API tools faq
paste
Advertisement
MalwareQuinn

Qakbot IOCs tr02 Dec 1 2020

MalwareQuinn
Dec 1st, 2020 (edited)
13,686
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.17 KB | None | 0 0
raw download clone embed print report
  1. Qakbot's affiliate tr02 began distributing qakbot today. In order to consolidate all the campaigns ran by this actor, we've began to use a new tag on Malware Bazaar ("SilentBuilder").
  2.  
  3. Addditionally, in order to reduce the load on MB/sandboxes, we're looking for new platforms to host the sheet IOCs. Context-wise, would OTX provide enough information for the 1k+ hashes I can find each day? Or would people prefer a platform like Virusshare? I can already throw some of the files into MB, and will continue to do that until further notice.
  4.  
  5. The goal is to keep the detections hovering around 10 - 15 if possible, since they quickly fall to 3 detections without constant attention.
  6.  
  7. Let me know on Twitter what would be most preferable. My DMs are open.
  8.  
  9.  
  10. Anyways, here are todays tr02 IOCs:
  11.  
  12. Dll stager: https://bazaar.abuse.ch/sample/18ddf0fc108a1840296cf1ab684ecb9fac48354130746e2d8cd67e8313a25f46/
  13. Sheet Sandbox: https://app.any.run/tasks/2c8de0ac-03b3-4420-b941-20242da2fa43
  14. URLs:
  15. http://bagrover.com/ds/291120.gif
  16. http://bumka.com.ua/ds/291120.gif
  17. http://dev.zemp.com/ds/291120.gif
  18. http://expandcpa.com/ds/291120.gif
  19. http://micmart.store/ds/291120.gif
  20. http://vytyazhki.by/ds/291120.gif
  21. https://auroratd.cf/ds/291120.gif
  22. https://nyuscape.xyz/ds/291120.gif
  23. https://tiesta.in/ds/291120.gif
  24. https://viraugra.com/ds/291120.gif
  25.  
  26. IPs:
  27. 197.45.110.165:995
  28. 86.99.134.235:2222
  29. 174.76.21.134:443
  30. 208.99.100.129:443
  31. 86.126.198.195:443
  32. 185.105.131.233:443
  33. 85.132.36.111:2222
  34. 105.198.236.101:443
  35. 2.49.219.254:22
  36. 217.165.2.92:995
  37. 67.6.54.180:443
  38. 5.193.115.251:2222
  39. 83.196.50.197:2222
  40. 89.3.198.238:443
  41. 94.141.3.242:443
  42. 73.239.229.107:995
  43. 217.165.15.245:2222
  44. 68.225.60.77:995
  45. 85.121.42.12:443
  46. 99.240.226.2:443
  47. 98.4.227.199:443
  48. 85.186.122.190:443
  49. 41.205.16.108:443
  50. 187.213.199.54:443
  51. 189.250.59.212:2222
  52. 106.51.52.111:443
  53. 2.88.53.159:995
  54. 208.93.202.41:443
  55. 151.27.89.199:443
  56. 92.137.138.52:2222
  57. 173.70.165.101:995
  58. 89.33.87.107:443
  59. 108.46.145.30:443
  60. 118.160.162.127:443
  61. 187.213.136.249:995
  62. 94.53.92.42:443
  63. 80.106.85.24:2222
  64. 197.161.154.132:443
  65. 172.87.134.226:443
  66. 79.129.121.81:995
  67. 217.133.54.140:32100
  68. 67.8.103.21:443
  69. 74.135.112.78:443
  70. 118.70.55.146:443
  71. 86.97.221.121:443
  72. 87.27.110.90:2222
  73. 72.240.200.181:2222
  74. 196.151.252.84:443
  75. 209.137.209.158:443
  76. 94.49.157.35:443
  77. 67.61.157.208:443
  78. 151.60.163.18:443
  79. 47.44.217.98:443
  80. 73.51.245.231:995
  81. 174.29.203.226:993
  82. 178.222.114.132:995
  83. 83.110.19.27:443
  84. 156.213.155.74:443
  85. 98.115.243.237:443
  86. 83.202.68.220:2222
  87. 86.162.13.35:2222
  88. 109.115.125.81:50000
  89. 189.150.40.192:2222
  90. 200.75.136.78:443
  91. 92.154.83.96:2222
  92. 72.183.129.56:443
  93. 78.182.229.145:20
  94. 80.11.5.65:2222
  95. 85.204.189.105:443
  96. 189.141.31.12:443
  97. 81.97.154.100:443
  98. 199.116.241.147:443
  99. 206.183.190.53:993
  100. 50.60.166.59:995
  101. 47.22.148.6:443
  102. 116.240.78.45:995
  103. 75.109.180.221:443
  104. 213.67.45.195:2222
  105. 73.166.10.38:995
  106. 144.202.38.185:2222
  107. 144.202.38.185:995
  108. 90.101.117.122:2222
  109. 75.136.26.147:443
  110. 120.150.218.241:995
  111. 24.55.66.125:443
  112. 80.14.22.234:2222
  113. 94.49.188.240:443
  114. 173.197.22.90:2222
  115. 76.181.122.120:443
  116. 166.62.183.139:2078
  117. 72.36.59.46:2222
  118. 108.160.123.244:443
  119. 95.77.144.238:443
  120. 79.115.171.106:2222
  121. 78.181.19.134:443
  122. 41.105.41.202:443
  123. 85.60.132.8:2087
  124. 71.126.139.251:443
  125. 80.227.5.70:443
  126. 197.86.204.38:443
  127. 172.114.116.226:995
  128. 96.20.108.17:2222
  129. 2.90.33.130:443
  130. 50.244.112.106:443
  131. 174.76.11.123:995
  132. 185.126.13.190:995
  133. 72.29.181.78:2078
  134. 86.96.87.59:2078
  135. 91.104.44.226:995
  136. 173.245.152.231:443
  137. 92.99.22.32:443
  138. 39.36.30.92:995
  139. 216.201.162.158:443
  140. 173.169.189.169:443
  141. 93.113.177.152:443
  142. 108.190.151.108:2222
  143. 188.26.243.119:443
  144. 24.201.61.153:2078
  145. 149.28.99.97:2222
  146. 45.77.193.83:443
  147. 149.28.99.97:443
  148. 81.133.234.36:2222
  149. 95.76.27.6:443
  150. 72.204.242.138:443
  151. 69.123.234.175:443
  152. 45.63.107.192:2222
  153. 45.63.107.192:995
  154. 149.28.98.196:2222
  155. 149.28.98.196:995
  156. 149.28.98.196:443
  157. 109.205.204.229:2222
  158. 47.146.39.147:443
  159. 85.105.29.218:443
  160. 50.244.112.10:995
  161. 71.182.142.63:443
  162. 50.244.112.90:443
  163. 144.139.47.206:443
  164. 92.154.83.96:1194
  165. 176.45.233.94:995
  166. 86.245.87.251:2222
  167. 73.55.254.225:443
  168. 41.228.34.92:443
  169. 2.50.2.216:443
  170. 77.27.174.49:995
  171. 72.28.255.159:995
  172. 105.96.27.117:443
  173. 24.27.82.216:2222
  174. 100.12.74.21:995
  175. 95.77.223.148:443
  176. 24.95.61.62:443
  177.  
  178.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!