Qakbot Malware IOCs - Part 5

security IOC

Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.

Qakbot Malware IOCs

Indicators of Compromise

IPv4 Port Combinations

  • 1.10.253.207:443
  • 100.1.5.250:995
  • 102.101.231.141:443
  • 102.184.151.194:995
  • 102.188.100.131:995
  • 102.38.96.108:995
  • 102.38.97.229:995
  • 102.40.236.32:995
  • 104.34.212.7:32103
  • 105.105.104.0:443
  • 105.109.138.89:443
  • 105.111.60.60:995
  • 105.159.30.48:443
  • 105.197.192.21:995
  • 105.98.130.85:443
  • 105.99.214.62:995
  • 105.99.217.147:995
  • 105.99.80.23:443
  • 109.155.5.164:993
  • 109.158.159.179:993
  • 109.200.165.82:443
  • 110.4.255.247:443
  • 111.125.245.116:995
  • 113.170.216.154:443
  • 113.22.102.155:443
  • 118.174.200.169:995
  • 118.174.204.204:995
  • 118.175.247.124:995
  • 118.216.99.232:443
  • 118.68.220.199:443
  • 119.42.124.18:443
  • 119.82.111.158:443
  • 120.150.218.241:995
  • 123.240.131.1:443
  • 125.26.54.57:995
  • 134.35.11.110:443
  • 134.35.13.201:443
  • 134.35.13.43:443
  • 134.35.13.45:443
  • 134.35.9.144:443
  • 138.0.114.166:443
  • 139.195.132.210:2222
  • 139.195.63.45:2222
  • 139.228.33.176:2222
  • 14.183.63.12:443
  • 14.184.97.67:443
  • 141.164.254.35:443
  • 151.234.63.48:990
  • 151.234.97.239:990
  • 154.181.136.133:995
  • 154.181.203.230:995
  • 154.238.151.197:995
  • 154.246.182.210:443
  • 156.213.107.29:995
  • 156.219.49.22:995
  • 160.152.135.188:2222
  • 160.176.204.241:443
  • 167.60.82.242:995
  • 169.1.47.111:443
  • 169.159.95.135:2222
  • 171.238.230.59:443
  • 171.248.157.128:995
  • 172.115.177.204:2222
  • 173.189.167.21:995
  • 173.218.180.91:443
  • 175.110.231.67:443
  • 176.42.245.2:995
  • 176.90.193.145:2222
  • 177.255.14.99:995
  • 179.108.32.195:443
  • 179.111.111.88:32101
  • 179.158.103.236:443
  • 179.223.89.154:995
  • 179.24.245.193:995
  • 180.180.131.95:443
  • 181.111.20.201:443
  • 181.118.183.123:443
  • 181.127.138.30:443
  • 181.231.229.133:443
  • 181.56.125.32:443
  • 181.59.3.118:443
  • 181.80.133.202:443
  • 181.81.116.144:443
  • 182.213.208.5:443
  • 184.82.110.50:995
  • 184.99.123.118:443
  • 186.105.182.127:443
  • 186.120.58.88:443
  • 186.154.92.181:443
  • 186.167.249.206:443
  • 186.50.245.74:995
  • 186.64.87.202:443
  • 187.205.222.100:443
  • 188.157.6.170:443
  • 189.19.189.222:32101
  • 190.158.58.236:443
  • 190.44.40.48:995
  • 190.59.247.136:995
  • 191.254.74.89:32101
  • 191.84.204.214:995
  • 191.97.234.238:995
  • 193.3.19.37:443
  • 194.166.205.204:995
  • 194.166.207.160:995
  • 194.49.79.231:443
  • 196.112.34.71:443
  • 196.64.231.231:443
  • 196.64.239.93:443
  • 196.92.172.24:8443
