Pulse Detail — Threat Intelligence

PULSE NAME

Qakbot IOCs - @Cryptolaemus 4/6/23 - obama249

WHITE Techronik 2023-04-07 Modified: 2023-05-07

168

IOCs

HIGH VOLUME

Qakbot IOCs - @Cryptolaemus 4/6/23 - obama249 https://twitter.com/Cryptolaemus1/status/1644032245471096832 https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama249_06.04.2023.txt

qakbot

MITRE ATT&CK & Malware Families

MALWARE FAMILIES

QakBot

Indicators of Compromise (168)

All URL FileHash-SHA1 FileHash-SHA256 domain

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://github.co/hiddenchars	—	2023-04-07
FileHash-SHA1	1f178a5826a16a68a898722ead5d8b12b2caa57d	—	2023-04-07
FileHash-SHA256	0eb6b3f8f9e836379027dfb960b38d7c8bdc200523daf8f4d3aee43a164dcf70	—	2023-04-07
FileHash-SHA256	1ef7dc42ea4f515356666ab71022679f78e5dc4d1be403d42e72ec94e8f0a870	—	2023-04-07
FileHash-SHA256	2a84822a832da97f1ea76cf989a357ec70c85713a2fd8f14c8421b76bbffe38c	—	2023-04-07
FileHash-SHA256	2acadc985caeaf510b6c8e484b9f144634dc6d6df3a1bd8aa35068697d800ebe	—	2023-04-07
FileHash-SHA256	36594c4b94e8ac81f5166047fca2d06c28b5f3d30e7ce11e741ae1976b0c2111	—	2023-04-07
FileHash-SHA256	36daec65ba6ac03f1084f51ac80cb72416b7c51e4da304fec1ede9436a702a7b	—	2023-04-07
FileHash-SHA256	44bf95374d80ce9e9b0f88ad0bee7705cc0e1dba611e7d90b0bc03c8a9d360d3	—	2023-04-07
FileHash-SHA256	47d684faeb70bc60472cc1a664c82c87bb2781f83e1e137f69b34ce57f47b5f2	—	2023-04-07
FileHash-SHA256	581425c0eaaa5e5e53c5b736f58a14dbe5d38b0be425901738ad0670bd1d5a33	—	2023-04-07
FileHash-SHA256	66f16b172313af45832d31034c4af79935565775b15a2e7e6c0ece4e0c0bc6c9	—	2023-04-07
FileHash-SHA256	88809d29e9214e8dd8b1a7740ae2eff251da821d9654a96a50f6b9c123b51e7e	—	2023-04-07
FileHash-SHA256	8aca622f857e128ad31f30dbc1116e98c516c280f36b1bb088b7179b734c7fd2	—	2023-04-07
FileHash-SHA256	8c96582e5079f3aefd2f99f40966f0fd496c857f8a8af854afdbe4f67d666441	—	2023-04-07
FileHash-SHA256	906f9fcc6981f2cf2870dc153eb01a10ad14811add4c622137c867a0a296b972	—	2023-04-07
FileHash-SHA256	93cf473ce9f8e17a564b01f08ac7a87ba9a3db91ef5215fb86fde2f1a3eec381	—	2023-04-07
FileHash-SHA256	98f4e0ca0b70ef76b2a789e75390a295d6d0026392210c5ef1e18a2d48fb8d92	—	2023-04-07
FileHash-SHA256	9bacd245abeba811a02e54c481c8b712193d407a79201219be970f6a7b79afb3	—	2023-04-07
FileHash-SHA256	a7dc26ec1f672db9ba419017ad36fd95a3d5bfba0c1b0c92a19dc5b1721bd9a9	—	2023-04-07
FileHash-SHA256	a99e254e7763727d0718121190488b625741a3fec780b08e6d06729a93bac721	—	2023-04-07
FileHash-SHA256	bc6d0620f71bfae485ec1a1b4154d9e490456b53afbc0b5075f913e2d612c15a	—	2023-04-07
URL	http://102.156.77.237:443	—	2023-04-07
URL	http://103.123.223.141:443	—	2023-04-07
URL	http://103.140.174.20:2222	—	2023-04-07
URL	http://103.141.50.151:995	—	2023-04-07
URL	http://103.42.86.42:995	—	2023-04-07
URL	http://104.35.24.154:443	—	2023-04-07
URL	http://107.146.12.26:2222	—	2023-04-07
URL	http://109.11.175.42:2222	—	2023-04-07
URL	http://112.222.83.147:6881	—	2023-04-07
