Qakbot Malware IOCs - Part 6

security IOC

Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.

Qakbot Malware IOCs

Indicators of Compromise

IPv4 Port Combinations

  • 100.1.5.250:995
  • 102.157.212.143:443
  • 102.189.184.12:995
  • 102.190.190.242:995
  • 102.38.97.229:995
  • 103.173.121.17:443
  • 105.159.30.48:443
  • 105.184.13.131:995
  • 105.184.133.198:995
  • 105.69.189.28:995
  • 105.96.207.25:443
  • 109.128.221.164:995
  • 109.155.5.164:993
  • 110.238.39.214:443
  • 110.4.255.247:443
  • 111.125.157.230:443
  • 113.170.223.53:443
  • 115.247.12.66:443
  • 118.174.89.216:443
  • 119.82.111.158:443
  • 123.23.64.230:443
  • 123.240.131.1:443
  • 131.100.40.13:995
  • 134.35.10.30:443
  • 134.35.12.0:443
  • 134.35.12.64:443
  • 134.35.13.43:443
  • 139.228.33.176:2222
  • 14.168.180.223:443
  • 14.183.63.12:443
  • 144.202.15.58:443
  • 144.202.15.58:995
  • 149.126.159.254:443
  • 149.28.38.16:443
  • 149.28.38.16:995
  • 149.28.63.197:443
  • 149.28.63.197:995
  • 151.231.60.200:2083
  • 151.234.63.48:990
  • 154.237.235.43:995
  • 154.237.49.4:995
  • 154.237.60.254:995
  • 156.199.90.139:443
  • 156.205.3.210:993
  • 156.218.169.48:995
  • 160.177.207.113:8443
  • 173.218.180.91:443
  • 176.177.136.35:443
  • 176.42.245.2:995
  • 177.103.94.155:32101
  • 177.255.14.99:995
  • 179.111.23.186:32101
  • 179.251.119.206:995
  • 180.180.131.95:443
  • 180.180.132.100:443
  • 180.232.159.9:443
  • 181.105.32.5:443
  • 181.118.183.123:443
  • 181.177.156.209:443
  • 181.206.46.7:443
  • 185.233.79.238:995
  • 186.154.92.181:443
  • 186.16.163.94:443
  • 186.48.206.63:995
  • 186.50.139.45:995
  • 186.53.115.151:995
  • 186.64.67.34:443
  • 186.72.236.88:995
  • 186.81.122.168:443
  • 186.90.144.235:2222
  • 187.150.143.159:443
  • 187.189.68.8:443
  • 187.193.143.111:443
  • 187.205.222.100:443
  • 188.157.6.170:443
  • 189.189.89.32:443
  • 189.19.189.222:32101
  • 190.44.40.48:995
  • 191.254.74.89:32101
  • 191.84.204.214:995
  • 191.92.125.254:443
  • 191.97.234.238:995
  • 193.254.32.156:443
  • 193.3.19.137:443
  • 193.3.19.37:443
  • 194.166.205.204:995
  • 196.217.32.15:443
  • 196.64.230.149:8443
  • 196.64.237.130:443
  • 197.160.22.10:443
  • 197.203.142.42:443
  • 197.203.145.251:443
  • 197.203.50.195:443
  • 197.204.227.155:443
  • 197.204.243.167:443
  • 197.41.235.69:995
  • 197.49.68.15:995
  • 197.94.84.128:443
  • 200.175.173.80:443
  • 201.209.4.2:443
  • 211.184.61.250:443
  • 212.102.56.47:443
  • 217.165.146.158:993
  • 217.165.146.223:993
  • 217.165.146.41:993
  • 217.165.97.141:993
  • 31.54.39.153:2078
  • 39.121.226.109:443
  • 39.44.5.104:995
  • 41.102.97.28:443
  • 41.104.132.166:443
  • 41.104.77.244:443
  • 41.104.80.233:443
  • 41.105.159.42:443
  • 41.105.89.30:443
  • 41.107.112.236:995
  • 41.111.1.60:995
  • 41.111.118.56:443
  • 41.111.72.234:995
  • 41.140.98.37:995
  • 41.227.228.31:443
  • 41.249.123.100:995
  • 41.40.146.5:995
  • 41.68.155.190:443
  • 41.68.209.102:995
  • 41.69.103.179:995
  • 41.69.236.243:995
  • 41.96.130.46:80
  • 41.96.204.133:443
  • 41.97.179.58:443
  • 41.97.65.83:443
  • 41.98.11.74:443
  • 41.99.36.158:443
  • 41.99.57.155:443
  • 45.51.148.111:993
  • 45.63.10.144:443
  • 45.63.10.144:995
  • 45.77.159.252:443
  • 45.77.159.252:995
  • 49.205.197.13:443
  • 58.186.75.42:443
  • 64.207.215.69:443
  • 66.181.164.43:443
  • 68.224.229.42:443
  • 68.53.110.74:995
  • 70.49.33.200:2222
  • 70.51.132.197:2222
  • 72.66.96.129:995
  • 72.88.245.71:443
  • 73.252.27.208:995
  • 74.133.189.36:443
  • 75.71.96.226:995
  • 76.169.76.44:2222
  • 82.217.55.20:443
  • 84.3.85.30:443
  • 84.38.133.191:443
  • 85.245.143.94:443
  • 85.86.242.245:443
  • 85.94.178.73:995
  • 85.98.206.165:995
  • 86.132.13.105:2078
  • 86.132.13.49:2078
  • 86.176.180.223:993
  • 86.196.181.62:2222
  • 87.243.113.104:995
  • 88.168.84.62:443
  • 88.231.221.198:995
  • 88.232.207.24:443
  • 88.237.6.72:53
  • 88.245.168.200:2222
  • 89.211.217.38:995
  • 89.211.223.138:2222
  • 91.116.160.252:443
  • 92.98.73.123:443
  • 96.234.66.76:995
  • 99.232.140.205:2222
  • 99.253.251.74:443

