QakbotIOCs_Oct192020

Qakbot spun up 2 different excel docs for today's tr01.  Today's app.any will have both docs executed.  Additionally, a VT link will be supplied with 99 docs that I caught.

VT archive: https://www.virustotal.com/gui/file/b8973717c17700847fcb71474c67f45a86b08b77dbe86c1aca3f0c5797a13e3e/detection
Sandbox: https://app.any.run/tasks/edba1a6d-7d59-448f-a8a8-e22b9ceee830/

Urls:
https://armaturenregister.nl/18.bat
https://www.notamuzikaletleri.com/19.gif
https://giovannigameria.com/r19.bat
https://bjmerchandising.com.au/1610.gif
https://procrossover.ru/wp-content/uploads/2020/10/skodaqq.jpg
https://procrossover.ru/wp-content/uploads/2020/10/skoda22.jpg

IPs:
73.228.1.246:443
74.109.219.145:443
76.111.128.194:443
90.175.88.99:2222
108.191.28.158:443
68.225.60.77:443
75.136.40.155:443
5.193.181.221:2078
72.204.242.138:20
118.160.162.234:443
68.14.210.246:22
148.101.74.12:443
74.222.204.82:443
96.30.198.161:443
140.82.27.132:443
2.50.131.64:443
45.32.155.12:995
45.63.104.123:443
45.32.165.134:443
217.162.149.212:443
207.246.70.216:443
200.75.136.78:443
187.155.58.60:443
166.62.183.139:2078
35.134.202.234:443
67.170.137.8:443
70.45.126.135:443
173.21.10.71:2222
96.247.181.229:443
76.167.240.21:443
67.165.206.193:993
71.80.66.107:443
81.98.133.106:443
190.63.182.214:443
71.197.126.250:443
71.220.191.200:443
24.71.28.247:443
71.56.53.127:443
24.43.22.220:993
81.133.234.36:2222
69.47.239.10:443
80.195.103.146:2222
78.96.199.79:443
65.131.47.228:995
86.121.121.14:2222
96.243.35.201:443
173.70.165.101:995
80.14.209.42:2222
2.51.221.138:995
76.170.77.99:995
46.53.38.174:443
68.116.193.239:443
187.213.152.50:995
50.244.112.10:995
2.88.42.65:995
69.47.26.41:443
151.73.121.31:443
108.46.145.30:443
71.187.170.235:443
75.136.26.147:443
134.0.196.46:995
98.118.156.172:443
199.116.241.147:443
75.137.239.211:443
103.238.231.35:443
74.75.216.202:443
184.21.136.237:443
71.182.142.63:443
78.97.3.6:443
108.190.151.108:2222
85.121.42.12:995
67.6.55.77:443
141.158.47.123:443
98.240.24.57:443
68.46.142.48:995
151.205.102.42:443
172.87.134.226:443
187.213.186.154:443
72.204.242.138:443
72.240.200.181:2222
72.36.59.46:2222
24.229.150.54:995
100.4.179.64:443
190.85.91.154:443
31.215.98.218:443
47.28.131.209:443
207.255.161.8:993
207.246.75.201:443
77.159.149.74:443
45.77.193.83:443
71.19.217.23:443
86.121.215.99:443
207.255.161.8:995
184.180.157.203:2222
108.35.13.206:443
24.122.0.90:443
67.209.195.198:443
68.190.152.98:443
72.204.242.138:465
65.30.213.13:6882
188.27.178.166:443
207.255.161.8:32103
186.154.182.103:443
72.190.101.70:443
208.99.100.129:443
63.155.8.102:995
72.204.242.138:443
178.222.13.77:995
70.123.92.175:2222
108.5.33.110:443
70.168.130.172:995
45.32.154.10:443
199.247.22.145:443
80.240.26.178:443
85.204.189.105:443
102.190.183.108:443
207.255.161.8:443
66.215.32.224:443
71.28.7.23:443
86.176.25.92:2222
61.230.0.156:443
207.255.161.8:32100
41.228.59.195:443
67.60.113.253:2222
117.218.208.239:443
206.183.190.53:993
184.98.103.204:995
134.228.24.29:443
66.97.247.15:443
72.204.242.138:50001
72.204.242.138:32100
66.26.160.37:443
86.98.89.172:2222
72.82.15.220:443
24.37.178.158:443
47.44.217.98:443
72.204.242.138:995
95.179.247.224:443
172.78.30.215:443
39.36.156.196:995
24.234.86.201:995
71.163.222.203:443
72.204.242.138:53
93.149.253.201:2222
108.30.125.94:443
84.247.55.190:443
89.42.142.35:443
98.16.204.189:995
45.32.155.12:2222
72.204.242.138:32102