  • 197.11.128.156:443
  • 197.204.143.46:443
  • 197.204.209.38:443
  • 197.204.243.167:443
  • 197.49.50.44:443
  • 197.94.210.133:443
  • 197.94.84.128:443
  • 2.182.104.151:990
  • 2.185.210.129:990
  • 2.89.78.130:993
  • 200.161.62.126:32101
  • 201.177.163.176:443
  • 210.195.18.76:2222
  • 211.248.176.4:443
  • 212.156.51.194:443
  • 217.165.146.41:993
  • 217.165.77.134:443
  • 217.165.77.134:995
  • 217.165.85.223:993
  • 219.69.103.199:443
  • 220.116.250.45:443
  • 24.139.72.117:443
  • 24.178.196.158:2222
  • 24.55.67.176:443
  • 27.73.215.46:32102
  • 31.166.116.171:443
  • 31.32.180.179:443
  • 31.54.39.153:2078
  • 37.210.148.30:995
  • 37.34.253.233:443
  • 37.37.206.87:995
  • 37.76.197.124:443
  • 39.49.67.4:995
  • 41.103.226.172:443
  • 41.105.197.244:443
  • 41.107.78.223:995
  • 41.111.1.60:995
  • 41.111.77.115:995
  • 41.142.132.190:443
  • 41.248.89.135:443
  • 41.69.103.179:995
  • 41.69.118.117:995
  • 41.96.152.196:443
  • 41.96.171.218:443
  • 41.96.56.224:443
  • 41.97.64.224:443
  • 41.97.76.61:443
  • 41.99.57.155:443
  • 45.160.124.211:995
  • 45.183.234.180:443
  • 45.241.140.181:995
  • 45.51.148.111:993
  • 46.107.48.202:443
  • 46.116.229.16:443
  • 46.186.216.41:32100
  • 47.146.182.110:443
  • 47.180.172.159:443
  • 47.23.89.61:993
  • 47.23.89.61:995
  • 61.105.45.244:443
  • 61.70.29.53:443
  • 62.114.193.186:995
  • 63.143.92.99:995
  • 64.207.215.69:443
  • 66.181.164.43:443
  • 67.209.195.198:443
  • 68.129.232.158:443
  • 68.151.196.147:995
  • 68.224.229.42:443
  • 68.50.190.55:443
  • 68.53.110.74:995
  • 70.46.220.114:443
  • 70.49.33.200:2222
  • 70.51.132.197:2222
  • 70.81.121.237:2222
  • 71.10.27.196:2222
  • 72.66.96.129:995
  • 72.88.245.71:443
  • 76.169.76.44:2222
  • 78.100.225.34:2222
  • 78.100.228.93:995
  • 78.100.254.17:2222
  • 78.101.202.75:50010
  • 78.168.87.170:2222
  • 78.182.113.80:443
  • 81.131.161.131:2078
  • 81.214.220.237:443
  • 81.56.22.251:995
  • 83.110.219.59:993
  • 84.238.253.171:443
  • 84.38.133.191:443
  • 85.114.110.108:443
  • 85.114.99.34:443
  • 85.139.203.42:32101
  • 85.98.206.165:995
  • 85.98.46.114:443
  • 86.98.156.176:993
  • 86.98.156.218:993
  • 87.220.229.164:2222
  • 87.243.113.104:995
  • 87.75.195.211:443
  • 88.231.221.198:443
  • 88.231.221.198:995
  • 88.232.207.24:443
  • 88.242.228.16:53
  • 88.244.84.195:443
  • 88.245.103.132:2222
  • 88.245.168.200:2222
  • 88.246.170.2:443
  • 88.251.38.53:443
  • 89.211.217.38:995
  • 89.211.223.138:2222
  • 91.116.160.252:443
  • 93.48.80.198:995
  • 94.99.110.157:995
  • 95.10.13.82:443
  • 95.136.41.50:443
  • 98.180.234.228:443
  • 99.232.140.205:2222
  • 99.253.251.74:443

