ioc[.]one - OSINT Cyber Threat Intelligence Database

Hibernating Qakbot: A Comprehensive Study and In-depth Campaign Analysis

Tags

cmtmf-attack-pattern:	Application Layer Protocol Command And Scripting Interpreter Obfuscated Files Or Information Process Injection
country:	Argentina Brazil Canada Netherlands Germany France India Italy Laos United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Add-Ins - T1137.006 Application Layer Protocol - T1437 Command And Scripting Interpreter - T1623 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Dll Search Order Hijacking - T1574.001 Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 File Deletion - T1070.004 File Deletion - T1630.002 Financial Theft - T1657 Hidden Files And Directories - T1564.001 Html Smuggling - T1027.006 Ip Addresses - T1590.005 Javascript - T1059.007 System Network Configuration Discovery - T1422 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Connection Proxy - T1090 Credential Dumping - T1003 Dll Search Order Hijacking - T1038 Dll Side-Loading - T1073 File Deletion - T1107 Hidden Files And Directories - T1158 Indirect Command Execution - T1202 Modify Registry - T1112 Standard Non-Application Layer Protocol - T1095 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Injection - T1055 Registry Run Keys / Start Folder - T1060 Scheduled Task - T1053 Signed Binary Proxy Execution - T1218 System Network Configuration Discovery - T1016 Windows Management Instrumentation - T1047 User Execution - T1204 User Execution

Show in Graph

Common Information

Type	Value
UUID	373e641c-1e56-42f1-bc49-77a4c5f7c9a2
Fingerprint	a50d08aca7b70fcd
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 18, 2023, midnight
Added to db	Nov. 19, 2023, 3:54 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Zscaler Blog
Title	Hibernating Qakbot: A Comprehensive Study and In-depth Campaign Analysis
Detected Hints/Tags/Attributes	129/4/85

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/security-research/hibernating-qakbot-comprehensive-study-and-depth-campaign-analysis

URL Provider

Details	Provider	Source level domain
Details	zscaler.com	www.zscaler.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	406	✔	Security Research \| Blog Category Feed	https://www.zscaler.com/blogs/feeds/security-research	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	jbdata.com.ng
Details	Domain	1	superspeedtransports.com
Details	Domain	1	aadilmehmood.com
Details	Domain	1	azarmadar.com
Details	Domain	1	gurtek.com.tr
Details	Domain	4	graficalevi.com.br
Details	Domain	1	iquodigital.com
Details	Domain	3	zainco.net
Details	Domain	1	eaglewingsuae.com
Details	Domain	1	643d2215dacb3.zip
Details	Domain	1	logswalker.com
Details	Domain	1	inspiratour.co.id
Details	Domain	1	tsopexfzrf.zip
Details	File	165	reg.exe
Details	File	18	1.dat
Details	File	14	2.dat
Details	File	8	3.dat
Details	File	137	conhost.exe
Details	File	1	qs.php
Details	File	1	exi.php
Details	File	1	delectusfuga.php
Details	File	1	643d2215dacb3.zip
Details	File	1	asxbaqnfj98.dat
Details	File	1	tsopexfzrf.zip
Details	File	1	a2nzbs476.dat
Details	md5	1	c986136d713f71449ad8ba970379d306
Details	md5	1	3607ad95e33dd12803af676597df5c6a
Details	md5	1	770453c5d3ed689a451d55e947764742
Details	md5	1	755a25e36cbf87b7e4415de2fdf0f9e3
Details	md5	1	1a90b0c2129b8a552b6ec751ef1e6caa
Details	md5	1	e2a21a2a7f5d2d85c0bcda95d6d0fc03
Details	md5	1	74ee45a7dc4ca40eaaf817dc5959328d
Details	md5	1	dd27c04bc998f69467c2c81c53a111ab
Details	md5	1	789e3789de0eb630000adb1a2ed27d7e
Details	md5	1	e94c5f36ec0cccccb231e1cd04f2a646
Details	md5	2	19c1526182fe5ed0f1abfafc98d84df9
Details	md5	1	cccda4837024a71fa74ceb420b5e854e
Details	md5	1	2bc1cbc8c8f54245ca0fefb49c229f77
Details	md5	1	2394742a2c6fa05327cf1d48767af727
Details	md5	1	fb5ca6825e52d72a2010c8474ddaaa41
Details	md5	1	91fb1dcf5a6222262fd7fa77019bb1e4
Details	md5	1	68781578b0b58e21177c7b71f9b85567
Details	md5	1	ff58f9cf0740aead678d9e36c0782894
Details	md5	1	2342ee9c7520abef3700b0fddf825c71
Details	md5	1	03c8cd94f624ae6074c8facb973d4b9d
Details	md5	1	65f256e4ce4013742f2b59d869b6c663
Details	md5	1	4deae2c9f1f455670f2e091ce7e0b4e1
Details	md5	1	77079f381ac044ad7a3df18607657f74
Details	md5	1	8056b3bafd82ce7e6156f1b3f314db52
Details	md5	1	e1031ce77dde7a368159a9dd0ed7e6d4
Details	md5	1	cb93c679ed14fe409df9a6cb564e488f
Details	md5	1	ce0d0ef75f3d7da7ba434a2017905132
Details	md5	1	f42544fe0db583e4b836e4b8cfc52802
Details	md5	1	842fb152664671ca137b8ae390900fa6
Details	md5	1	934feee5657b08faec80a29cd2a77acc
Details	md5	1	2b652290e80db5de823a915145eff417
Details	md5	2	55027a65b1889b0642dbce8f39f4ba74
Details	md5	1	48f68450df1ca26e3fb1d7c07d0fd836
Details	md5	2	fce88b20bceebd0bfed68131820efab6
Details	IPv4	4	88.126.94.4
Details	IPv4	1	85.239.52.29
Details	IPv4	3	45.66.248.9
Details	IPv4	1	77.91.100.135
Details	IPv4	2	45.155.37.101
Details	IPv4	1	149.102.225.18
Details	IPv4	1	207.148.14.105
Details	IPv4	1	5.42.221.144
Details	IPv4	2	109.172.45.9
Details	Url	1	https://jbdata.com.ng/uq/uq.php?88748
Details	Url	1	https://superspeedtransports.com/qs/qs.php?59697
Details	Url	1	https://aadilmehmood.com/oab/oab.php?24149
Details	Url	1	https://azarmadar.com/auql/120
Details	Url	1	http://gurtek.com.tr/exi/exi.php
Details	Url	1	https://graficalevi.com.br/0p6p/vlsyx
Details	Url	1	https://iquodigital.com/eps/delectusfuga.php
Details	Url	1	https://zainco.net/odou/5k4ll56eofo
Details	Url	1	http://eaglewingsuae.com/wicd/643d2215dacb3.zip
Details	Url	1	http://77.91.100.135/asxbaqnfj98.dat
Details	Url	1	https://logswalker.com/af8hy9p/2
Details	Url	1	https://inspiratour.co.id/tsopexfzrf/tsopexfzrf.zip
Details	Url	1	http://45.155.37.101/a2nzbs476.dat
Details	Url	1	http://149.102.225.18/a2nzbs476.dat
Details	Url	1	http://207.148.14.105/a2nzbs476.dat
Details	Url	1	http://5.42.221.144/a2nzbs476.dat
Details	Url	2	http://109.172.45.9/leq/15