

***2019-09-17 QAKBOT/QBOT OBSERVATIONS***
```
zip distribution
hxxp://patriotmedicalapp. com/Assets/global/plugins/ckeditor/samples/plugins/htmlwriter/assets/outputforflash/ST8480194485440_291507.zip

hxxp://pge-hochstetter. de/administrator/components/com_contact/helpers/html/ST503678533825_262067.zip

hxxps://thuocdongychuabachbenh. com/components/com_contact/views/contact/tmpl/ST524535145551_8487.zip

zip1
6e481bdf50be7985803688140a035262
e9f60d5da5565d19963228b256e545f651ca600c1897506bffe5cf9f0b12c2f3

zip2
fa72ac316f5d4fe20f4b4fcca16033da
48661869ce3e1f02cfc5f2f1d5f0597931ec837cd055e2da0d5caf7108e12d42

zip3
2d0a8388efb9cb0e2c0db029fa684898
f4a29b083bef1952f402edcd810f27960a5ff5bad7a7b4807aa83d5ffed32bff

vbs1
c9ea4893840895d21d2b2f1f4125be10
c7bd6ea17d67340ca5baa064b455f78fbb9e84fa52b77ed5432cc12a51e354b7

vbs2
c9a59a536d6ee03780c60638a427dbe9
a9f83e7a52b8e9bb087b4927a65e7c6871f3eacc835a389b357f75fe71326545

vbs3
fe532cae008045d24750677fb54f695b
cddec8c7b7203e3bd393200024e79c7d2f21391ae77f93a0348cd03b8f001cc4

payload 
a74309ba974690c806ec5bc24869a549
16b2cf3dce4949e4147b36372fe564e8067b8b3c24acda8952cf567e53c887e6

c2s from a74309ba974690c806ec5bc24869a549
100.4.185.8:443
104.235.37.251:443
104.3.91.20:995
104.34.116.99:443
104.34.122.18:443
107.12.140.181:443
108.160.123.244:443
108.45.183.59:443
108.5.34.65:443
108.55.23.221:443
110.36.228.203:995
115.42.64.240:443
12.176.32.146:443
12.5.37.3:995
138.122.5.214:2222
138.122.5.214:443
148.0.72.11:443
159.118.173.115:995
162.244.224.166:443
162.244.225.30:443
166.62.129.86:443
166.62.180.194:2078
172.78.85.20:443
173.16.78.208:443
173.176.203.193:3389
173.178.129.3:443
173.22.120.11:2222
174.110.209.100:443
174.16.255.191:993
179.36.18.186:443
181.197.195.138:995
181.25.133.8:995
181.90.124.162:443
184.180.157.203:2222
184.74.101.234:995
186.47.208.238:50000
187.233.74.239:443
189.140.87.28:443
189.141.181.204:443
190.120.196.18:22
190.120.196.18:443
190.120.196.18:465
190.120.196.18:995
190.144.81.158:993
190.162.185.190:0
192.24.181.185:443
199.126.92.231:995
2.50.171.216:443
201.152.192.116:995
206.51.202.106:50002
207.179.194.91:443
217.162.149.212:443
23.240.185.215:443
24.180.7.155:443
24.184.6.58:2222
24.229.150.54:995
24.31.249.123:443
24.67.37.137:443
47.136.226.219:443
47.146.173.204:443
47.153.115.154:995
47.214.144.253:443
47.23.101.26:465
47.23.101.26:993
47.54.254.139:2222
50.100.214.10:2222
50.245.107.73:443
50.247.230.33:443
50.78.93.74:995
50.96.150.242:995
64.19.74.29:995
64.20.68.35:2083
64.20.68.35:2222
64.229.195.185:995
65.116.179.83:443
65.30.12.240:995
65.94.90.23:1194
65.94.90.23:3389
65.94.90.23:8443
66.214.75.176:443
67.10.18.112:993
67.10.18.112:995
67.200.146.98:2222
67.214.201.117:2222
67.214.8.102:443
67.246.16.250:995
67.41.197.173:2078
67.77.162.13:443
68.14.210.246:22
68.174.15.223:443
68.53.207.16:995
69.4.106.254:443
69.70.37.246:465
70.163.224.7:443
70.164.39.91:443
70.166.97.7:465
70.169.2.228:21
70.169.2.228:443
70.170.114.18:443
70.50.221.166:2222
70.51.107.78:2222
70.53.246.231:995
71.197.126.250:443
71.30.56.170:443
71.77.231.251:443
72.16.212.107:995
72.213.98.233:443
72.255.200.129:443
72.29.181.77:2083
72.29.181.77:2222
72.47.115.182:443
73.133.46.105:995
73.202.121.222:443
73.226.220.56:443
73.232.165.200:995
73.37.61.237:443
74.139.37.244:443
75.131.72.82:443
75.182.214.87:443
75.56.175.129:995
75.69.3.12:443
75.70.218.193:443
76.116.128.81:443
76.174.122.204:443
76.184.141.236:443
76.6.64.52:995
76.64.15.78:2222
76.71.77.248:32101
76.72.79.230:6881
76.80.66.226:443
76.85.30.25:995
81.149.189.61:8443
83.25.38.202:2222
83.76.50.72:2222
86.212.213.40:2222
89.219.109.161:443
96.20.238.2:2078
96.20.238.2:2083
96.20.238.2:2222
96.20.238.2:61201
96.22.239.27:2222
96.228.21.246:443
96.64.191.13:443
98.101.247.250:443
98.236.87.243:443
98.236.87.243:995
99.228.242.183:995
99.231.208.9:443
99.241.22.53:443
```