Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.
Qakbot Malware IOCs
Indicators of Compromise
IPv4 Port Combinations
- 1.10.253.207:443
- 100.1.5.250:995
- 102.101.231.141:443
- 102.184.151.194:995
- 102.188.100.131:995
- 102.38.96.108:995
- 102.38.97.229:995
- 102.40.236.32:995
- 104.34.212.7:32103
- 105.105.104.0:443
- 105.109.138.89:443
- 105.111.60.60:995
- 105.159.30.48:443
- 105.197.192.21:995
- 105.98.130.85:443
- 105.99.214.62:995
- 105.99.217.147:995
- 105.99.80.23:443
- 109.155.5.164:993
- 109.158.159.179:993
- 109.200.165.82:443
- 110.4.255.247:443
- 111.125.245.116:995
- 113.170.216.154:443
- 113.22.102.155:443
- 118.174.200.169:995
- 118.174.204.204:995
- 118.175.247.124:995
- 118.216.99.232:443
- 118.68.220.199:443
- 119.42.124.18:443
- 119.82.111.158:443
- 120.150.218.241:995
- 123.240.131.1:443
- 125.26.54.57:995
- 134.35.11.110:443
- 134.35.13.201:443
- 134.35.13.43:443
- 134.35.13.45:443
- 134.35.9.144:443
- 138.0.114.166:443
- 139.195.132.210:2222
- 139.195.63.45:2222
- 139.228.33.176:2222
- 14.183.63.12:443
- 14.184.97.67:443
- 141.164.254.35:443
- 151.234.63.48:990
- 151.234.97.239:990
- 154.181.136.133:995
- 154.181.203.230:995
- 154.238.151.197:995
- 154.246.182.210:443
- 156.213.107.29:995
- 156.219.49.22:995
- 160.152.135.188:2222
- 160.176.204.241:443
- 167.60.82.242:995
- 169.1.47.111:443
- 169.159.95.135:2222
- 171.238.230.59:443
- 171.248.157.128:995
- 172.115.177.204:2222
- 173.189.167.21:995
- 173.218.180.91:443
- 175.110.231.67:443
- 176.42.245.2:995
- 176.90.193.145:2222
- 177.255.14.99:995
- 179.108.32.195:443
- 179.111.111.88:32101
- 179.158.103.236:443
- 179.223.89.154:995
- 179.24.245.193:995
- 180.180.131.95:443
- 181.111.20.201:443
- 181.118.183.123:443
- 181.127.138.30:443
- 181.231.229.133:443
- 181.56.125.32:443
- 181.59.3.118:443
- 181.80.133.202:443
- 181.81.116.144:443
- 182.213.208.5:443
- 184.82.110.50:995
- 184.99.123.118:443
- 186.105.182.127:443
- 186.120.58.88:443
- 186.154.92.181:443
- 186.167.249.206:443
- 186.50.245.74:995
- 186.64.87.202:443
- 187.205.222.100:443
- 188.157.6.170:443
- 189.19.189.222:32101
- 190.158.58.236:443
- 190.44.40.48:995
- 190.59.247.136:995
- 191.254.74.89:32101
- 191.84.204.214:995
- 191.97.234.238:995
- 193.3.19.37:443
- 194.166.205.204:995
- 194.166.207.160:995
- 194.49.79.231:443
- 196.112.34.71:443
- 196.64.231.231:443
- 196.64.239.93:443
- 196.92.172.24:8443
- 197.11.128.156:443
- 197.204.143.46:443
- 197.204.209.38:443
- 197.204.243.167:443
- 197.49.50.44:443
- 197.94.210.133:443
- 197.94.84.128:443
- 2.182.104.151:990
- 2.185.210.129:990
- 2.89.78.130:993
- 200.161.62.126:32101
- 201.177.163.176:443
- 210.195.18.76:2222
- 211.248.176.4:443
- 212.156.51.194:443
- 217.165.146.41:993
- 217.165.77.134:443
- 217.165.77.134:995
- 217.165.85.223:993
- 219.69.103.199:443
- 220.116.250.45:443
- 24.139.72.117:443
- 24.178.196.158:2222
- 24.55.67.176:443
- 27.73.215.46:32102
- 31.166.116.171:443
- 31.32.180.179:443
- 31.54.39.153:2078
- 37.210.148.30:995
- 37.34.253.233:443
- 37.37.206.87:995
- 37.76.197.124:443
- 39.49.67.4:995
- 41.103.226.172:443
- 41.105.197.244:443
- 41.107.78.223:995
- 41.111.1.60:995
- 41.111.77.115:995
- 41.142.132.190:443
- 41.248.89.135:443
- 41.69.103.179:995
