Pulse Detail — Threat Intelligence

PULSE NAME

Qakbot IOCs - @pr0xylife - 2/22/23

WHITE Techronik 2023-02-22 Modified: 2023-03-24

161

IOCs

HIGH VOLUME

Qakbot IOCs = @pr0xylife - 2/22/23 https://twitter.com/pr0xylife/status/1628469554144768000 https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB16_22.02.2023.txt

qakbot

MITRE ATT&CK & Malware Families

MALWARE FAMILIES

QakBot

Indicators of Compromise (161)

All URL FileHash-SHA1 FileHash-SHA256 domain

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://github.co/hiddenchars	—	2023-02-22
FileHash-SHA1	df5ae6b66d3d106ebda23ff0fe09b521aeae1d07	—	2023-02-22
FileHash-SHA256	150e9dee2507798beddd7fbd48df819bc9d101c0a7c67ea1fe197774810004c4	—	2023-02-22
FileHash-SHA256	177a8aec3bafb3580f8e7c892ec5181b35de46fb7920df666cb172d09a1f7cac	—	2023-02-22
FileHash-SHA256	1e256041dc1b2b6714ea3821038945ca21078ebf137ba7c8d20236f1fd712a83	—	2023-02-22
FileHash-SHA256	379a2598dab34d1806b63048ecc9102053249b37964cdb357242073ed0a0eea8	—	2023-02-22
FileHash-SHA256	3b4091a046d1a6c6eae27b66a2856c6eb2b70b53109cabe2e8da07301e67f1c3	—	2023-02-22
FileHash-SHA256	43f212bdbf14ba95e378b24e96967f3df5c19ce890a701360439683bd45a8292	—	2023-02-22
FileHash-SHA256	523f2dbf4c948f4d24e66bbd8ff382d95584538c8d5535d0170a9062018630d0	—	2023-02-22
FileHash-SHA256	860f6be05c43522e405e9bfd862ee9a02c16c406ee87d8da662764d0cb3c39cd	—	2023-02-22
FileHash-SHA256	88ab8b7a1f4b611175289d599907dce20ac7811cf41bb381113bd0fbd0d61f38	—	2023-02-22
FileHash-SHA256	8c96b16378a9dcde0c978802803cf4ba4d7e5eac7dd9441fd42c81c60aa3a9ab	—	2023-02-22
FileHash-SHA256	aa2ded208f2ad9faf6613f590780779cb7476b8fba272a1e03434ff640b154ac	—	2023-02-22
FileHash-SHA256	c886a0bfd528534bde86a0334082d443d01c012b62f60f0282ce03f0484a077e	—	2023-02-22
FileHash-SHA256	cf282d15ba1252f8ca01d42f1bea17f8f3a6d065a04c5ef86e9feb060221b597	—	2023-02-22
FileHash-SHA256	d604b6ed63f8f1a245500a099090077198928ec458da68cc9a18befa6cca47f1	—	2023-02-22
FileHash-SHA256	db5fb14dd0b8227895f1c1f58ea72496913d6a186a37ab65ed8993943521a9ef	—	2023-02-22
FileHash-SHA256	e65142d042d584da3d69e1ccd4ca6c1098fc83cd56b90ce553be1cdb6551822f	—	2023-02-22
FileHash-SHA256	ee1047e0d62afb8ecfa9160ed19d2e85646726373b496f7aeeb44e41685d1c4e	—	2023-02-22
FileHash-SHA256	f27161f72a8731fbf5297a0043b6273e1342fc8d660688e114c59c3c65d2bd62	—	2023-02-22
FileHash-SHA256	f5f1eeb93a9ee1347f30c0b72d2d067a492ea44834c8b1a43b7db1e7f50eb721	—	2023-02-22
FileHash-SHA256	fe77f6b09db79fd57c4c80839dfff115c041a6fb8363f5983053a7d078c60b4c	—	2023-02-22
URL	http://102.156.253.86:443	—	2023-02-22
URL	http://103.123.223.168:443	—	2023-02-22
URL	http://103.140.174.19:2222	—	2023-02-22
URL	http://103.141.50.102:995	—	2023-02-22
URL	http://103.144.201.53:2078	—	2023-02-22
URL	http://103.231.216.238:443	—	2023-02-22
