.244.115
  • 125.24.187.183
  • 140.82.49.12
  • 140.82.63.183
  • 143.0.219.6
  • 144.202.2.175
  • 144.202.3.39
  • 148.0.56.63
  • 148.64.96.100
  • 149.28.238.199
  • 172.114.160.81
  • 172.115.177.204
  • 173.174.216.62
  • 173.21.10.71
  • 174.69.215.101
  • 175.145.235.37
  • 176.67.56.94
  • 177.156.191.231
  • 177.205.155.85
  • 177.209.202.242
  • 177.94.57.126
  • 179.100.20.32
  • 179.158.105.44
  • 180.129.108.214
  • 182.191.92.203
  • 186.90.153.162
  • 187.149.236.5
  • 187.207.131.50
  • 187.251.132.144
  • 189.146.90.232
  • 189.253.206.105
  • 190.252.242.69
  • 191.112.25.187
  • 196.203.37.215
  • 197.164.182.46
  • 197.89.8.51
  • 201.142.177.168
  • 201.145.165.25
  • 201.172.23.68
  • 201.242.175.29
  • 202.134.152.2
  • 208.101.82.0
  • 208.107.221.224
  • 210.246.4.69
  • 217.128.122.65
  • 217.164.121.161
  • 217.165.176.49
  • 217.165.79.88
  • 24.139.72.117
  • 24.178.196.158
  • 24.55.67.176
  • 31.35.28.29
  • 31.48.174.63
  • 32.221.224.140
  • 37.186.54.254
  • 37.34.253.233
  • 38.70.253.226
  • 39.41.29.200
  • 39.44.158.215
  • 39.44.213.68
  • 39.49.96.122
  • 39.52.41.80
  • 40.134.246.185
  • 41.215.153.104
  • 41.230.62.211
  • 41.38.167.179
  • 41.84.229.240
  • 41.86.42.158
  • 42.228.224.249
  • 45.46.53.140
  • 45.63.1.12
  • 45.76.167.26
  • 46.107.48.202
  • 47.156.131.10
  • 47.157.227.70
  • 47.23.89.60
  • 5.203.199.157
  • 5.32.41.45
  • 63.143.92.99
  • 67.165.206.193
  • 67.209.195.198
  • 67.69.166.79
  • 69.14.172.24
  • 70.46.220.114
  • 70.51.135.90
  • 71.24.118.253
  • 72.252.157.93
  • 72.27.33.160
  • 73.151.236.31
  • 74.14.5.179
  • 75.99.168.194
  • 76.25.142.196
  • 76.70.9.169
  • 78.101.193.241
  • 79.80.80.29
  • 80.11.74.81
  • 81.215.196.174
  • 82.152.39.39
  • 82.41.63.217
  • 83.110.218.147
  • 83.110.92.106
  • 84.241.8.23
  • 85.246.82.244
  • 85.255.232.18
  • 86.195.158.178
  • 86.97.9.190
  • 86.98.149.168
  • 88.224.254.172
  • 89.101.97.139
  • 89.211.179.247
  • 89.86.33.217
  • 90.120.65.153
  • 91.177.173.10
  • 92.132.172.197
  • 93.48.80.198
  • 94.26.122.9
  • 94.36.193.176
  • 94.71.169.212
  • 96.37.113.36

