-
Notifications
You must be signed in to change notification settings - Fork 84
/
2021-10-28 Qakbot IOCs
104 lines (83 loc) · 2.37 KB
/
2021-10-28 Qakbot IOCs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
THREAT ATTRIBUTION: QAKBOT
SUBJECTS OBSERVED
Possibly from stolen emails threads but uncertain
SENDERS OBSERVED
MALDOC DOWNLOAD URLS
vulkanfreespin.tulipsgroup.nl/mollitiaratione/idpraesentium-1507901
https://vulkanfreespin.tulipsgroup.nl/mollitiaratione/charts-603389934.zip
memberpbb.pendaftaranonline.org/doloremcorrupti/temporibusquae-1507901
https://memberpbb.pendaftaranonline.org/doloremcorrupti/charts-603389934.zip
swissarmour.co.uk/necessitatibuslabore/sedomnis-1408579
https://swissarmour.co.uk/necessitatibuslabore/charts-603389934.zip
bitcoin-king.femcrunch.com/avoluptas/quiaodio-1408579
https://bitcoin-king.femcrunch.com/avoluptas/charts-603389934.zip
femcrunch.com
pendaftaranonline.org
swissarmour.co.uk
tulipsgroup.nl
ZIP FILE ATTACHMENT HASHES
temporibusquae-1507901.zip
abee7971e1404f0a3fb1e09404b302b5
idpraesentium-1507901.zip
a4f84ed27699a01ea5d6252fac777b89
quiaodio-1408579.zip
1dc3fe7bf250f70513ad184f70507299
sedomnis-1408579.zip
17655ddaa4fc29176ad4da62892fda85
EXCEL FILE HASHES
grade-1258933603.xls
0f78d48449fbb8df41bae717418c227f
grade-1276197396.xls
bf7d06574538ff65e94bbc6f83578b32
grade-1309521204.xls
f39e1fe1998db8ecab0c7e5dd069bfc9
grade-1284467463.xls
ed144757ce9dd72d048ae728351e40e1
TLS TRAFFIC TO:
sco.com.br
brunodinizitatiaia.com.br
soccer-assist.co.uk
PAYLOAD FILE HASHES
test.test
9959348d0cf7e150bf1b09a68fe211e8
test1.test
9ce7690762f1f4e4a47af9b9ab561ace
test2.test
29c095c1ebd4db366ac41400d3ab2821
QAKBOT C2s
https://103.116.178.85:61200/t4
https://103.143.8.71/t4
https://105.198.236.99:995/t4
https://109.12.111.14/t4
https://123.252.190.14/t4
https://136.232.34.70/t4
https://143.92.137.106/t4
https://146.212.30.77/t4
https://181.4.53.6:465/t4
https://182.176.180.73/t4
https://185.107.66.221/t4
https://188.149.209.245/t4
https://189.135.16.92/t4
https://207.246.112.221/t4
https://24.231.209.2:2222/t4
https://27.223.92.142:995/t4
https://39.49.45.250:995/t4
https://50.194.160.233:32100/t4
https://63.143.92.99:995/t4
https://73.151.236.31/t4
https://77.57.204.78/t4
https://77.79.56.210/t4
https://78.191.24.189:995/t4
https://79.191.159.175:2222/t4
https://83.243.251.46/t4
https://83.91.160.129/t4
https://85.54.179.210:2222/t4
https://85.85.46.177/t4
https://86.98.1.197/t4
https://88.226.225.168/t4
https://89.137.52.44/t4
https://89.38.183.229/t4
https://93.175.84.127/t4
https://94.200.181.154/t4