API tools faq
paste
MalwareQuinn

QakbotIOCs_Oct202020

MalwareQuinn
Oct 20th, 2020
11,473
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.77 KB | None | 0 0
raw download clone embed print report
  1. Qakbot has been busy distributing tr01, and in the meantime, I've been uploading the xls/xlsb files that I've caught into malwarebazaar. Also, it seems like the IP buffer in the unpacked binary is unchanged since yesterday (Oct 19 2020), so to avoid polluting IOC collection, it won't be included in today's paste.
  2.  
  3. Malware Bazaar Tag: https://bazaar.abuse.ch/browse/tag/tr01
  4.  
  5. Sandbox: https://app.any.run/tasks/32a2a38d-cd95-413c-a76e-e7da40a6853c
  6.  
  7. Urls:
  8. https://kawaguchikimiaindonesia.com/crun20.gif
  9. https://cargotrans.net.co/crun20.gif
  10. https://staffordhvacservices.com/crun20.gif
  11. http://tak-tik.site/crun20.gif
  12. http://blog.vokasidev.com/crun20.gif
  13. http://smsraygan.ir/crun20.gif
  14. https://vmracing507.com/crun20.gif
  15. https://simplygrocery.simplypos.org.in/crun20.gif
  16.  
  17.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!