IPv4 Port Combinations

  • 1.161.101.20:443
  • 1.161.101.20:995
  • 102.182.232.3:995
  • 103.246.242.202:443
  • 104.34.212.7:32103
  • 105.27.172.6:443
  • 106.51.48.170:50001
  • 108.60.213.141:443
  • 109.12.111.14:443
  • 111.125.245.116:995
  • 117.248.109.38:21
  • 120.150.218.241:995
  • 120.61.1.114:443
  • 121.7.223.45:2222
  • 124.109.35.32:995
  • 124.40.244.115:2222
  • 125.24.187.183:443
  • 140.82.49.12:443
  • 140.82.63.183:443
  • 140.82.63.183:995
  • 143.0.219.6:995
  • 144.202.2.175:443
  • 144.202.2.175:995
  • 144.202.3.39:443
  • 144.202.3.39:995
  • 148.0.56.63:443
  • 148.64.96.100:443
  • 149.28.238.199:443
  • 149.28.238.199:995
  • 172.114.160.81:995
  • 172.115.177.204:2222
  • 173.174.216.62:443
  • 173.21.10.71:2222
  • 174.69.215.101:443
  • 175.145.235.37:443
  • 176.67.56.94:443
  • 177.156.191.231:443
  • 177.205.155.85:443
  • 177.209.202.242:2222
  • 177.94.57.126:32101
  • 179.100.20.32:32101
  • 179.158.105.44:443
  • 180.129.108.214:995
  • 182.191.92.203:995
  • 186.90.153.162:2222
  • 187.149.236.5:443
  • 187.207.131.50:61202
  • 187.251.132.144:22
  • 189.146.90.232:443
  • 189.253.206.105:443
  • 190.252.242.69:443
  • 191.112.25.187:443
  • 196.203.37.215:80
  • 197.164.182.46:993
  • 197.89.8.51:443
  • 201.142.177.168:443
  • 201.145.165.25:443
  • 201.172.23.68:2222
  • 201.242.175.29:2222
  • 202.134.152.2:2222
  • 208.101.82.0:443
  • 208.107.221.224:443
  • 210.246.4.69:995
  • 217.128.122.65:2222
  • 217.164.121.161:1194
  • 217.164.121.161:2222
  • 217.165.176.49:2222
  • 217.165.79.88:443
  • 24.139.72.117:443
  • 24.178.196.158:2222
  • 24.55.67.176:443
  • 31.35.28.29:443
  • 31.48.174.63:2078
  • 32.221.224.140:995
  • 37.186.54.254:995
  • 37.34.253.233:443
  • 38.70.253.226:2222
  • 39.41.29.200:995
  • 39.44.158.215:995
  • 39.44.213.68:995
  • 39.49.96.122:995
  • 39.52.41.80:995
  • 40.134.246.185:995
  • 41.215.153.104:995
  • 41.230.62.211:995
  • 41.38.167.179:995
  • 41.84.229.240:443
  • 41.86.42.158:995
  • 42.228.224.249:2222
  • 45.46.53.140:2222
  • 45.63.1.12:443
  • 45.63.1.12:995
  • 45.76.167.26:443
  • 45.76.167.26:995
  • 46.107.48.202:443
  • 47.156.131.10:443
  • 47.157.227.70:443
  • 47.23.89.60:993
  • 5.203.199.157:995
  • 5.32.41.45:443
  • 63.143.92.99:995
  • 67.165.206.193:993
  • 67.209.195.198:443
  • 67.69.166.79:2222
  • 69.14.172.24:443
  • 70.46.220.114:443
  • 70.51.135.90:2222
  • 71.24.118.253:443
  • 72.252.157.93:990
  • 72.252.157.93:993
  • 72.252.157.93:995
  • 72.27.33.160:443
  • 73.151.236.31:443
  • 74.14.5.179:2222
  • 75.99.168.194:443
  • 75.99.168.194:61201
  • 76.25.142.196:443
  • 76.70.9.169:2222
  • 78.101.193.241:6883
  • 79.80.80.29:2222
  • 80.11.74.81:2222
  • 81.215.196.174:443
  • 82.152.39.39:443
  • 82.41.63.217:443
  • 83.110.218.147:993
  • 83.110.92.106:443
  • 84.241.8.23:32103
  • 85.246.82.244:443
  • 85.255.232.18:443
  • 86.195.158.178:2222
  • 86.97.9.190:443
  • 86.98.149.168:2222
  • 88.224.254.172:443
  • 89.101.97.139:443
  • 89.211.179.247:2222
  • 89.86.33.217:443
  • 90.120.65.153:2078
  • 91.177.173.10:995
  • 92.132.172.197:2222
  • 93.48.80.198:995
  • 94.26.122.9:995
  • 94.36.193.176:2222
  • 94.71.169.212:995
  • 96.37.113.36:993

MD5

  • 043dcf0e3af3763b121423bb27a05a3e
  • 045f5c2e8ea9dfe3ded8e91176395095
  • 34cbac798b4b25b37a82848da9dfdb8d
  • 492e2626e5003871fdd241fa5ccbb2f5
  • 5a6c3f59ca2c344e905f86b0ba7ff89c
  • 72cd69900fe8bb9f8325cea56d984e35
  • 76390978f26d3c6d7f799257542796ce
  • 835471c03eb940f1ab88f5441093e084
  • 9333586140f22859b74628360783abed
  • 95201e12aea339a8d210accd76d723c7
  • a314a96b868c21da796207e6ce4d5843
  • a32050027aea96b3b70e1056490a98c9
  • ae71f886aa772aeb99369c21d87df08f
  • b235a5748a1ae62fa658d64d491d16ce
  • c2beabe882ee182dc867898504bbb3ef
  • c4e01eebb7d9ab3ab4ff8a1703e8d105
  • e7015438268464cedad98b1544d643ad
  • ea1bee0d9169ac92714e056e9005197b
  • ef7f54e396edbdca3c4737baa290c2c6

Emails

  • claudia.defino@generalipinerolo.it
  • fakturace@spedice-kudrova.cz
  • grafix@carcaregib.com
  • info@redony-javitas.net
  • luc.bujold@shetush.ca
  • marcin@danstone.pl
  • margie@victory-supply-inc.com
  • piotr.schoenen@samson-personal.de
  • ralph.fotsing@egscmr.com
SEC-1275-1
Добавить комментарий