Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.
Qakbot Malware IOCs
- Qbot Botnet IOC
- Qbot Trojan IOCs
- Qakbot (Qbot) Trojan IOCs
- Qakbot Malware IOCs
- Qakbot Malware IOCs - Part 5
Indicators of Compromise
IPv4 Port Combinations
- 100.1.5.250:995
- 102.157.212.143:443
- 102.189.184.12:995
- 102.190.190.242:995
- 102.38.97.229:995
- 103.173.121.17:443
- 105.159.30.48:443
- 105.184.13.131:995
- 105.184.133.198:995
- 105.69.189.28:995
- 105.96.207.25:443
- 109.128.221.164:995
- 109.155.5.164:993
- 110.238.39.214:443
- 110.4.255.247:443
- 111.125.157.230:443
- 113.170.223.53:443
- 115.247.12.66:443
- 118.174.89.216:443
- 119.82.111.158:443
- 123.23.64.230:443
- 123.240.131.1:443
- 131.100.40.13:995
- 134.35.10.30:443
- 134.35.12.0:443
- 134.35.12.64:443
- 134.35.13.43:443
- 139.228.33.176:2222
- 14.168.180.223:443
- 14.183.63.12:443
- 144.202.15.58:443
- 144.202.15.58:995
- 149.126.159.254:443
- 149.28.38.16:443
- 149.28.38.16:995
- 149.28.63.197:443
- 149.28.63.197:995
- 151.231.60.200:2083
- 151.234.63.48:990
- 154.237.235.43:995
- 154.237.49.4:995
- 154.237.60.254:995
- 156.199.90.139:443
- 156.205.3.210:993
- 156.218.169.48:995
- 160.177.207.113:8443
- 173.218.180.91:443
- 176.177.136.35:443
- 176.42.245.2:995
- 177.103.94.155:32101
- 177.255.14.99:995
- 179.111.23.186:32101
- 179.251.119.206:995
- 180.180.131.95:443
- 180.180.132.100:443
- 180.232.159.9:443
- 181.105.32.5:443
- 181.118.183.123:443
- 181.177.156.209:443
- 181.206.46.7:443
- 185.233.79.238:995
- 186.154.92.181:443
- 186.16.163.94:443
- 186.48.206.63:995
- 186.50.139.45:995
- 186.53.115.151:995
- 186.64.67.34:443
- 186.72.236.88:995
- 186.81.122.168:443
- 186.90.144.235:2222
- 187.150.143.159:443
- 187.189.68.8:443
- 187.193.143.111:443
- 187.205.222.100:443
- 188.157.6.170:443
- 189.189.89.32:443
- 189.19.189.222:32101
- 190.44.40.48:995
- 191.254.74.89:32101
- 191.84.204.214:995
- 191.92.125.254:443
- 191.97.234.238:995
- 193.254.32.156:443
- 193.3.19.137:443
- 193.3.19.37:443
- 194.166.205.204:995
- 196.217.32.15:443
- 196.64.230.149:8443
- 196.64.237.130:443
- 197.160.22.10:443
- 197.203.142.42:443
- 197.203.145.251:443
- 197.203.50.195:443
- 197.204.227.155:443
- 197.204.243.167:443
- 197.41.235.69:995
- 197.49.68.15:995
- 197.94.84.128:443
- 200.175.173.80:443
- 201.209.4.2:443
- 211.184.61.250:443
- 212.102.56.47:443
- 217.165.146.158:993
- 217.165.146.223:993
- 217.165.146.41:993
- 217.165.97.141:993
- 31.54.39.153:2078
- 39.121.226.109:443
- 39.44.5.104:995
- 41.102.97.28:443
- 41.104.132.166:443
- 41.104.77.244:443
- 41.104.80.233:443
- 41.105.159.42:443
- 41.105.89.30:443
- 41.107.112.236:995
- 41.111.1.60:995
- 41.111.118.56:443
- 41.111.72.234:995
- 41.140.98.37:995
- 41.227.228.31:443
- 41.249.123.100:995
- 41.40.146.5:995
- 41.68.155.190:443
- 41.68.209.102:995
- 41.69.103.179:995
- 41.69.236.243:995
- 41.96.130.46:80
- 41.96.204.133:443
- 41.97.179.58:443
- 41.97.65.83:443
- 41.98.11.74:443
- 41.99.36.158:443
- 41.99.57.155:443
- 45.51.148.111:993
- 45.63.10.144:443
- 45.63.10.144:995
- 45.77.159.252:443
- 45.77.159.252:995
- 49.205.197.13:443
- 58.186.75.42:443
- 64.207.215.69:443
- 66.181.164.43:443
- 68.224.229.42:443
- 68.53.110.74:995
- 70.49.33.200:2222
- 70.51.132.197:2222
- 72.66.96.129:995
- 72.88.245.71:443
- 73.252.27.208:995
- 74.133.189.36:443
- 75.71.96.226:995
- 76.169.76.44:2222
- 82.217.55.20:443
- 84.3.85.30:443
- 84.38.133.191:443
- 85.245.143.94:443
- 85.86.242.245:443
- 85.94.178.73:995
- 85.98.206.165:995
- 86.132.13.105:2078
- 86.132.13.49:2078
- 86.176.180.223:993
- 86.196.181.62:2222
- 87.243.113.104:995
- 88.168.84.62:443
- 88.231.221.198:995
- 88.232.207.24:443
- 88.237.6.72:53
- 88.245.168.200:2222
- 89.211.217.38:995
- 89.211.223.138:2222
- 91.116.160.252:443
- 92.98.73.123:443
