Qakbot Trojan IOCs - Part 36

Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.

Indicators of Compromise

IPv4 Port Combinations

100.6.31.96:443
102.156.218.92:443
103.123.223.171:443
103.140.174.20:2222
103.141.50.79:995
103.42.86.42:995
103.87.128.228:443
105.101.110.37:443
105.186.242.203:995
108.190.115.159:443
109.159.119.82:2222
109.50.128.59:2222
113.11.92.30:443
116.74.164.93:443
119.82.121.87:443
12.172.173.82:20
12.172.173.82:2087
12.172.173.82:21
12.172.173.82:22
12.172.173.82:32101
12.172.173.82:465
12.172.173.82:50001
12.172.173.82:993
12.172.173.82:995
12.20.0.235:2222
122.184.143.86:443
122.186.210.254:443
125.99.69.178:443
125.99.76.102:443
136.35.241.159:443
139.226.47.229:995
14.192.241.76:995
142.189.121.178:2222
147.219.4.194:443
157.119.85.203:443
161.142.98.36:995
162.248.14.107:443
172.115.17.50:443
173.176.4.133:443
173.206.84.174:443
173.22.114.208:443
173.88.135.179:443
174.118.68.176:443
174.4.89.3:443
176.142.207.63:443
178.152.124.169:443
178.175.187.254:443
182.185.181.202:995
184.153.132.82:443
184.176.35.223:2222
184.182.66.109:443
186.52.239.187:995
186.64.67.41:443
186.75.103.188:443
188.28.72.118:443
190.141.193.170:443
190.28.74.251:443
193.253.53.157:2078
197.14.208.59:443
197.148.17.17:2078
198.2.51.242:993
200.109.16.12:2222
200.93.26.107:2222
201.244.108.183:995
202.184.123.13:443
207.107.118.2:443
208.180.17.32:2222
213.91.235.146:443
216.36.153.248:443
217.165.234.249:443
217.44.108.89:2222
24.206.27.39:443
24.69.137.232:2222
27.109.19.90:2078
31.190.225.7:443
31.53.29.198:2222
35.143.97.145:995
37.14.229.220:2222
40.134.85.217:443
41.186.88.38:443
43.243.215.210:443
47.149.248.80:443
47.199.241.39:443
47.205.25.170:443
47.21.51.138:443
47.32.78.150:443
47.34.30.133:443
50.68.186.195:443
50.68.204.71:443
50.68.204.71:993
50.68.204.71:995
58.162.223.233:443
62.35.100.38:443
64.121.161.102:443
65.190.242.244:443
66.191.69.18:995
67.10.9.125:995
67.177.41.245:443
67.219.197.94:443
67.61.61.31:443
68.109.240.71:443
68.14.195.55:995
68.68.170.218:443
69.133.162.35:443
69.157.243.204:2222
70.112.206.5:443
70.160.67.203:443
70.28.50.223:1194
70.28.50.223:2078
70.28.50.223:2083
70.28.50.223:2087
70.28.50.223:2222
70.28.50.223:32100
70.28.50.223:3389
70.50.83.139:2222
70.51.136.238:2222
70.53.193.201:2222
70.54.65.197:2222
71.38.155.217:443
71.78.95.86:995
72.134.124.16:443
72.188.103.221:443
72.205.104.134:443
72.222.73.150:443
73.22.121.210:443
73.29.92.128:443
74.33.196.114:443
74.92.243.115:50000
75.109.111.89:443
75.143.236.149:443
75.98.154.19:443
76.16.49.134:443
76.170.252.153:995
76.178.148.107:2222
76.64.99.251:2222
76.86.31.59:443
78.192.109.105:2222
78.92.133.215:443
79.26.184.19:443
79.47.207.6:443
79.77.142.22:2222
80.12.88.148:2222
81.156.1.223:443
81.229.117.95:2222
83.114.60.6:2222
84.108.200.161:443
84.215.202.8:443
84.35.26.14:995
85.104.98.64:443
85.152.152.46:443
85.61.165.153:2222
86.130.9.208:2222
86.130.9.227:2222
86.140.160.231:2222
86.176.16.18:443
86.178.33.63:2222
86.195.14.72:2222
86.196.12.21:2222
86.244.255.82:2222
86.250.12.86:2222
86.99.48.130:2222
87.202.101.164:50000
87.243.146.59:443
88.126.94.4:50000
88.171.156.150:50000
89.114.140.100:443
89.129.109.27:2222
89.79.229.50:443
90.104.151.37:2222
90.165.109.4:2222
91.2.143.185:995
91.75.114.200:443
92.1.170.110:995
92.154.17.149:2222
92.188.241.102:443
92.20.204.198:2222
92.239.81.124:443
92.27.86.48:2222
92.9.45.20:2222
92.98.159.9:2222
96.56.197.26:2083
96.56.197.26:2222
96.87.28.170:2222
97.93.192.2:2083
98.145.23.67:443
98.187.21.2:443
98.19.224.125:995
98.19.234.243:995
98.37.25.99:443
99.230.89.236:2078

