QBOT Configuration Extractor — Elastic Security Labs
Tags
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | c32ea5a7-575e-44ea-9e9a-83010f3f4905 |
| Fingerprint | 19b7b8793de50186 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 6, 2022, midnight |
| Added to db | Nov. 20, 2023, 1:02 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | QBOT Configuration Extractor |
| Title | QBOT Configuration Extractor — Elastic Security Labs |
| Detected Hints/Tags/Attributes | 19/1/12 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.elastic.co/security-labs/qbot-configuration-extractor |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 306 | ✔ | Elastic Security Labs | https://www.elastic.co/security-labs/rss/feed.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | datatype.domains |
|
| Details | File | 1 | qbot-config-extractor.tar |
|
| Details | File | 249 | schtasks.exe |
|
| Details | File | 3 | powershel1.exe |
|
| Details | sha256 | 1 | c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a |
|
| Details | IPv4 | 4 | 41.228.22.180 |
|
| Details | IPv4 | 2 | 47.23.89.62 |
|
| Details | IPv4 | 3 | 176.67.56.94 |
|
| Details | IPv4 | 2 | 103.107.113.120 |
|
| Details | IPv4 | 3 | 148.64.96.100 |
|
| Details | IPv4 | 2 | 47.180.172.159 |
|
| Details | IPv4 | 2 | 181.118.183.98 |