Domains

  • ekuberr.com
  • freedombusinessclub.com
  • globalworkplacewellnesssummit.com
  • skymarkltd.com
  • sportjogiszakjogasz.hu
  • thefriendlygreen.ca

URLs

  • https://agroster.pk/qh/iinuttcodnsiu
  • https://agroster.pk/qh/Utatque1129717003.zip
  • https://ekuberr.com/asor/nmsaCedasmuu2170972107.zip
  • https://ekuberr.com/asor/nmtsveidnprooi
  • https://freedombusinessclub.com/ipte/ladomtlui
  • https://freedombusinessclub.com/ipte/nmsaCedasmuu2170972107.zip
  • https://globalworkplacewellnesssummit.com/tso/neaisdauescuqer
  • https://globalworkplacewellnesssummit.com/tso/nmsaCedasmuu2170972107.zip
  • https://henryteage.com/1rGwJ/sd.html
  • https://scavassarts.tk/orn/sercopiaruomr
  • https://scavassarts.tk/orn/Utatque1129717003.zip
  • https://skymarkltd.com/stp/litubpauvtoets
  • https://skymarkltd.com/stp/nmsaCedasmuu2170972107.zip
  • https://sportjogiszakjogasz.hu/nat/nmsaCedasmuu2170972107.zip
  • https://sportjogiszakjogasz.hu/nat/snqtuieoeu
  • https://starhealthconsultancy.com/tu/tusicncheni
  • https://starhealthconsultancy.com/tu/Utatque1129717003.zip
  • https://thefriendlygreen.ca/rbv/nmsaCedasmuu2170972107.zip
  • https://thefriendlygreen.ca/rbv/tasauqcdi

Emails

  • a.ynanomrl@aadamrealestate.com
  • acarricato@biferdil.com
  • accounts@sunderlandbakery.com
  • adm_oaxaca@pylsa.com
  • admin@maysatech.ir
  • administrator@proteam.mx
  • adriana.lara@completerecoverycorp.com
  • agustinus@julongindonesia.com
  • ana@capsecurity.net
  • bernardo@yourhostingaccount.com
  • cobkh@speedpanelmember.com
  • comercial@jespac.com
  • cpinv@curiopack.com.my
  • crystalsm.chu@wanfook.com
  • e3yocj0@adsciende-labs.site
  • erika.jimenez@firco.gob.mx
  • erml@readngr.com.ng
  • fayyaz.hussain@fazalcloth.com
  • finance@t5exchanges.com
  • fulvio@fugi.it
  • heidelbergmetal@bellnet.ca
  • hvg@gaana.com.mx
  • info@sheensolutions.com
  • ishan.b@manikaranpowerltd.in
  • jadelgado@grupodelgado.com.do
  • jawwad@sindbadwl.com
  • joaquin.tellez@firco.gob.mx
  • joe.casey@summitcmgroup.com
  • k.ikhnrue@omega.sd
  • kenna@arcticshine.ca
  • laboratorioanalisi.termoli@asrem.org
  • marianod@mroyo.com
  • marketing@toptech.com.eg
  • mezcalero@gruposeptimo.com.mx
  • mp2554@unitechservicesgroup.com
  • o.aldnurora@cookywow.xyz
  • orders@kustomkinetics.com
  • pec@esjocoli.com.ar
  • pm_bounces@pm-bounces.merf-pakistan.org
  • rjps.administracion@diocesisdeleon.org
  • roxanna.monardez@plastock.cl
  • rretrimoem.ayhv@mosqu.id
  • sales.sideeg@gsbsolars.com
  • sales4@idss.ae
  • sebastian.avila@astromaquinaria.com
  • service@eigbox.net
  • sistemacalidad@foodscompany.com
  • spanishmedicalclinic@bellnet.ca
  • ssm@alconvictorgroup.com
  • sufiyan.attar@biganimation.com
  • teleasistenciabv@vimenca.com
  • test@indicussoftware.com
  • test@nepco21.com
  • tlalnepantla@runsa.com.mx
  • tony.vo@fis-asia.com
  • uaqnj5a@ladurardradio.com
  • uy6l6c@meggriffe.com.br
  • venkatakrishnanmv@inspirisys.com
  • wair.uomsbzotill@havilahdesign.com
  • weborders@entry.dochunters.com
  • yogesh@metrod.com