- 41.69.118.117:995
- 41.96.152.196:443
- 41.96.171.218:443
- 41.96.56.224:443
- 41.97.64.224:443
- 41.97.76.61:443
- 41.99.57.155:443
- 45.160.124.211:995
- 45.183.234.180:443
- 45.241.140.181:995
- 45.51.148.111:993
- 46.107.48.202:443
- 46.116.229.16:443
- 46.186.216.41:32100
- 47.146.182.110:443
- 47.180.172.159:443
- 47.23.89.61:993
- 47.23.89.61:995
- 61.105.45.244:443
- 61.70.29.53:443
- 62.114.193.186:995
- 63.143.92.99:995
- 64.207.215.69:443
- 66.181.164.43:443
- 67.209.195.198:443
- 68.129.232.158:443
- 68.151.196.147:995
- 68.224.229.42:443
- 68.50.190.55:443
- 68.53.110.74:995
- 70.46.220.114:443
- 70.49.33.200:2222
- 70.51.132.197:2222
- 70.81.121.237:2222
- 71.10.27.196:2222
- 72.66.96.129:995
- 72.88.245.71:443
- 76.169.76.44:2222
- 78.100.225.34:2222
- 78.100.228.93:995
- 78.100.254.17:2222
- 78.101.202.75:50010
- 78.168.87.170:2222
- 78.182.113.80:443
- 81.131.161.131:2078
- 81.214.220.237:443
- 81.56.22.251:995
- 83.110.219.59:993
- 84.238.253.171:443
- 84.38.133.191:443
- 85.114.110.108:443
- 85.114.99.34:443
- 85.139.203.42:32101
- 85.98.206.165:995
- 85.98.46.114:443
- 86.98.156.176:993
- 86.98.156.218:993
- 87.220.229.164:2222
- 87.243.113.104:995
- 87.75.195.211:443
- 88.231.221.198:443
- 88.231.221.198:995
- 88.232.207.24:443
- 88.242.228.16:53
- 88.244.84.195:443
- 88.245.103.132:2222
- 88.245.168.200:2222
- 88.246.170.2:443
- 88.251.38.53:443
- 89.211.217.38:995
- 89.211.223.138:2222
- 91.116.160.252:443
- 93.48.80.198:995
- 94.99.110.157:995
- 95.10.13.82:443
- 95.136.41.50:443
- 98.180.234.228:443
- 99.232.140.205:2222
- 99.253.251.74:443
Domains
- ekuberr.com
- freedombusinessclub.com
- globalworkplacewellnesssummit.com
- skymarkltd.com
- sportjogiszakjogasz.hu
- thefriendlygreen.ca
URLs
- https://agroster.pk/qh/iinuttcodnsiu
- https://agroster.pk/qh/Utatque1129717003.zip
- https://ekuberr.com/asor/nmsaCedasmuu2170972107.zip
- https://ekuberr.com/asor/nmtsveidnprooi
- https://freedombusinessclub.com/ipte/ladomtlui
- https://freedombusinessclub.com/ipte/nmsaCedasmuu2170972107.zip
- https://globalworkplacewellnesssummit.com/tso/neaisdauescuqer
- https://globalworkplacewellnesssummit.com/tso/nmsaCedasmuu2170972107.zip
- https://henryteage.com/1rGwJ/sd.html
- https://scavassarts.tk/orn/sercopiaruomr
- https://scavassarts.tk/orn/Utatque1129717003.zip
- https://skymarkltd.com/stp/litubpauvtoets
- https://skymarkltd.com/stp/nmsaCedasmuu2170972107.zip
- https://sportjogiszakjogasz.hu/nat/nmsaCedasmuu2170972107.zip
- https://sportjogiszakjogasz.hu/nat/snqtuieoeu
- https://starhealthconsultancy.com/tu/tusicncheni
- https://starhealthconsultancy.com/tu/Utatque1129717003.zip
- https://thefriendlygreen.ca/rbv/nmsaCedasmuu2170972107.zip
- https://thefriendlygreen.ca/rbv/tasauqcdi
Emails
- a.ynanomrl@aadamrealestate.com
- acarricato@biferdil.com
- accounts@sunderlandbakery.com
- adm_oaxaca@pylsa.com
- admin@maysatech.ir
- administrator@proteam.mx
- adriana.lara@completerecoverycorp.com
- agustinus@julongindonesia.com
- ana@capsecurity.net
- bernardo@yourhostingaccount.com
- cobkh@speedpanelmember.com
- comercial@jespac.com
- cpinv@curiopack.com.my
- crystalsm.chu@wanfook.com
- e3yocj0@adsciende-labs.site
- erika.jimenez@firco.gob.mx
- erml@readngr.com.ng
