API tools faq
paste
MalwareQuinn

QakbotIOCs_Aug25

MalwareQuinn
Aug 25th, 2020
11,526
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.49 KB | None | 0 0
raw download clone embed print report
  1. So Qakbot has been very quiet recently, signaling a possible distribution shift. Additionally, they've begun using a new crypter on some of their distro payloads. Currently, spx156 is on distro and an spx160 is on urlhaus.
  2.  
  3. spx156:
  4. https://bazaar.abuse.ch/sample/d20b23f825b578b8eb266dce9bc9d89c1aaa38ea972924e59b599fe4fac4d3b9/ - unpacked loader
  5. https://bazaar.abuse.ch/sample/a9669005062b3c89146731a1fdd155f3902be2cfbb92a76b0173b61a35dd6516/ - extracted bot dll
  6. https://app.any.run/tasks/30520357-d3fd-4251-b0a4-437fa6dc5819
  7.  
  8. spx160:
  9. https://urlhaus.abuse.ch/url/440920/ - if anyone has seen the other 4 or so urls, can you put them in urlhaus? (no need to worry about spx tag)
  10. https://bazaar.abuse.ch/sample/0dc7c1a0815b8e6ec06e7e09b94c6e3c18fc32a764c9943126e6161b7cb08cdd/ - unpacked loader
  11. https://bazaar.abuse.ch/sample/a9669005062b3c89146731a1fdd155f3902be2cfbb92a76b0173b61a35dd6516/ - extracted bot dll (same as spx156)
  12. https://app.any.run/tasks/920e99e6-3653-46e5-83c1-5a8a7e9a6b18
  13.  
  14. IPs:
  15. 100.37.36.240:443
  16. 100.4.173.223:443
  17. 101.108.112.186:443
  18. 101.108.117.127:443
  19. 103.238.231.40:443
  20. 103.76.160.110:443
  21. 104.221.4.11:2222
  22. 108.27.217.44:443
  23. 108.28.179.42:995
  24. 108.30.125.94:443
  25. 108.46.145.30:443
  26. 108.5.32.113:443
  27. 117.218.208.239:443
  28. 117.248.60.13:443
  29. 118.168.238.196:443
  30. 12.5.37.3:995
  31. 120.57.69.162:443
  32. 130.25.130.19:2222
  33. 137.99.224.198:443
  34. 141.158.47.123:443
  35. 142.129.227.86:443
  36. 144.139.47.206:443
  37. 144.202.48.107:443
  38. 148.75.231.53:443
  39. 156.213.199.185:443
  40. 165.120.230.108:2222
  41. 166.62.180.194:2078
  42. 172.242.153.56:443
  43. 172.78.30.215:443
  44. 173.172.205.216:443
  45. 173.173.72.199:443
  46. 173.26.189.151:443
  47. 173.81.22.238:443
  48. 174.19.122.177:2222
  49. 175.111.128.234:443
  50. 175.211.225.118:443
  51. 176.205.255.97:443
  52. 178.193.38.188:2222
  53. 178.223.1.29:995
  54. 178.87.28.63:443
  55. 182.185.99.53:995
  56. 185.19.190.81:443
  57. 185.246.9.69:995
  58. 188.240.0.81:443
  59. 188.25.158.158:443
  60. 188.26.244.118:443
  61. 188.52.119.236:21
  62. 189.130.26.216:443
  63. 189.157.196.112:995
  64. 193.248.44.2:2222
  65. 195.162.106.93:2222
  66. 197.165.161.55:995
  67. 197.210.96.222:995
  68. 197.37.219.90:993
  69. 197.44.52.8:995
  70. 199.116.241.147:443
  71. 199.247.16.80:443
  72. 199.247.22.145:443
  73. 2.42.219.242:443
  74. 2.51.240.61:995
  75. 2.7.65.32:2222
  76. 2.89.116.206:995
  77. 203.106.195.67:443
  78. 203.198.96.186:443
  79. 203.45.65.20:443
  80. 206.51.202.106:50003
  81. 207.246.71.122:443
  82. 207.246.75.201:443
  83. 207.255.161.8:2078
  84. 207.255.161.8:465
  85. 207.255.161.8:993
  86. 207.255.161.8:995
  87. 209.137.209.163:995
  88. 209.140.8.178:443
  89. 209.182.122.217:443
  90. 211.24.72.253:443
  91. 213.120.109.73:2222
  92. 213.67.45.195:2222
  93. 216.163.4.132:443
  94. 216.201.162.158:443
  95. 217.162.149.212:443
  96. 217.165.115.0:990
  97. 217.165.164.57:2222
  98. 23.240.70.80:443
  99. 24.116.227.63:443
  100. 24.122.157.93:443
  101. 24.139.132.70:443
  102. 24.152.219.253:995
  103. 24.201.79.208:2078
  104. 24.27.82.216:2222
  105. 24.37.178.158:443
  106. 24.44.142.213:2222
  107. 24.46.40.189:2222
  108. 31.215.99.5:443
  109. 31.5.21.66:443
  110. 35.134.202.234:443
  111. 36.226.77.8:443
