ioc[.]one - OSINT Cyber Threat Intelligence Database

Tracking 15 Years of Qakbot Development

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Cron - T1053.003 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Connection Proxy - T1090 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	99027038-7674-4e2d-8d64-dd477a5ec3f0
Fingerprint	ed910ca825f11ecd
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 31, 2024, midnight
Added to db	Aug. 31, 2024, 10:43 a.m.
Last updated	Nov. 17, 2024, 6:49 p.m.
Headline	Tracking 15 Years of Qakbot Development
Title	Tracking 15 Years of Qakbot Development
Detected Hints/Tags/Attributes	86/2/192

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/security-research/tracking-15-years-qakbot-development

URL Provider

Details	Provider	Source level domain
Details	zscaler.com	www.zscaler.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	406	✔	Security Research \| Blog Category Feed	https://www.zscaler.com/blogs/feeds/security-research	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	File	10	frida-winjector-helper-32.exe
Details	File	7	packetcapture.exe
Details	File	29	filemon.exe
Details	File	8	proc_analyzer.exe
Details	File	11	sniff_hit.exe
Details	File	8	frida-winjector-helper-64.exe
Details	File	7	capturenet.exe
Details	File	74	procmon.exe
Details	File	13	sysanalyzer.exe
Details	File	22	tcpdump.exe
Details	File	16	idaq64.exe
Details	File	3	behaviordumper.exe
Details	File	22	windump.exe
Details	File	30	dumpcap.exe
Details	File	4	loaddll32.exe
Details	File	19	joeboxcontrol.exe
Details	File	2	processdumperx64.exe
Details	File	17	ethereal.exe
Details	File	1260	explorer.exe
Details	File	14	petools.exe
Details	File	19	joeboxserver.exe
Details	File	3	anti-virus.exe
Details	File	71	wireshark.exe
Details	File	6	not_rundll32.exe
Details	File	11	importrec.exe
Details	File	11	resourcehacker.exe
Details	File	2	sysinfox64.exe
Details	File	15	ettercap.exe
Details	File	56	processhacker.exe
Details	File	17	lordpe.exe
Details	File	23	x64dbg.exe
Details	File	2	sctoolswrapper.exe
Details	File	7	rtsniff.exe
Details	File	29	tcpview.exe
Details	File	7	sysinspector.exe
Details	File	24	fiddler.exe
Details	File	2	fakeexplorer.exe
Details	File	3	apimonitor-x86.exe
Details	File	17	idaq.exe
Details	File	2	dumper64.exe
Details	File	2	user_imitator.exe
Details	File	1	'res.bin
Details	md5	1	34588857312371e4b789fb49d2606386
Details	md5	1	8c33780752e14b73840fb5cff9d31ba1
Details	md5	1	37bbdaf1d14efa438f9ff34d8eeaa5e7
Details	md5	1	d02252d88c3eab14488e6b404d2534eb
Details	md5	1	b9e23bc3e496a159856fd60e397452a0
Details	md5	1	570547fa75c15e6eb9e651f2a2ee0749
Details	md5	1	42e724dc232c4055273abb1730d89f28
Details	md5	1	9160ea12dbce912153b15db421bb87da
Details	md5	1	945ba16316c8a6a8428f0b50db0381dc
Details	md5	1	dca0ef26493b9ac3172adf931f1a3499
