-
Notifications
You must be signed in to change notification settings - Fork 84
/
2021-10-07 Qakbot IOCs
111 lines (101 loc) · 2.66 KB
/
2021-10-07 Qakbot IOCs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
THREAT ATTRIBUTION: QAKBOT
SUBJECTS OBSERVED
All subjects were from reused email threads.
SENDERS OBSERVED
ZIP FILE HASHES
26265fce454ee91672de47af75214b74
52768c6805f099a67c18c522aa86b4af
60400fe5afaa155ead050d88f1dca800
b52c7788af0fc5b0cfed8a8427a2087f
EXCEL FILE HASHES
AMLRPT_58466904.xls
f3c73f62554ab04a3b22458106077e17
AMLRPT_1414914609.xls
01c35dbf089c6d8f39378efd388afc79
AMLRPT_1819673858.xls
bc857386a6064f66d5b012355611c79f
AMLRPT_2080335727.xls
3073e0471169d60d23785bc2dd3b3ca2
PAYLOAD DOWNLOAD URLS
http://190.14.37.238/44476.6925855324.dat
http://5.196.247.5/44476.6925855324.dat
http://94.140.115.118/44476.6925855324.dat
PAYLOAD FILE HASHES
44476.6925855324.dat
d4aa09cb8b8d719eef89538c72ebe00b
QAKBOT C2s
https://103.246.130.114:1194/t4
https://103.246.130.2:20/t4
https://109.12.111.14/t4
https://122.11.220.212:2222/t4
https://124.123.42.115:2222/t4
https://136.232.34.70/t4
https://140.82.49.12/t4
https://147.92.51.49/t4
https://159.2.51.200:2222/t4
https://162.244.227.34/t4
https://167.248.100.227/t4
https://167.248.117.81/t4
https://167.248.54.34:2222/t4
https://173.25.162.221/t4
https://174.59.242.9/t4
https://174.59.35.191/t4
https://177.170.201.134:995/t4
https://177.94.125.59:995/t4
https://181.4.53.6:465/t4
https://181.84.114.46/t4
https://185.250.148.74/t4
https://186.32.163.199/t4
https://188.210.210.122/t4
https://197.90.137.161:61201/t4
https://199.27.127.129/t4
https://200.232.214.222:995/t4
https://202.165.32.158:2222/t4
https://206.47.134.234:2222/t4
https://209.50.20.255/t4
https://216.201.162.158/t4
https://217.17.56.163/t4
https://24.119.214.7/t4
https://24.139.72.117/t4
https://24.152.219.253:995/t4
https://24.171.50.5/t4
https://27.223.92.142:995/t4
https://37.117.191.19:2222/t4
https://37.210.152.224:995/t4
https://39.52.229.8:995/t4
https://41.228.22.180/t4
https://45.46.53.140:2222/t4
https://47.22.148.6/t4
https://62.23.194.38/t4
https://63.70.164.200/t4
https://66.103.170.104:2222/t4
https://68.13.157.69/t4
https://69.30.190.105:995/t4
https://72.173.78.211/t4
https://72.196.22.184/t4
https://73.130.180.25/t4
https://73.140.38.124/t4
https://73.230.205.91/t4
https://73.52.50.32/t4
https://74.72.237.54/t4
https://75.188.35.168/t4
https://75.75.179.226/t4
https://76.84.225.21/t4
https://76.84.226.17/t4
https://76.84.32.159/t4
https://77.57.204.78/t4
https://78.145.153.73:995/t4
https://81.250.153.227:2222/t4
https://89.101.97.139/t4
https://89.137.52.44/t4
https://96.57.188.174:2078/t4
https://97.98.130.50/t4
https://98.157.235.126/t4