  112. 36.230.77.130:443
  113. 36.77.151.211:443
  114. 37.104.9.206:995
  115. 39.118.245.6:443
  116. 39.36.101.208:995
  117. 39.37.227.209:995
  118. 41.184.247.243:443
  119. 41.230.208.10:443
  120. 41.34.93.183:995
  121. 41.36.58.89:995
  122. 41.97.154.117:443
  123. 45.32.154.10:443
  124. 45.32.155.12:443
  125. 45.77.215.141:443
  126. 46.53.40.244:443
  127. 47.138.204.170:443
  128. 47.153.115.154:995
  129. 47.180.66.10:443
  130. 47.206.174.82:443
  131. 47.28.131.209:443
  132. 47.44.217.98:443
  133. 49.191.130.48:443
  134. 5.13.110.179:443
  135. 5.13.91.20:995
  136. 5.15.65.198:2222
  137. 5.193.155.181:2078
  138. 50.244.112.106:443
  139. 50.244.112.10:995
  140. 50.29.181.193:995
  141. 58.233.220.182:443
  142. 59.124.10.133:443
  143. 59.26.204.144:443
  144. 62.38.111.70:2222
  145. 63.155.9.62:995
  146. 64.130.165.255:443
  147. 65.131.64.201:995
  148. 65.131.73.141:995
  149. 65.96.36.157:443
  150. 66.215.32.224:443
  151. 66.222.88.126:995
  152. 66.26.160.37:443
  153. 66.30.92.147:443
  154. 67.165.206.193:993
  155. 67.170.137.8:443
  156. 67.209.195.198:443
  157. 67.246.16.250:995
  158. 67.6.3.51:443
  159. 68.174.15.223:443
  160. 68.190.152.98:443
  161. 68.204.164.222:443
  162. 68.39.160.40:443
  163. 68.4.137.211:443
  164. 68.60.221.169:465
  165. 69.26.23.143:2222
  166. 70.164.37.205:995
  167. 70.164.39.91:443
  168. 70.168.130.172:995
  169. 70.95.118.217:443
  170. 71.126.139.251:443
  171. 71.163.224.206:443
  172. 71.187.170.235:443
  173. 71.80.66.107:443
  174. 72.204.242.138:32100
  175. 72.204.242.138:32102
  176. 72.204.242.138:443
  177. 72.204.242.138:50001
  178. 72.204.242.138:53
  179. 72.204.242.138:990
  180. 72.66.47.70:443
  181. 73.104.218.229:0
  182. 73.214.248.17:995
  183. 73.228.1.246:443
  184. 73.232.165.200:995
  185. 73.78.149.206:443
  186. 74.56.167.31:443
  187. 75.110.250.89:995
  188. 75.136.40.155:443
  189. 75.182.214.87:443
  190. 75.183.171.155:995
  191. 75.87.161.32:995
  192. 76.111.128.194:443
  193. 76.19.219.126:995
  194. 77.27.173.8:995
  195. 77.27.174.49:995
  196. 77.31.122.1:995
  197. 78.100.229.44:61201
  198. 78.96.199.79:443
  199. 78.97.207.104:443
  200. 78.97.3.6:443
  201. 79.101.164.98:995
  202. 79.116.222.141:443
  203. 79.117.159.68:21
  204. 80.14.209.42:2222
  205. 80.195.103.146:2222
  206. 80.240.26.178:443
  207. 81.133.234.36:2222
  208. 82.79.67.68:443
  209. 83.110.6.64:2222
  210. 83.110.92.29:443
  211. 84.117.176.32:443
  212. 84.126.11.130:443
  213. 84.247.55.190:443
  214. 84.47.198.45:995
  215. 84.78.128.76:2222
  216. 85.122.111.225:443
  217. 86.122.251.89:2222
  218. 86.98.153.155:443
  219. 86.98.60.178:443
  220. 86.98.89.189:2222
  221. 86.98.89.40:2222
  222. 87.255.83.83:443
  223. 87.65.204.240:995
  224. 89.211.114.16:443
  225. 90.175.88.99:2222
  226. 92.59.35.196:2222
  227. 92.99.109.80:20
  228. 93.114.192.104:2222
  229. 93.151.180.170:61202
  230. 94.176.220.70:2222
  231. 94.205.171.126:995
  232. 94.59.241.189:2222
  233. 94.59.241.189:995
  234. 94.96.40.90:995
  235. 95.219.161.222:443
  236. 95.221.48.169:2222
  237. 95.76.185.240:443
  238. 95.77.144.238:443
  239. 95.77.223.148:443
  240. 95.77.235.132:0
  241. 96.18.240.158:443
  242. 96.19.117.140:443
  243. 96.20.108.17:2222
  244. 96.227.127.13:443
  245. 96.243.35.201:443
  246. 96.37.113.36:993
  247. 96.41.93.96:443
  248. 97.93.211.17:443
  249. 98.121.187.78:443
  250. 98.190.24.81:443
  251. 98.210.41.34:443
  252. 98.219.77.197:443
  253. 98.22.67.68:443
  254. 98.26.50.62:995
  255. 99.195.113.171:443
  256.  
  257.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!