- fayyaz.hussain@fazalcloth.com
- finance@t5exchanges.com
- fulvio@fugi.it
- heidelbergmetal@bellnet.ca
- hvg@gaana.com.mx
- info@sheensolutions.com
- ishan.b@manikaranpowerltd.in
- jadelgado@grupodelgado.com.do
- jawwad@sindbadwl.com
- joaquin.tellez@firco.gob.mx
- joe.casey@summitcmgroup.com
- k.ikhnrue@omega.sd
- kenna@arcticshine.ca
- laboratorioanalisi.termoli@asrem.org
- marianod@mroyo.com
- marketing@toptech.com.eg
- mezcalero@gruposeptimo.com.mx
- mp2554@unitechservicesgroup.com
- o.aldnurora@cookywow.xyz
- orders@kustomkinetics.com
- pec@esjocoli.com.ar
- pm_bounces@pm-bounces.merf-pakistan.org
- rjps.administracion@diocesisdeleon.org
- roxanna.monardez@plastock.cl
- rretrimoem.ayhv@mosqu.id
- sales.sideeg@gsbsolars.com
- sales4@idss.ae
- sebastian.avila@astromaquinaria.com
- service@eigbox.net
- sistemacalidad@foodscompany.com
- spanishmedicalclinic@bellnet.ca
- ssm@alconvictorgroup.com
- sufiyan.attar@biganimation.com
- teleasistenciabv@vimenca.com
- test@indicussoftware.com
- test@nepco21.com
- tlalnepantla@runsa.com.mx
- tony.vo@fis-asia.com
- uaqnj5a@ladurardradio.com
- uy6l6c@meggriffe.com.br
- venkatakrishnanmv@inspirisys.com
- wair.uomsbzotill@havilahdesign.com
- weborders@entry.dochunters.com
- yogesh@metrod.com
MD5
- 069fbff5bbfa4dd3295442b26893c6bb
- 0ab49521ce08a2c351075bccb17e7e9d
- 0ff5fc33d75199373a288294739f6c21
- 1a8b838cb257c717004db368d30efce7
- 1d0479ff1712082ad67a1b3b8e88d225
- 253e5f214f20e46d88f03d4981baea37
- 3afc16868e066a7adf2068f97e84011c
- 3b29fec14950d78e91866d7db582e3e3
- 3ba9f9c908beb40da52066ca0226a1d4
- 3d2ec0f46988722d46440d53975d1b29
- 3d9e1ad63c942c5d724cf7d0946ebbf1
- 3eccbf958ce3c673ae93d54b8321caeb
- 3f2f8c707ea746e5c6c46fd66624fc5b
- 417c68601e4c185af6c2905ee240fa91
- 41c222bda31156c93820addbf16ed805
- 4439dba769f9f8db3f6a519a0c5d020b
- 4fbe0478049cfac9030f5d3d18e5741e
- 5419675e67c71009d81bf133cc7e5b57
- 57fd70f82ebce5e9acb9da92e174a5da
- 5cb5adee2ffdc135fbd755e1a6774757
- 665a19143949121b401c8ecdc6c5f6e2
- 6f1d36258db2764598bce8a2065375ba
- 70f3ed26c5b441d481b708d1efb79ee2
- 7840ecc22c52c858f3dbbe99232ea589
- 821d8d27a834410b34753b28444ca1f9
- 833da3da8d1fcc2260dc26a998e54d0a
- 8571ba6c98347e64006b2ac20ae1f512
- 867c917fd94a506773b0403f8e01b6eb
- 887c99d3a88b1b91945333437afe04d5
- 89f2dc24e0604f12d074734e79e4de56
- 8d2aaa98bf75c6dcdc8d704ebddf7bc9
- 9039beb05dc303aeddd322beebcff122
- 90cd2fd8126a1f11317eb7611f2cd9c8
- 9fa00e807805d8809c4899857eba772b
- a6db8baa770833ab1096a7251b8082ac
- a7f275822dfd7a4b9931ca13fa039472
- ac7321782bb782136bc5b85ab106eaca
- b1e020474aacf20752d9053654cfa91b
- b74463c870d1d7347ac620e933429a5c
- c00c92565526a25bbdf18fde42c4c4f3
- c061bccfc441bde0f4cc306ad98a41fc
- c7111adf2612a80d7bc35485f646d32b
- c7e83c868a5add2c479b468331285d44
- c9866d99b93709a87fcad9e47173d1be
- c9e818c0ef06d66dec8d0694ba5af1b4
- c9f9f0165454140f50b82d564d773f64
- cef4879fd06ef0cca00ddad89981597a
- d2c27563931d4676c812c94ed064f05b
- de4b739c80737d7d436057fbe64681cb
- e3d920303f934dc7f71ed1c4d67854dc
- e627af3f4c5c04cdcb8c457cc6b93c71
- ec4192c11d1d4b724846a4c4b49807ad
- ef76b7e8af4887efd875ed932e42022c
- f401b7cc2caeb6f77eb3cf641ef3d51a
- f57e536998f505695b1936dcc1638c18
- f6c9fb967b1f8fa3df7132feae778a54
- fd7e32f9baaa4cba9b9e86ed7c0ac997