MD5

  • 069fbff5bbfa4dd3295442b26893c6bb
  • 0ab49521ce08a2c351075bccb17e7e9d
  • 0ff5fc33d75199373a288294739f6c21
  • 1a8b838cb257c717004db368d30efce7
  • 1d0479ff1712082ad67a1b3b8e88d225
  • 253e5f214f20e46d88f03d4981baea37
  • 3afc16868e066a7adf2068f97e84011c
  • 3b29fec14950d78e91866d7db582e3e3
  • 3ba9f9c908beb40da52066ca0226a1d4
  • 3d2ec0f46988722d46440d53975d1b29
  • 3d9e1ad63c942c5d724cf7d0946ebbf1
  • 3eccbf958ce3c673ae93d54b8321caeb
  • 3f2f8c707ea746e5c6c46fd66624fc5b
  • 417c68601e4c185af6c2905ee240fa91
  • 41c222bda31156c93820addbf16ed805
  • 4439dba769f9f8db3f6a519a0c5d020b
  • 4fbe0478049cfac9030f5d3d18e5741e
  • 5419675e67c71009d81bf133cc7e5b57
  • 57fd70f82ebce5e9acb9da92e174a5da
  • 5cb5adee2ffdc135fbd755e1a6774757
  • 665a19143949121b401c8ecdc6c5f6e2
  • 6f1d36258db2764598bce8a2065375ba
  • 70f3ed26c5b441d481b708d1efb79ee2
  • 7840ecc22c52c858f3dbbe99232ea589
  • 821d8d27a834410b34753b28444ca1f9
  • 833da3da8d1fcc2260dc26a998e54d0a
  • 8571ba6c98347e64006b2ac20ae1f512
  • 867c917fd94a506773b0403f8e01b6eb
  • 887c99d3a88b1b91945333437afe04d5
  • 89f2dc24e0604f12d074734e79e4de56
  • 8d2aaa98bf75c6dcdc8d704ebddf7bc9
  • 9039beb05dc303aeddd322beebcff122
  • 90cd2fd8126a1f11317eb7611f2cd9c8
  • 9fa00e807805d8809c4899857eba772b
  • a6db8baa770833ab1096a7251b8082ac
  • a7f275822dfd7a4b9931ca13fa039472
  • ac7321782bb782136bc5b85ab106eaca
  • b1e020474aacf20752d9053654cfa91b
  • b74463c870d1d7347ac620e933429a5c
  • c00c92565526a25bbdf18fde42c4c4f3
  • c061bccfc441bde0f4cc306ad98a41fc
  • c7111adf2612a80d7bc35485f646d32b
  • c7e83c868a5add2c479b468331285d44
  • c9866d99b93709a87fcad9e47173d1be
  • c9e818c0ef06d66dec8d0694ba5af1b4
  • c9f9f0165454140f50b82d564d773f64
  • cef4879fd06ef0cca00ddad89981597a
  • d2c27563931d4676c812c94ed064f05b
  • de4b739c80737d7d436057fbe64681cb
  • e3d920303f934dc7f71ed1c4d67854dc
  • e627af3f4c5c04cdcb8c457cc6b93c71
  • ec4192c11d1d4b724846a4c4b49807ad
  • ef76b7e8af4887efd875ed932e42022c
  • f401b7cc2caeb6f77eb3cf641ef3d51a
  • f57e536998f505695b1936dcc1638c18
  • f6c9fb967b1f8fa3df7132feae778a54
  • fd7e32f9baaa4cba9b9e86ed7c0ac997
SEC-1275-1
Добавить комментарий