URL	http://116.72.250.18:443	—	2023-04-07
URL	http://116.74.163.233:443	—	2023-04-07
URL	http://119.82.123.160:443	—	2023-04-07
URL	http://12.172.173.82:20	—	2023-04-07
URL	http://12.172.173.82:2087	—	2023-04-07
URL	http://12.172.173.82:21	—	2023-04-07
URL	http://12.172.173.82:22	—	2023-04-07
URL	http://12.172.173.82:32101	—	2023-04-07
URL	http://12.172.173.82:465	—	2023-04-07
URL	http://12.172.173.82:50001	—	2023-04-07
URL	http://12.172.173.82:993	—	2023-04-07
URL	http://12.172.173.82:995	—	2023-04-07
URL	http://122.184.143.83:443	—	2023-04-07
URL	http://122.186.210.254:443	—	2023-04-07
URL	http://136.232.184.134:995	—	2023-04-07
URL	http://136.244.25.165:443	—	2023-04-07
URL	http://139.226.47.229:995	—	2023-04-07
URL	http://147.219.4.194:443	—	2023-04-07
URL	http://149.74.159.67:2222	—	2023-04-07
URL	http://161.142.103.5:995	—	2023-04-07
URL	http://162.248.14.107:443	—	2023-04-07
URL	http://172.115.17.50:443	—	2023-04-07
URL	http://174.21.64.35:2222	—	2023-04-07
URL	http://174.4.89.3:443	—	2023-04-07
URL	http://178.175.187.254:443	—	2023-04-07
URL	http://183.87.163.165:443	—	2023-04-07
URL	http://184.153.132.82:443	—	2023-04-07
URL	http://186.64.87.204:443	—	2023-04-07
URL	http://188.176.171.3:443	—	2023-04-07
URL	http://193.200.17.207/D84SxHH3.dat	—	2023-04-07
URL	http://193.253.100.236:2222	—	2023-04-07
URL	http://197.204.212.124:443	—	2023-04-07
URL	http://197.92.131.255:443	—	2023-04-07
URL	http://198.2.51.242:993	—	2023-04-07
URL	http://2.36.64.159:2078	—	2023-04-07
URL	http://2.82.8.80:443	—	2023-04-07
URL	http://201.244.108.183:995	—	2023-04-07
URL	http://202.142.98.62:443	—	2023-04-07
URL	http://202.142.98.62:995	—	2023-04-07
URL	http://206.53.48.21/CgbgpzhV.dat	—	2023-04-07
URL	http://206.53.48.21/CgbgpzhV.dat&quot	—	2023-04-07
URL	http://213.67.139.53:2222	—	2023-04-07
URL	http://213.91.235.146:443	—	2023-04-07
URL	http://24.206.27.39:443	—	2023-04-07
URL	http://24.236.90.196:2078	—	2023-04-07
URL	http://27.0.48.233:443	—	2023-04-07
URL	http://35.143.97.145:995	—	2023-04-07
URL	http://36.152.128.2:6883	—	2023-04-07
URL	http://41.98.24.187:443	—	2023-04-07
URL	http://43.243.215.206:443	—	2023-04-07
URL	http://45.50.233.214:443	—	2023-04-07
URL	http://45.59.170.48/ICxWIEF.dat	—	2023-04-07
URL	http://45.63.69.116/WJ7kfCzlRpz.dat	—	2023-04-07
URL	http://47.205.25.170:443	—	2023-04-07
URL	http://47.21.51.138:443	—	2023-04-07
URL	http://47.34.30.133:443	—	2023-04-07
URL	http://49.175.72.99:443	—	2023-04-07
URL	http://49.245.95.124:2222	—	2023-04-07
URL	http://50.68.186.195:443	—	2023-04-07
URL	http://50.68.204.71:443	—	2023-04-07
URL	http://50.68.204.71:993	—	2023-04-07
URL	http://50.68.204.71:995	—	2023-04-07
URL	http://59.153.96.4:443	—	2023-04-07
URL	http://59.28.84.65:443	—	2023-04-07
URL	http://64.121.161.102:443	—	2023-04-07
URL	http://67.10.2.240:995	—	2023-04-07
URL	http://68.227.249.138:443	—	2023-04-07
URL	http://69.123.4.221:2222	—	2023-04-07
URL	http://69.133.162.35:443	—	2023-04-07