Details	md5	1	6718c6af4b89cffd9b6e0c235cf85bd2
Details	md5	1	8fbb43dc853d0b95829112931493fe22
Details	md5	1	72125013ac58d05adb32b7406b02c296
Details	md5	1	3b4a2e984a51210d0594c9b555ba4e0d
Details	md5	1	f952dc1e942ebdfb95a2347263265438
Details	md5	1	b849381ab6a4e97d32580bb52d15cb7d
Details	md5	1	dc8b137d5d61b23dbbb6085ce46bfcdb
Details	md5	1	327a5e491d6db899d9db4c6bdc8f5367
Details	md5	1	e3b0e54777ca9fd9863e3563a1b7dd59
Details	md5	1	2e9261e75e15540ef88327a480a5b10e
Details	md5	1	a472b9dd64198d739c6e415bbcae8a6f
Details	md5	1	8609e6e4d01d9ef755832b326450cbe9
Details	md5	1	a7cc19cde3a1a78b506410e4ffafdbef
Details	md5	1	581016035f95327e7e1daac3ad55ae0e
Details	md5	1	361d46f32a93786b34b2ac225efc0f79
Details	md5	1	89e6f171c29255d6b4490774c630ad14
Details	md5	1	ff186a1ef9e83c229940ff2dd4556eaf
Details	md5	1	bea66da7088bd20adbfed57cf350a6a4
Details	md5	1	1cd7a95064515625ad90464a65ea4d94
Details	md5	1	08c51514a42eec6ccbbc7a09a8258419
Details	md5	1	d8ff9d18cd622c545d21b199a2d17594
Details	md5	1	2e658f5fa658651331cb5b16447bdbe2
Details	md5	1	ca22283396dbe21fa2ef5e27c85ffae6
Details	md5	1	e9d0e767a5c5284ab33a3bb80687cf63
Details	md5	1	d8841201c9d32b5e885f4d035e32f654
Details	md5	1	82d7c5ea49c97059bbec02161b36f468
Details	md5	1	163ee88405bccc383c7b69c39028bf9a
Details	md5	1	acf65632b7cdc40091daec58bf8830bc
Details	md5	1	455c543243f5216e21ba045814311971
Details	md5	1	cfc77e4421d830e73c6f6040a4baedd4
Details	md5	1	40a9bdac882285ab844917d8b5b75188
Details	md5	1	6b1771b883c0b3ffdc3f5923f45c1f93
Details	md5	1	0a3caa2845251b8fb5ab72f450edd488
Details	md5	1	4a6e7f055d5bf4fd6d2a401c1b3d18ab
Details	md5	1	dc2acf1704456880208146c91692cfc8
Details	md5	1	3ca1f0e708283f21c9a10ef4acf40990
Details	md5	1	1e71ea79c5a70bb8c729037132855b5a
Details	md5	1	66a87dbc24af866849646911f4841a28
Details	md5	1	25984af48fa27ec36bd257f8478aa628
Details	md5	1	c1849c1ee3b8146c6fb836dae0b64652
Details	md5	1	d45e04df3c9270a01e9fb9e4e8006acc
Details	md5	1	9a1c1497428743b4e199f2583f3d8390
Details	md5	1	0865757dfe54c2d01c5cef5bfd3162c5
Details	md5	1	c6dea1f4e6ee1ed4c0383cd1af456649
Details	md5	1	1d4952cbe998312fd2bf810535db8a20
Details	md5	1	6cce1ec83d1428de9fcb0c3791efabd1
Details	md5	1	e111d982dc0c12f23fa3f446d674600b
Details	md5	1	751f7d8ad6b2308cd1750fc23f606b53
Details	md5	1	8bb4208a50c041f9cdfc26815905eab3
Details	md5	1	bcb8e64c5a69c7a572ca34450712fb2f
Details	md5	1	54e3f20f74c1089e89841798ffaac084
Details	md5	1	95adeb6a1c1e0a9d9ee4ecafb6079b37
Details	md5	1	da206d25fddf3286f42ec7626d8bb676
Details	md5	1	3ba490216d4cdf92661444d896fefac3
Details	md5	1	8fa26ff07c3b5e1653e55b8a567b7623
Details	md5	1	1253695c63136edb1f6b37bbfd83db55
Details	md5	1	2853985cab3c5b83eec38ae1f3a890be
Details	md5	1	5e7deb4acb4429498693bc45db68978a
Details	md5	1	2273dd59ca71c4f078cab09d93093294
Details	md5	1	40d5e775a52c94842c97d012eb94efdc
