Pulse Detail — Threat Intelligence

PULSE NAME

Qakbot IOCs - @pr0xylife - 3/2/23

WHITE Techronik 2023-02-07 Modified: 2023-03-09

154

IOCs

HIGH VOLUME

Qakbot IOCs - @pr0xylife - 3/2/23 https://twitter.com/pr0xylife/status/1621616020732649472 https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB12_03.02.2023.txt

qakbot

MITRE ATT&CK & Malware Families

MALWARE FAMILIES

QakBot

Indicators of Compromise (154)

All URL FileHash-SHA1 FileHash-SHA256 domain

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://github.co/hiddenchars	—	2023-02-07
FileHash-SHA1	884997656ea262d82a60fde1f4c9dc8dd109672f	—	2023-02-07
FileHash-SHA256	09041285554272250176b21f2e4d9aa283b46083d0bd6246ae506cd0327f23ef	—	2023-02-07
FileHash-SHA256	0929072249cdcb99426181f7c527a49191f95433e8032d11e878e20be8d3509c	—	2023-02-07
FileHash-SHA256	170deeb01f3a0999dda2473851c9a94b11b0258fbf2a8dd44ec26f7a50dfa701	—	2023-02-07
FileHash-SHA256	265a1ee44fac577d01017049fd1126c38265658221f81014c316a8cb7e8ec938	—	2023-02-07
FileHash-SHA256	2e0010304e782996199a16016ce552a392fef1fa98b9b5c2212638396b281587	—	2023-02-07
FileHash-SHA256	40aca5a152a13213a876f7628c466cd600db12fb858cdddccc3f1cc387eb7dad	—	2023-02-07
FileHash-SHA256	439113b8dc14f2262fd98fa0090a7fe2fe38d113804323ad43e850b7d7c44b80	—	2023-02-07
FileHash-SHA256	56a22baedd76940f9308b65b8a5bd165431e3811fb748d28689d0767ae138bde	—	2023-02-07
FileHash-SHA256	57481b5e5e67398ee364272e3ddd881f5ade02d5dc7d32cbf2e1d3b64806063c	—	2023-02-07
FileHash-SHA256	87ff1cc89f53978c58e362daeb89c12db8793edb85f6f02625a63fb71b82ebc5	—	2023-02-07
FileHash-SHA256	8cd7149bb05920a1385c3f23833db0a6c0d5183aca8211123340f850c80dafa7	—	2023-02-07
FileHash-SHA256	934f3e68dbe203a6d050e40d766df3cd44b4df5e4fa2ccaa7828619d78981dde	—	2023-02-07
FileHash-SHA256	c24b18b2321624f78042fcf330c342987a161bb8a9f201c88bcebbb75650a101	—	2023-02-07
FileHash-SHA256	c8f5aed9c04f26fd2b767694f696db047fadba65dfaa3b5e8fcf04c92decc862	—	2023-02-07
FileHash-SHA256	e3af00c01491aa3b4f203eaa7cb5cffa080907c69516bd03b838a35b0f770d8d	—	2023-02-07
FileHash-SHA256	e6da827d704493325f8d8719ff7e814c86b67f30677a82a6e2cf4efdddfbd2a1	—	2023-02-07
FileHash-SHA256	f084d87078a1e4b0ee208539c53e4853a52b5698e98f0578d7c12948e3831a68	—	2023-02-07
URL	http://102.156.32.143:443	—	2023-02-07
URL	http://102.159.99.116:443	—	2023-02-07
URL	http://103.141.50.151:995	—	2023-02-07
URL	http://103.212.19.254:995	—	2023-02-07
URL	http://103.252.7.228:443	—	2023-02-07
URL	http://105.184.159.165:995	—	2023-02-07
URL	http://109.149.147.148:2222	—	2023-02-07
URL	http://116.72.250.18:443	—	2023-02-07
URL	http://116.75.63.125:443	—	2023-02-07
URL	http://119.82.122.226:443	—	2023-02-07
URL	http://12.172.173.82:20	—	2023-02-07
URL	http://12.172.173.82:2087	—	2023-02-07
URL	http://12.172.173.82:32101	—	2023-02-07
URL	http://12.172.173.82:465	—	2023-02-07
URL	http://12.172.173.82:50001	—	2023-02-07
URL	http://12.172.173.82:995	—	2023-02-07
URL	http://125.20.112.94:443	—	2023-02-07
URL	http://125.99.69.178:443	—	2023-02-07
URL	http://130.43.172.217:2222	—	2023-02-07
URL	http://136.232.184.134:995	—	2023-02-07
URL	http://156.217.208.137:995	—	2023-02-07
URL	http://161.142.104.187:995	—	2023-02-07
URL	http://162.248.14.107:443	—	2023-02-07
URL	http://171.97.42.67:443	—	2023-02-07
URL	http://172.248.42.122:443	—	2023-02-07
URL	http://173.18.126.3:443	—	2023-02-07
URL	http://173.76.49.61:443	—	2023-02-07
URL	http://174.104.184.149:443	—	2023-02-07
URL	http://175.139.129.94:2222	—	2023-02-07
URL	http://176.142.207.63:443	—	2023-02-07
URL	http://180.158.187.35:995	—	2023-02-07
URL	http://181.118.206.65:995	—	2023-02-07
URL	http://183.87.163.165:443	—	2023-02-07
URL	http://184.153.132.82:443	—	2023-02-07
URL	http://184.155.91.69:443	—	2023-02-07
URL	http://190.191.35.122:443	—	2023-02-07
URL	http://190.199.188.186:2222	—	2023-02-07
URL	http://197.148.17.17:2078	—	2023-02-07
URL	http://197.204.236.174:443	—	2023-02-07
URL	http://198.2.51.242:993	—	2023-02-07