URL	http://70.112.206.5:443	—	2023-04-07
URL	http://70.160.80.210:443	—	2023-04-07
URL	http://70.28.50.223:1194	—	2023-04-07
URL	http://70.28.50.223:2083	—	2023-04-07
URL	http://70.28.50.223:2087	—	2023-04-07
URL	http://70.28.50.223:32100	—	2023-04-07
URL	http://70.64.77.115:443	—	2023-04-07
URL	http://71.171.83.69:443	—	2023-04-07
URL	http://71.31.100.192:443	—	2023-04-07
URL	http://71.31.232.65:995	—	2023-04-07
URL	http://71.38.155.217:443	—	2023-04-07
URL	http://72.134.124.16:443	—	2023-04-07
URL	http://72.200.109.104:443	—	2023-04-07
URL	http://72.203.216.98:2222	—	2023-04-07
URL	http://73.36.196.11:443	—	2023-04-07
URL	http://75.109.111.89:443	—	2023-04-07
URL	http://75.143.236.149:443	—	2023-04-07
URL	http://75.98.154.19:443	—	2023-04-07
URL	http://76.170.252.153:995	—	2023-04-07
URL	http://76.178.148.107:2222	—	2023-04-07
URL	http://76.80.180.154:993	—	2023-04-07
URL	http://77.126.11.114:443	—	2023-04-07
URL	http://80.12.88.148:2222	—	2023-04-07
URL	http://81.101.185.146:443	—	2023-04-07
URL	http://81.229.117.95:2222	—	2023-04-07
URL	http://83.77.208.166:2222	—	2023-04-07
URL	http://84.155.13.118:995	—	2023-04-07
URL	http://84.35.26.14:995	—	2023-04-07
URL	http://85.59.61.52:2222	—	2023-04-07
URL	http://85.61.165.153:2222	—	2023-04-07
URL	http://86.130.9.243:2222	—	2023-04-07
URL	http://86.225.214.138:2222	—	2023-04-07
URL	http://86.98.23.66:443	—	2023-04-07
URL	http://88.126.94.4:50000	—	2023-04-07
URL	http://90.211.192.113:443	—	2023-04-07
URL	http://90.55.106.37:2222	—	2023-04-07
URL	http://90.93.132.149:2222	—	2023-04-07
URL	http://91.199.147.177/15k0wIeUm6.dat	—	2023-04-07
URL	http://92.1.170.110:995	—	2023-04-07
URL	http://92.154.17.149:2222	—	2023-04-07
URL	http://92.186.69.229:2222	—	2023-04-07
URL	http://92.189.214.236:2222	—	2023-04-07
URL	http://92.9.45.20:2222	—	2023-04-07
URL	http://94.131.117.30/9rpYkeAdQvnl.dat	—	2023-04-07
URL	http://95.60.243.64:995	—	2023-04-07
URL	http://96.87.28.170:2222	—	2023-04-07
URL	http://98.145.23.67:443	—	2023-04-07
URL	http://98.147.155.235:443	—	2023-04-07
URL	http://99.228.131.116:2222	—	2023-04-07
URL	http://add-vetcare.com/blog/642ed5efe0c29.zip	—	2023-04-07
URL	http://firoomsishospital.com/blog/642ed5c9bba97.zip	—	2023-04-07
URL	http://prodimetal.com/blog/642ed6936d31b.zip	—	2023-04-07
domain	2fgithub.com	—	2023-04-07
domain	add-vetcare.com	—	2023-04-07
domain	click.compare	—	2023-04-07
domain	click.contact	—	2023-04-07
domain	click.discover	—	2023-04-07
domain	click.open	—	2023-04-07
domain	click.org	—	2023-04-07
domain	click.talk	—	2023-04-07
domain	click.zero	—	2023-04-07
domain	continue.email	—	2023-04-07
domain	firoomsishospital.com	—	2023-04-07
domain	github.co	—	2023-04-07
domain	prodimetal.com	—	2023-04-07
domain	repository.click	—	2023-04-07
domain	signup.team	—	2023-04-07
domain	submit.org	—	2023-04-07

References (1)

↗ https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama249_06.04.2023.txt