Domains

  • advpopovic.rs
  • ceama.in
  • comprehensive-csp.com
  • consultoresenseguridad.com
  • dekorabyliavazquez.com
  • digital-apps.id
  • gegram.com.pe
  • homexperimenter.com
  • icardiaca.com
  • iskovala.net
  • jpacloud.in
  • kogarnish.com.au
  • oribat.ci
  • seabreeze.co.tz
  • squeakyccs.com
  • vighnaharpolypack.com

URLs

  • https://advpopovic.rs/ia/Acc3626913355.zip
  • https://advpopovic.rs/ia/setustan
  • https://ceama.in/iqaa/Acc3626913355.zip
  • https://ceama.in/iqaa/ntmluslii
  • https://comprehensive-csp.com/gaua/Gall566239174.zip
  • https://comprehensive-csp.com/gaua/giaiqtteuafu
  • https://consultoresenseguridad.com/nc/Gall566239174.zip
  • https://consultoresenseguridad.com/nc/nmaeegnmuaq
  • https://dekorabyliavazquez.com/qm/squucmuaoacs
  • https://digital-apps.id/lbs/utmioinqceieaxeattre
  • https://gegram.com.pe/amai/Acc3626913355.zip
  • https://gegram.com.pe/amai/ieletsov
  • https://homexperimenter.com/to/aqineumiv
  • https://icardiaca.com/ee/tpguroiorfa
  • https://icardiaca.com/ee/vitletE2100430228.zip
  • https://iskovala.net/dai/eoealittesm
  • https://iskovala.net/dai/Gall566239174.zip
  • https://jpacloud.in/ag/Acc3626913355.zip
  • https://jpacloud.in/ag/rldooni
  • https://kogarnish.com.au/aetd/Gall566239174.zip
  • https://kogarnish.com.au/aetd/odpiscqiuai
  • https://oribat.ci/qt/Acc3626913355.zip
  • https://oribat.ci/qt/noetanm
  • https://seabreeze.co.tz/stf/Gall566239174.zip
  • https://squeakyccs.com/rct/Gall566239174.zip
  • https://squeakyccs.com/rct/uibstaon
  • https://vighnaharpolypack.com/stbo/Acc3626913355.zip
  • https://vighnaharpolypack.com/stbo/eiruxberlocmpa