Domains

ahimsafellowship.org
bgcityhotel.com
buffalosoldiersdigital.com
dbaccess.com
garagedoorsquincyma.com
internetandcabletv.net
nibrawriters.com
rainoglobal.com
seomaterials.com
tawseq.net
terraabilities.com
uagcp-guinee.org
ziasalt.com

URLs

http://104.159.174.193
http://109.172.45.8/fjNITpc/Juhlvn4bkAYh
http://185.245.87.192
http://77.91.87.158/uVwm0A/Ecs9wNzsId
http://77.91.87.158/uVwm0A/P7yOBpnK4icZ
http://77.91.87.158/uVwm0A/YXxTbM
http://77.91.87.198/qfbfu/7hXim
http://77.91.87.198/qfbfu/K5bZ2j1J8irL
http://77.91.87.198/qfbfu/LbBqfPUHbKk
http://79.137.248.163/XnQd2bL/ALH5eQe7II0U
http://79.137.248.163/XnQd2bL/CA1T35R7Muh
http://79.137.248.163/XnQd2bL/UCj0oma
http://91.193.43.101/h71/0KLxJV
http://91.193.43.101/h71/AWisbX
http://91.193.43.101/h71/VxsrbJ
http://91.193.43.98/AGvZh8C/5vMagt
http://91.193.43.98/AGvZh8C/afD0VL4BkHi7
http://91.193.43.98/AGvZh8C/QdEXVBbv7TiG
https://172.58.166.157
https://59.127.150.139
https://ahimsafellowship.org/ctat/?06009
https://algarcost.com/oi/?uoprtrci
https://bgcityhotel.com/entn/?92609
https://buffalosoldiersdigital.com/ett/?12509
https://dbaccess.com/bl/?66509
https://garagedoorsquincyma.com/it/?16209
https://internetandcabletv.net/eua/?07309
https://nibrawriters.com/mq/?94709
https://nursingpen.com/rrt/?ncaesurdea
https://rainoglobal.com/mrd/?58009
https://researchwritingexperts.com/nsi/?te
https://sahityaclasses.com/tmm/?lanlu
https://seomaterials.com/el/?15119
https://tawseq.net/stt/?30609
https://terraabilities.com/cfi/?14509
https://uagcp-guinee.org/fero/?68509
https://ziasalt.com/pll/?96209

Emails

MD5

129520cd648d4f055863565956d76b7e
22a73ef343c56a40f633a4e33f21f2fa
28e1e69c290030d1fa062147d05cd637
2ca67804e9f67a04552b80eed9d95293
3d2f17674008399d1350bce5a24bd654
4bf6e048e00ffa425832f92c51098020
51a0f9d8a95c196481c836d472ee013e
6c42e6167aac872887b2f9cd40303f2b
7ec5f7e1c50c849a3c39338d447050cb
7ede4fb2e03cd99850a7071b9df12a7a
9e9fb6c567d0202b558849d12844a151
a50cc3a97313039310a29d34dd46c359
b28b5e6a7534f0b8d28227622d2e3af2
d4fc1d04dde569b1e7a51cc134f9413d
e22b50ff82eb38f3131ec7c062d7682e
edc4e0c6454eb89c2a3d42526b3aaeee
f11e66e5c23e538c8a9cda5a8bf92b19