URL	http://103.252.7.231:443	—	2023-02-22
URL	http://104.35.24.154:443	—	2023-02-22
URL	http://107.146.12.26:2222	—	2023-02-22
URL	http://108.190.203.42:995	—	2023-02-22
URL	http://109.11.175.42:2222	—	2023-02-22
URL	http://109.151.144.37:443	—	2023-02-22
URL	http://114.143.176.234:443	—	2023-02-22
URL	http://114.79.180.14:995	—	2023-02-22
URL	http://116.72.250.18:443	—	2023-02-22
URL	http://116.74.164.26:443	—	2023-02-22
URL	http://12.172.173.82:20	—	2023-02-22
URL	http://12.172.173.82:2087	—	2023-02-22
URL	http://12.172.173.82:21	—	2023-02-22
URL	http://12.172.173.82:32101	—	2023-02-22
URL	http://12.172.173.82:465	—	2023-02-22
URL	http://12.172.173.82:50001	—	2023-02-22
URL	http://12.172.173.82:990	—	2023-02-22
URL	http://12.172.173.82:995	—	2023-02-22
URL	http://122.184.143.82:443	—	2023-02-22
URL	http://124.122.56.144:443	—	2023-02-22
URL	http://125.99.69.178:443	—	2023-02-22
URL	http://136.232.184.134:995	—	2023-02-22
URL	http://14.192.241.76:995	—	2023-02-22
URL	http://147.219.4.194:443	—	2023-02-22
URL	http://149.74.159.67:2222	—	2023-02-22
URL	http://162.248.14.107:443	—	2023-02-22
URL	http://172.248.42.122:443	—	2023-02-22
URL	http://173.18.126.3:443	—	2023-02-22
URL	http://174.104.184.149:443	—	2023-02-22
URL	http://176.142.207.63:443	—	2023-02-22
URL	http://180.151.108.14:443	—	2023-02-22
URL	http://181.164.217.211:443	—	2023-02-22
URL	http://183.87.163.165:443	—	2023-02-22
URL	http://184.176.35.223:2222	—	2023-02-22
URL	http://184.68.116.146:3389	—	2023-02-22
URL	http://184.68.116.146:61202	—	2023-02-22
URL	http://190.75.95.164:2222	—	2023-02-22
URL	http://197.92.136.122:443	—	2023-02-22
URL	http://198.2.51.242:993	—	2023-02-22
URL	http://2.50.47.74:443	—	2023-02-22
URL	http://201.244.108.183:995	—	2023-02-22
URL	http://202.142.98.62:443	—	2023-02-22
URL	http://202.142.98.62:995	—	2023-02-22
URL	http://202.186.177.88:443	—	2023-02-22
URL	http://202.187.232.161:995	—	2023-02-22
URL	http://205.164.227.222:443	—	2023-02-22
URL	http://213.67.255.57:2222	—	2023-02-22
URL	http://217.165.1.53:2222	—	2023-02-22
URL	http://24.239.69.244:443	—	2023-02-22
URL	http://24.9.220.167:443	—	2023-02-22
URL	http://27.0.48.233:443	—	2023-02-22
URL	http://35.143.97.145:995	—	2023-02-22
URL	http://41.99.50.76:443	—	2023-02-22
URL	http://45.50.233.214:443	—	2023-02-22
URL	http://46.10.198.107:443	—	2023-02-22
URL	http://47.21.51.138:443	—	2023-02-22
URL	http://47.21.51.138:995	—	2023-02-22
URL	http://47.34.30.133:443	—	2023-02-22
URL	http://49.175.72.56:443	—	2023-02-22
URL	http://49.245.82.178:2222	—	2023-02-22
URL	http://50.67.17.92:443	—	2023-02-22
URL	http://50.68.186.195:443	—	2023-02-22
URL	http://50.68.204.71:443	—	2023-02-22
URL	http://50.68.204.71:993	—	2023-02-22
URL	http://50.68.204.71:995	—	2023-02-22
URL	http://58.247.115.126:995	—	2023-02-22