URL	http://2.14.144.105:2222	—	2023-02-07
URL	http://202.142.98.62:443	—	2023-02-07
URL	http://208.187.122.74:443	—	2023-02-07
URL	http://213.31.90.183:2222	—	2023-02-07
URL	http://213.67.255.57:2222	—	2023-02-07
URL	http://24.64.112.40:2078	—	2023-02-07
URL	http://24.64.112.40:2222	—	2023-02-07
URL	http://24.64.112.40:3389	—	2023-02-07
URL	http://24.71.120.191:443	—	2023-02-07
URL	http://27.0.48.205:443	—	2023-02-07
URL	http://27.0.48.233:443	—	2023-02-07
URL	http://27.109.19.90:2078	—	2023-02-07
URL	http://31.120.202.209:443	—	2023-02-07
URL	http://31.53.29.161:2222	—	2023-02-07
URL	http://37.14.229.220:2222	—	2023-02-07
URL	http://47.21.51.138:995	—	2023-02-07
URL	http://47.34.30.133:443	—	2023-02-07
URL	http://47.61.70.188:2078	—	2023-02-07
URL	http://50.60.157.175:995	—	2023-02-07
URL	http://50.68.186.195:443	—	2023-02-07
URL	http://50.68.204.71:443	—	2023-02-07
URL	http://50.68.204.71:993	—	2023-02-07
URL	http://58.247.115.126:995	—	2023-02-07
URL	http://59.28.84.65:443	—	2023-02-07
URL	http://64.237.207.9:443	—	2023-02-07
URL	http://66.131.25.6:443	—	2023-02-07
URL	http://66.191.69.18:995	—	2023-02-07
URL	http://67.10.175.47:2222	—	2023-02-07
URL	http://69.133.162.35:443	—	2023-02-07
URL	http://70.66.199.12:443	—	2023-02-07
URL	http://70.77.116.233:443	—	2023-02-07
URL	http://71.31.101.183:443	—	2023-02-07
URL	http://71.52.53.166:443	—	2023-02-07
URL	http://72.80.7.6:995	—	2023-02-07
URL	http://73.161.176.218:443	—	2023-02-07
URL	http://73.165.119.20:443	—	2023-02-07
URL	http://73.223.248.31:443	—	2023-02-07
URL	http://73.36.196.11:443	—	2023-02-07
URL	http://74.33.196.114:443	—	2023-02-07
URL	http://75.143.236.149:443	—	2023-02-07
URL	http://75.98.154.19:443	—	2023-02-07
URL	http://76.64.202.88:2222	—	2023-02-07
URL	http://76.80.180.154:995	—	2023-02-07
URL	http://78.130.215.67:443	—	2023-02-07
URL	http://79.9.64.37:995	—	2023-02-07
URL	http://81.151.102.224:443	—	2023-02-07
URL	http://81.229.117.95:2222	—	2023-02-07
URL	http://82.121.195.187:2222	—	2023-02-07
URL	http://82.127.204.82:2222	—	2023-02-07
URL	http://82.36.36.76:443	—	2023-02-07
URL	http://83.114.60.6:2222	—	2023-02-07
URL	http://83.202.26.241:2222	—	2023-02-07
URL	http://83.213.192.136:443	—	2023-02-07
URL	http://83.7.52.16:443	—	2023-02-07
URL	http://84.215.202.22:443	—	2023-02-07
URL	http://84.219.213.130:6881	—	2023-02-07
URL	http://84.35.26.14:995	—	2023-02-07
URL	http://86.195.14.72:2222	—	2023-02-07
URL	http://86.207.227.152:2222	—	2023-02-07
URL	http://86.250.12.217:2222	—	2023-02-07
URL	http://86.96.72.139:2222	—	2023-02-07
URL	http://87.221.197.113:2222	—	2023-02-07
URL	http://87.223.87.126:443	—	2023-02-07
URL	http://87.243.146.59:443	—	2023-02-07
URL	http://88.126.94.4:50000	—	2023-02-07
URL	http://89.129.109.27:2222	—	2023-02-07
URL	http://90.104.22.28:2222	—	2023-02-07
URL	http://90.23.19.86:2222	—	2023-02-07
URL	http://91.170.115.68:32100	—	2023-02-07
URL	http://91.231.173.199:995	—	2023-02-07
URL	http://91.68.227.219:443	—	2023-02-07
URL	http://92.11.194.53:995	—	2023-02-07
URL	http://92.154.45.81:2222	—	2023-02-07
URL	http://92.186.69.229:2222	—	2023-02-07
URL	http://92.27.86.48:2222	—	2023-02-07
URL	http://93.156.100.20:443	—	2023-02-07
URL	http://98.145.23.67:443	—	2023-02-07
URL	http://98.175.176.254:995	—	2023-02-07
URL	https://boosterfollow.com/cS0P74/r.png	—	2023-02-07
URL	https://key4academy.com/d3sQ3Vz/r.png	—	2023-02-07
domain	2fgithub.com	—	2023-02-07
domain	boosterfollow.com	—	2023-02-07
domain	click.compare	—	2023-02-07
domain	click.contact	—	2023-02-07
domain	click.discover	—	2023-02-07
domain	click.open	—	2023-02-07
domain	click.org	—	2023-02-07
domain	click.talk	—	2023-02-07
domain	click.zero	—	2023-02-07
domain	continue.email	—	2023-02-07
domain	github.co	—	2023-02-07
domain	key4academy.com	—	2023-02-07
domain	repository.click	—	2023-02-07
domain	signup.team	—	2023-02-07
domain	submit.org	—	2023-02-07

References (1)

↗ https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB12_03.02.2023.txt