- 96.234.66.76:995
- 99.232.140.205:2222
- 99.253.251.74:443
Domains
- advpopovic.rs
- ceama.in
- comprehensive-csp.com
- consultoresenseguridad.com
- dekorabyliavazquez.com
- digital-apps.id
- gegram.com.pe
- homexperimenter.com
- icardiaca.com
- iskovala.net
- jpacloud.in
- kogarnish.com.au
- oribat.ci
- seabreeze.co.tz
- squeakyccs.com
- vighnaharpolypack.com
URLs
- https://advpopovic.rs/ia/Acc3626913355.zip
- https://advpopovic.rs/ia/setustan
- https://ceama.in/iqaa/Acc3626913355.zip
- https://ceama.in/iqaa/ntmluslii
- https://comprehensive-csp.com/gaua/Gall566239174.zip
- https://comprehensive-csp.com/gaua/giaiqtteuafu
- https://consultoresenseguridad.com/nc/Gall566239174.zip
- https://consultoresenseguridad.com/nc/nmaeegnmuaq
- https://dekorabyliavazquez.com/qm/squucmuaoacs
- https://digital-apps.id/lbs/utmioinqceieaxeattre
- https://gegram.com.pe/amai/Acc3626913355.zip
- https://gegram.com.pe/amai/ieletsov
- https://homexperimenter.com/to/aqineumiv
- https://icardiaca.com/ee/tpguroiorfa
- https://icardiaca.com/ee/vitletE2100430228.zip
- https://iskovala.net/dai/eoealittesm
- https://iskovala.net/dai/Gall566239174.zip
- https://jpacloud.in/ag/Acc3626913355.zip
- https://jpacloud.in/ag/rldooni
- https://kogarnish.com.au/aetd/Gall566239174.zip
- https://kogarnish.com.au/aetd/odpiscqiuai
- https://oribat.ci/qt/Acc3626913355.zip
- https://oribat.ci/qt/noetanm
- https://seabreeze.co.tz/stf/Gall566239174.zip
- https://squeakyccs.com/rct/Gall566239174.zip
- https://squeakyccs.com/rct/uibstaon
- https://vighnaharpolypack.com/stbo/Acc3626913355.zip
- https://vighnaharpolypack.com/stbo/eiruxberlocmpa
Emails
- a8ly0ebe@vyllo-fragrance.com
- aemhboro.mi@beningsbatam.com
- ahn79ans@industriele-hanglamp.nl
- ak66y@keziaschool.com
- daa92n@trio-m.com
- diickw@thekaranchauhanshow.com
- ekppeo@powersolution.com.np
- info@icofergroup.it
- isbosa.hdcaaj@solarib.com
- iyklan@madaratksa.com
- lncnto6i0@poliskiyafetim.com
- nkwearl@nikmelbo.com
- norinca@soojon.com
- r9fo4d@koradmeble.com
- saskia.niehaus@online.de
- sopenichet@hotelescuelaecotur.com
- test@bonsol.or.kr
- test@enywheyservices.com
- tklnyernosai.id@coffeebagsethiopia.com
- ycryono@overseaseg.com
MD5
- 03b07cbf319d54244bea6049dfdd341c
- 06bab6749f9780f90c61cbae40a38833
- 0a298002758acefbbd6836cebc1f2621
- 0b1b868b056904d9abf28106a31f1aa0
- 0e05efecbf50920a5907859997fecc78
- 123a89f53c89da9e78114d2d5ee22f1e
- 2392b418e5ca8b31556d9c457ab059af
- 2904f35285d683ea0e930d61c103237f
- 2d55ae1ef356395df42adeb3bebadbc8
- 2dc921c4d112a7bdb07dbd71f5c57e82
- 3248d86c056ac650b6d6cdd49146287f
- 45d72af3a989af4691e08076fa634480
- 478242e3413d251bd722e6021aca992a
- 4a812f4df63029d10e96c7c36d96a164
- 4e08c44bf063ff301847719a69f72152
- 544efe8a6ed70d35790b6b6061a0fd01
- 5af4bdcca79f43c93c8b0e40aaa9f098
- 65c3d1d0c006987cea55b70b8ec7da2b
- 778790ca0c30cbb51e580d5c71c4f766
- 7cd7893535739a411e68dab7474a6fa3
- 7d5fbafef55e6eb14073fc9571366858
- 7efc633ab85ec44720d8df916e7e90fa
- 7f01c8e106f796e577b38cec91a2c27f
- 8a8b280d3253259918114a6c386a4129
- 91b459158262a9e90f84f0f9b111b06b
- 9bb6a1c50bc2a84ee83577d285a27b23
- 9f2407bd26976f4d767c7e6ca0bc62c2
- ac0ed93fa5fef343d6640e2511f8c42b
- b02f5cf8fcae846e3629066864559728
- c05798268fcde7fbda9305a54389bb79
- c244b46cff8c9740efc8eb9dc8f9ea68
- c45f682c11b2a0d99ea3e15bdd710b95
- c4d9ae2231d91e1bd64ced6bf7415f09
- db21ef9b2ec2921db8b48f440bfe15ad
- dda1ee742696be58470ce64ae0e3df67
- e17ff4c8e0da566b6fbe6ce54101eee7
- e1dbe633b5fb320df0569700754ff399
- e22a4ef15b7c6c9eb884e445cefa2ef9
- e35ce08944d14a114181479a0953fd6c
- e535e1dce1b52949ce12f41ad18b31d0
- e89a8386ced65c73b610d9ba98e30e3d
- f2b85d3d767c3c29ff02b1a51e7d93ca
- f533e6c66d8a458c97c2bd408757d481
- f5e764a346d29a3959b63d96811b53b0
- fb75930705f22e2a361e69c3174ea26b