URL	http://59.28.84.65:443	—	2023-02-22
URL	http://64.237.185.60:443	—	2023-02-22
URL	http://66.191.69.18:995	—	2023-02-22
URL	http://67.10.175.47:2222	—	2023-02-22
URL	http://67.61.71.201:443	—	2023-02-22
URL	http://68.150.18.161:443	—	2023-02-22
URL	http://68.173.170.110:8443	—	2023-02-22
URL	http://69.133.162.35:443	—	2023-02-22
URL	http://70.160.80.210:443	—	2023-02-22
URL	http://70.64.77.115:443	—	2023-02-22
URL	http://70.77.116.233:443	—	2023-02-22
URL	http://71.212.147.224:2222	—	2023-02-22
URL	http://71.31.101.183:443	—	2023-02-22
URL	http://72.203.216.98:2222	—	2023-02-22
URL	http://72.80.7.6:50003	—	2023-02-22
URL	http://73.161.176.218:443	—	2023-02-22
URL	http://73.165.119.20:443	—	2023-02-22
URL	http://73.78.215.104:443	—	2023-02-22
URL	http://74.33.196.114:443	—	2023-02-22
URL	http://74.58.71.237:443	—	2023-02-22
URL	http://74.93.148.97:995	—	2023-02-22
URL	http://75.141.227.169:443	—	2023-02-22
URL	http://75.143.236.149:443	—	2023-02-22
URL	http://75.98.154.19:443	—	2023-02-22
URL	http://76.170.252.153:995	—	2023-02-22
URL	http://76.80.180.154:995	—	2023-02-22
URL	http://77.124.6.149:443	—	2023-02-22
URL	http://77.86.98.236:443	—	2023-02-22
URL	http://78.84.123.237:995	—	2023-02-22
URL	http://80.0.74.165:443	—	2023-02-22
URL	http://80.13.205.69:2222	—	2023-02-22
URL	http://80.47.57.131:2222	—	2023-02-22
URL	http://81.229.117.95:2222	—	2023-02-22
URL	http://82.127.204.82:2222	—	2023-02-22
URL	http://84.35.26.14:995	—	2023-02-22
URL	http://86.150.47.219:443	—	2023-02-22
URL	http://86.202.48.142:2222	—	2023-02-22
URL	http://86.225.214.138:2222	—	2023-02-22
URL	http://86.99.54.39:2222	—	2023-02-22
URL	http://88.126.94.4:50000	—	2023-02-22
URL	http://89.32.159.192:995	—	2023-02-22
URL	http://90.104.22.28:2222	—	2023-02-22
URL	http://90.78.138.217:2222	—	2023-02-22
URL	http://92.97.203.51:2222	—	2023-02-22
URL	http://95.242.101.251:995	—	2023-02-22
URL	http://98.145.23.67:443	—	2023-02-22
URL	http://98.147.155.235:443	—	2023-02-22
URL	https://autoingress.com.au/b1krz/09	—	2023-02-22
URL	https://premiumtrstcouriers.com/NP.php	—	2023-02-22
URL	https://zuericherblatt.com/RRE.php	—	2023-02-22
domain	2fgithub.com	—	2023-02-22
domain	autoingress.com.au	—	2023-02-22
domain	click.compare	—	2023-02-22
domain	click.contact	—	2023-02-22
domain	click.discover	—	2023-02-22
domain	click.open	—	2023-02-22
domain	click.org	—	2023-02-22
domain	click.talk	—	2023-02-22
domain	click.zero	—	2023-02-22
domain	continue.email	—	2023-02-22
domain	github.co	—	2023-02-22
domain	goods.one	—	2023-02-22
domain	premiumtrstcouriers.com	—	2023-02-22
domain	repository.click	—	2023-02-22
domain	signup.team	—	2023-02-22
domain	submit.org	—	2023-02-22
domain	zuericherblatt.com	—	2023-02-22

References (1)

↗ https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB16_22.02.2023.txt