Emails

  • a8ly0ebe@vyllo-fragrance.com
  • aemhboro.mi@beningsbatam.com
  • ahn79ans@industriele-hanglamp.nl
  • ak66y@keziaschool.com
  • daa92n@trio-m.com
  • diickw@thekaranchauhanshow.com
  • ekppeo@powersolution.com.np
  • info@icofergroup.it
  • isbosa.hdcaaj@solarib.com
  • iyklan@madaratksa.com
  • lncnto6i0@poliskiyafetim.com
  • nkwearl@nikmelbo.com
  • norinca@soojon.com
  • r9fo4d@koradmeble.com
  • saskia.niehaus@online.de
  • sopenichet@hotelescuelaecotur.com
  • test@bonsol.or.kr
  • test@enywheyservices.com
  • tklnyernosai.id@coffeebagsethiopia.com
  • ycryono@overseaseg.com

MD5

  • 03b07cbf319d54244bea6049dfdd341c
  • 06bab6749f9780f90c61cbae40a38833
  • 0a298002758acefbbd6836cebc1f2621
  • 0b1b868b056904d9abf28106a31f1aa0
  • 0e05efecbf50920a5907859997fecc78
  • 123a89f53c89da9e78114d2d5ee22f1e
  • 2392b418e5ca8b31556d9c457ab059af
  • 2904f35285d683ea0e930d61c103237f
  • 2d55ae1ef356395df42adeb3bebadbc8
  • 2dc921c4d112a7bdb07dbd71f5c57e82
  • 3248d86c056ac650b6d6cdd49146287f
  • 45d72af3a989af4691e08076fa634480
  • 478242e3413d251bd722e6021aca992a
  • 4a812f4df63029d10e96c7c36d96a164
  • 4e08c44bf063ff301847719a69f72152
  • 544efe8a6ed70d35790b6b6061a0fd01
  • 5af4bdcca79f43c93c8b0e40aaa9f098
  • 65c3d1d0c006987cea55b70b8ec7da2b
  • 778790ca0c30cbb51e580d5c71c4f766
  • 7cd7893535739a411e68dab7474a6fa3
  • 7d5fbafef55e6eb14073fc9571366858
  • 7efc633ab85ec44720d8df916e7e90fa
  • 7f01c8e106f796e577b38cec91a2c27f
  • 8a8b280d3253259918114a6c386a4129
  • 91b459158262a9e90f84f0f9b111b06b
  • 9bb6a1c50bc2a84ee83577d285a27b23
  • 9f2407bd26976f4d767c7e6ca0bc62c2
  • ac0ed93fa5fef343d6640e2511f8c42b
  • b02f5cf8fcae846e3629066864559728
  • c05798268fcde7fbda9305a54389bb79
  • c244b46cff8c9740efc8eb9dc8f9ea68
  • c45f682c11b2a0d99ea3e15bdd710b95
  • c4d9ae2231d91e1bd64ced6bf7415f09
  • db21ef9b2ec2921db8b48f440bfe15ad
  • dda1ee742696be58470ce64ae0e3df67
  • e17ff4c8e0da566b6fbe6ce54101eee7
  • e1dbe633b5fb320df0569700754ff399
  • e22a4ef15b7c6c9eb884e445cefa2ef9
  • e35ce08944d14a114181479a0953fd6c
  • e535e1dce1b52949ce12f41ad18b31d0
  • e89a8386ced65c73b610d9ba98e30e3d
  • f2b85d3d767c3c29ff02b1a51e7d93ca
  • f533e6c66d8a458c97c2bd408757d481
  • f5e764a346d29a3959b63d96811b53b0
  • fb75930705f22e2a361e69c3174ea26b
SEC-1275-1
Добавить комментарий