Details	md5	1	f1d47a4dc1d11b17e51419299dc282e4
Details	md5	1	2f17bd9f4b9edd91a7fd80ef32981f70
Details	md5	1	7dcbd74778754eee85810a4393d8e3ef
Details	md5	1	e9e9d194f3ee9822852309cc83455eea
Details	md5	1	019117f66e43de489b3ff56377f9907b
Details	md5	1	28f84ffa14c7ef3936a00d3bd751bdb3
Details	md5	1	d88ee89344d04f83eacd3614785560ef
Details	md5	1	3ff9d9dbf8c7a6865faeb43188afa6b4
Details	md5	1	3e86ac10b4e7d818e0f410130bb7f237
Details	md5	1	377acb7149fdfa56c090d9a12619a53c
Details	md5	1	e5ebdec7417ad847e4325c4114e41809
Details	md5	1	c23d2cd7d10a5f88032ddfcab4cfe146
Details	md5	1	050ce5fb25ffd3e907a5c81a6711fcea
Details	md5	1	b857efb30d9e35bc83a294580ad8cc3a
Details	md5	1	6dc027269262b93351633eb8af4623ef
Details	md5	1	e5eb07b009ca666f91ef5fe48269ca52
Details	md5	1	0971b8e78fcc6f9158e279376116c8c4
Details	md5	1	4fbebc9879ec1f95e759cb8b5d9fb89d
Details	md5	1	66a0741f8f43b584e387459b367097c1
Details	md5	1	6d61a88890be4ab5116cb712ff7788f4
Details	md5	1	da75924c717524a8d17de126f8368ec4
Details	md5	1	5971c4a485e881268ca28f24fdedc4e5
Details	md5	1	22e45a212998d2ee264b6756b2972901
Details	md5	1	accc6d9ba88040c89df34ef1749944d1
Details	md5	1	22b3cb9b0bacd525a83aab5b1a853f63
Details	md5	1	bebebd4e16a88f43f16e4c6c811c9894
Details	md5	1	cafb7b2f8383cf9686f144dc2082f287
Details	md5	1	6e3b4252903c0f3a153e011445ad2179
Details	md5	1	3e3bc981a7fdbae10b40cd6683edacbb
Details	md5	1	a12dd4324bbf1129d9fae1b3d1e6b9ca
Details	md5	1	ebec03d53d716cd780c92c5c29a95e6b
Details	md5	1	5e4c95b2c1b14a8a0f425576189fae60
Details	md5	1	8aec3f3ef66e4ff118bfdab1d031eadb
Details	md5	1	46e169516479d0614b663f302b5d1ace
Details	md5	1	795319d48ce1f680699beb03317c6bff
Details	md5	1	de1d9ed6da4f34b4444b13442aac5033
Details	md5	1	f382d0f92221831eeb39c108f8ccfa26
Details	IPv4	1	3.2.4.8
Details	IPv4	2	4.0.3.2
Details	IPv4	1	45.45.105.94
Details	IPv4	1	86.107.20.14
Details	IPv4	1	99.228.5.106
Details	IPv4	2	184.191.62.24
Details	IPv4	5	47.153.115.154
Details	IPv4	2	206.169.163.147
Details	IPv4	1	96.35.170.82
Details	IPv4	1	73.210.114.187
Details	IPv4	1	75.70.218.193
Details	IPv4	1	4.0.2.19
Details	IPv4	1	4.0.2.1
Details	IPv4	1	1.0.0.63
Details	IPv4	1	3.0.0.116
Details	IPv4	1	3.0.0.180
Details	IPv4	1	3.2.3.91
Details	IPv4	1	3.2.4.53
Details	IPv4	1	3.2.4.70
Details	IPv4	1	3.2.4.75
Details	IPv4	1	3.2.4.136
Details	IPv4	1	3.2.4.141
Details	IPv4	1	3.2.5.42
Details	IPv4	1	3.2.5.43
Details	IPv4	1	3.2.5.83
Details	IPv4	1	4.0.1.29
Details	IPv4	1	4.0.1.138
Details	IPv4	1	4.0.1.194
Details	IPv4	1	4.0.2.12
Details	IPv4	1	4.0.2.68
Details	IPv4	1	4.0.3.1
Details	IPv4	1	4.0.3.10
Details	IPv4	1	4.0.4.2
Details	IPv4	1	4.0.4.14
Details	IPv4	1	4.0.4.20
Details	IPv4	1	4.0.4.26
Details	IPv4	1	4.0.4.27
Details	IPv4	1	4.0.4.30
Details	IPv4	1	4.0.4.46
Details	IPv4	1	4.0.4.52
Details	IPv4	1	4.0.4.60
Details	IPv4	1	4.0.4.62
Details	IPv4	1	4.0.4.66