API tools faq
paste
Advertisement
MalwareQuinn

Qakbot IOCs tr Feb 9 2021

MalwareQuinn
Feb 9th, 2021
13,159
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.87 KB | None | 0 0
raw download clone embed print report
  1. Qakbot spun up the 0902 campaign today, with attachments in emails. Additionally included in this paste will be some of the 0702 urls.
  2.  
  3. example xls: https://app.any.run/tasks/2e8afd25-3af6-4937-b194-55bacee59590
  4. Attachment regex:
  5. (contract|DOCUMENT|reaction|documents|required|documentation|information|needed) \([0-9]{1,3}\).xls
  6. Qakbot bot dll: https://bazaar.abuse.ch/sample/9ad36995f65a0144e4abb4c218ef5ddce91105353ddf8e8a4e3cf574ac3c2d1b/
  7.  
  8. URLs (0902):
  9. xn--72c0bbr3dtble.com/ds/0902.gif
  10. duniaraha.com/ds/0902.gif
  11. asimarsy.mycpanel.rs/ds/0902.gif
  12. planetaiphone.com.mx/ds/0902.gif
  13. syifabioderma.com/ds/0902.gif
  14. bellababy.com.sa/ds/0902.gif
  15. gst-system.com/ds/0902.gif
  16. URLs (0702):
  17. sunmarkholidays.com/ds/0702.gif
  18. pin.crptechs.com/ds/0702.gif
  19. eliteblogspot.com/ds/0702.gif
  20. nrdsbd.org/ds/0702.gif
  21. kbpertiwi.sch.id/ds/0702.gif
  22. tearsoftheearth.org/ds/0702.gif
  23. smf.design4u.ca/ds/0702.gif
  24. depositoclara.com.br/ds/0702.gif
  25. fastswitch.org/ds/0702.gif
  26. flipahousebook.com/ds/0702.gif
  27.  
  28. IPs:
  29. 176.205.222.30:2078
  30. 174.76.188.217:22
  31. 105.226.10.142:443
  32. 87.202.87.210:2222
  33. 203.194.110.74:443
  34. 95.77.223.148:443
  35. 45.77.115.208:2222
  36. 47.146.169.85:443
  37. 76.94.200.148:995
  38. 23.240.70.80:443
  39. 193.252.48.200:443
  40. 154.124.130.140:995
  41. 45.32.211.207:2222
  42. 149.28.98.196:2222
  43. 149.28.98.196:995
  44. 149.28.101.90:995
  45. 207.246.77.75:2222
  46. 45.63.107.192:995
  47. 173.70.165.101:995
  48. 207.246.116.237:995
  49. 149.28.99.97:2222
  50. 149.28.101.90:8443
  51. 207.246.116.237:443
  52. 45.77.115.208:443
  53. 45.32.211.207:8443
  54. 207.246.77.75:8443
  55. 149.28.101.90:443
  56. 45.63.107.192:2222
  57. 207.246.77.75:995
  58. 149.28.99.97:995
  59. 45.32.211.207:443
  60. 144.202.38.185:443
  61. 45.63.107.192:443
  62. 149.28.101.90:2222
  63. 149.28.99.97:443
  64. 45.32.211.207:995
  65. 207.246.116.237:2222
  66. 207.246.116.237:8443
  67. 149.28.98.196:443
  68. 144.202.38.185:2222
  69. 207.246.77.75:443
  70. 144.202.38.185:995
  71. 1.52.227.184:443
  72. 184.189.122.72:443
  73. 201.171.77.138:443
  74. 208.126.142.17:443
  75. 60.50.255.183:443
  76. 172.78.30.215:443
  77. 171.103.138.122:995
  78. 92.59.35.196:2222
  79. 176.181.247.197:443
  80. 82.127.125.209:990
  81. 45.77.115.208:8443
  82. 45.77.115.208:995
  83. 50.29.166.232:995
  84. 172.87.157.235:3389
  85. 85.58.200.50:2222
  86. 196.151.252.84:443
  87. 24.50.118.93:443
  88. 103.51.20.143:2222
  89. 86.236.77.68:2222
  90. 78.63.226.32:443
  91. 82.76.47.211:443
  92. 76.25.142.196:443
  93. 213.60.147.140:443
  94. 151.33.233.193:443
  95. 81.88.254.62:443
  96. 70.126.76.75:443
  97. 160.3.187.114:443
  98. 41.205.16.1:443
  99. 96.61.23.88:995
  100. 86.98.93.124:2078
  101. 2.232.253.79:995
  102. 209.210.187.52:443
  103. 188.25.63.105:443
  104. 115.133.243.6:443
  105. 27.223.92.142:995
  106. 140.82.49.12:443
  107. 80.11.173.82:8443
  108. 2.7.69.217:2222
  109. 190.85.91.154:443
  110. 142.68.28.22:443
  111. 89.211.252.190:995
  112. 178.153.37.196:443
  113. 79.129.121.81:995
  114. 71.88.193.17:443
  115. 86.160.137.132:443
  116. 202.184.20.119:443
  117. 83.110.12.140:2222
  118. 115.69.252.0:22
  119. 105.198.236.101:443
  120. 144.139.47.206:443
  121. 105.198.236.99:443
  122. 197.45.110.165:995
  123. 85.132.36.111:2222
  124. 70.168.130.172:995
  125. 71.187.170.235:443
  126. 80.227.5.69:443
  127. 59.90.246.200:443
  128. 81.214.126.173:2222
  129. 68.225.60.77:995
  130. 108.31.15.10:995
  131. 83.110.108.181:2222
  132. 46.153.119.255:995
  133. 216.201.162.158:443
  134. 197.161.154.132:443
  135. 96.21.251.127:2222
  136. 75.136.40.155:443
  137. 24.95.61.62:443
  138. 68.186.192.69:443
  139. 193.248.221.184:2222
  140. 75.67.192.125:443
  141. 81.97.154.100:443
  142. 75.118.1.141:443
  143. 47.22.148.6:443
  144. 182.48.193.200:443
  145. 203.198.96.37:443
  146. 106.51.52.111:443
  147. 83.110.103.152:443
  148. 75.136.26.147:443
  149. 2.50.2.216:443
  150. 189.223.234.23:995
  151. 74.222.204.82:995
  152. 173.21.10.71:2222
  153. 69.123.179.70:443
  154. 71.74.12.34:443
  155. 45.46.53.140:2222
  156. 86.97.162.85:443
  157. 2.51.171.223:443
  158. 144.139.166.18:443
  159. 71.197.126.250:443
  160. 67.6.12.4:443
  161. 122.148.156.131:995
  162. 64.121.114.87:443
  163. 50.244.112.106:443
  164. 70.54.25.76:2222
  165. 1.32.35.2:443
  166. 89.137.211.239:995
  167. 67.165.206.193:993
  168. 186.28.51.27:443
  169. 98.240.24.57:443
  170. 109.12.111.14:443
  171. 71.14.110.199:443
  172. 94.53.92.42:443
  173. 84.247.55.190:8443
  174. 24.27.82.216:2222
  175. 74.68.144.202:443
  176. 196.221.207.137:995
  177. 85.184.63.112:443
  178. 67.8.103.21:443
  179.  
  180. Many thanks to @reecdeep for their help yesterday
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!