Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.
Qakbot Malware IOCs
- Qbot Botnet IOC
- Qbot Trojan IOCs
- Qakbot (Qbot) Trojan IOCs
- Qakbot Malware IOCs
- Qakbot Malware IOCs - Part 5
- Qakbot Malware IOCs - Part 6
- Qakbot Trojan IOCs - Part 7
- Qakbot Trojan IOCs - Part 8
Indicators of Compromise
IPv4 Port Combinations
- 1.53.101.75:443
- 102.158.17.105:443
- 102.187.59.86:995
- 102.189.242.128:995
- 104.233.202.195:443
- 105.108.189.56:443
- 105.108.80.229:443
- 105.154.60.233:995
- 105.156.242.71:443
- 105.159.124.224:443
- 105.197.208.168:995
- 105.69.142.130:995
- 109.177.128.182:443
- 110.159.63.62:443
- 113.170.223.42:443
- 118.216.99.232:443
- 125.20.84.122:443
- 125.26.193.137:995
- 134.35.1.115:443
- 139.228.33.176:2222
- 14.230.114.151:443
- 144.202.15.58:443
- 144.202.15.58:995
- 146.70.9.13:2222
- 148.213.109.165:995
- 156.146.55.173:2222
- 156.174.26.63:443
- 156.212.50.148:443
- 163.182.177.80:443
- 167.56.71.49:443
- 167.58.235.5:443
- 177.205.74.14:2222
- 179.105.182.216:995
- 179.25.153.200:995
- 180.65.194.65:443
- 181.128.21.133:443
- 181.141.3.126:443
- 181.164.194.228:443
- 181.197.41.173:443
- 181.30.225.9:443
- 181.44.34.172:443
- 183.182.86.158:443
- 186.0.51.202:443
- 186.139.116.78:443
- 186.15.213.14:443
- 186.18.210.16:443
- 186.18.77.99:443
- 186.188.96.197:443
- 186.86.212.138:443
- 187.101.200.186:995
- 187.198.67.140:443
- 187.198.8.241:443
- 187.37.47.42:995
- 187.56.91.215:995
- 187.58.165.81:443
- 189.243.187.76:443
- 190.100.149.122:995
- 190.181.17.58:443
- 190.193.180.228:443
- 190.200.10.82:2222
- 190.204.74.4:2222
- 190.205.229.67:2222
- 190.26.159.133:995
- 191.165.254.63:2222
- 191.254.53.134:995
- 193.201.187.64:443
- 193.27.13.28:32100
- 196.207.146.151:443
- 196.235.137.166:443
- 196.65.103.80:995
- 196.65.255.151:995
- 197.0.89.147:443
- 197.158.89.85:443
- 197.204.233.216:443
- 197.63.250.197:993
- 197.94.79.39:443
- 198.2.51.242:993
- 220.123.29.76:443
- 23.225.104.250:443
- 31.166.182.166:443
- 39.44.5.102:995
- 41.101.129.54:443
- 41.101.200.226:443
- 41.105.150.238:443
- 41.107.209.163:443
- 41.109.253.237:443
- 41.109.62.192:443
- 41.111.66.163:443
- 41.141.239.223:995
- 41.200.165.185:443
- 41.230.147.223:443
- 41.96.120.232:443
- 41.98.236.210:443
- 41.99.208.154:443
- 41.99.85.8:443
- 42.115.244.80:443
- 42.189.32.186:80
- 45.227.251.167:2222
- 45.230.169.132:443
- 45.230.169.132:995
- 46.185.147.165:443
- 58.186.75.42:443
- 58.186.91.228:443
- 72.88.245.71:443
- 79.100.58.254:443
- 85.110.133.32:443
- 85.171.48.85:443
- 93.156.96.171:443
- 94.52.127.44:443
- 96.234.66.76:995
URLs
- https://digizen.in/omd/onnnmois
- http://drc.co.th/ioen/uuqtetnsa
SHA256
- 06bc78dafd94e479b5be0f5c9048990c23bf6b9b64dfce93039555e1eec46ab3
- 0e6bf800c68afc28e11d2a9c4ed8d68006e31dad0bc2330452502d363a4d1f51
- 10afa9374deef0bc44fae6fc28be88c3999bb2410f07b7159dbd1882a94e9189
- 3b409b4b2e9fd7777c918e0af108766a16d6fc5adfd604f879d6136c1eb01c68
- bcda029a06f7e9362d5063a34859978e4a618af48b483c762312cb8283965422
- e4cc608a9825d4f4ec45c2e8b9153e28ef3e7eae4a7a7327f52b02361cdec267