# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: qakbot, qbot

# Reference: http://www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99&tabid=2

abc-hobbies.com
acadubai.org
adserv.co.in
alfamex.com
b.nt002.cn
b.rtbn2.cn
b.tn001.cn
bckp01.in
boogiewoogiekid.com
buldrip.com
cdcdcdcdc212121cdsfdfd.com
cdcdcdcdc2121cdsfdfd.com
citypromo.info
du01.in
du02.in
ftp.acmeinformation.com
ftp.hunterscentral.com
ftp.periodicopuruvida.com
gator862.hostgator.com
googcnt.co.in
hostrmeter.com
inetrate.info
laststat.co.in
nt002.cn
nt010.cn
nt101.cn
nt13.co.in
nt16.in
nt17.in
nt20.in
nt202.cn
ppcimg.in
prstat.in
redserver.com.ua
s046.panelboxmanager.com
saper.in
spotrate.info
successful-marketers.com
swallowthewhistle.com
up002.cn
up003.com.ua
up004.cn
up01.co.in
up02.co.in
up03.in
whitepix.info
yimg.com.ua
zenpayday.com
zurnretail.com

# Reference: https://twitter.com/VK_Intel/status/1025017793245315072

webcoremetrics.com

# Reference: https://twitter.com/abuse_ch/status/1116023921894219778

d221-73-45.commercial.cgocable

# Reference: https://twitter.com/Bank_Security/status/1124209952019689472
# Reference: https://pastebin.com/pTXbXVnZ
# Reference: https://blog.talosintelligence.com/2019/05/qakbot-levels-up-with-new-obfuscation.html
# Reference: https://twitter.com/_Bear_Crawl_/status/1124357801906716672
# Reference: https://pastebin.com/Tq6ji8uV

lg.prodigyprinting.com
hp.prodigyprinting.com
layering.wyattspaintbody.net
painting.duncan-plumbing.com
rss.thulos.com
wordpress.4ainternacional.com
feedback.couponpx.com
10tillcom.montgomerytech.com

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (# Win.Dropper.Qakbot-6956539-0)

jpfdtbmvuygvyyrebxfxy.info
hknkmwfdngcfavzhqd.biz
ywubouysdukndoakclnr.org
uwujtnymeyeqovftsc.org
kaaovcddwmwwlolecr.org
ijdlykvhnvrnauvz.com
lunkduuumhmgpnoxkbcjqcex.org
hsyglhiwqfc.org
forumity.com
zebxhuvsz.com
yxssppysgteyylwwprsyyvgf.com
fcptxaleu.net
olosnxfocnlmuw.biz
cbqjxatxrumjpyvp.biz
sproccszyne.org
uschunmmotkylgsfe.biz
wgysvrmqugtimwhozoyst.biz
tkpxkpgldkuyjduoauvwoiwcg.org
cufgghfrxaujbdb.com

# Reference: https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html (# Win.Dropper.Qakbot-7079811-0)

aqksafpuovjyfrzit.org
aulmkpipscpopgwrtzhlnqmjk.info
bmbtgoova.com
cagkhrabktfwkuroydfwtta.org
doiknfcneeeydnyofyurzy.info
erbqfnvqsahyshygeglwhxhvd.org
hibqrywwciwhbks.net
jkijlzrsvic.com
jueafvkiigmul.org
mgpepssjlpytbdktejekl.net
nwocsvuw.net
pzsbodhuinrzhcjin.org
tvntnfczmfiewin.info
uofdwoxezbdujgadioqvy.net
vljfhvniqpl.org
vwsbvkpkzgsvyhapfcm.org
wlakhytkctowfowlzyehtt.net
wupgkipgaiu.biz
yaznaovutvzwgp.net
ymoabqpo.com
zqpbnjvmfkfzbyko.info

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.html (# Win.Dropper.Qakbot-7287972-0)

ageanrzekiycakzrswcq.com
cyiynudufvqmswxgtdkgyal.org
evvedpvqyno.net
fmncuwynktocekwqmthsr.net
hrmmnxigwodcsbqhcezedv.net
ocqfamsdr.org
ohfckvgylddiulbtgcrdijtpl.org
ohnzjsjoyxmkfpafaouujked.biz
qguuivkqppwohlzzvjv.org
rpagfveavil.com
tnqnpjthcwhhit.biz
utglavlafksmzfcniumfwwbm.biz
wpaoyqevfvmqquvpfwo.com
wyrlmssiybtkxemblgkturpw.net
zhkclrrbgufzsgljzohs.com

# Reference: https://twitter.com/killamjr/status/1183831240090312706

mottosfer.com
sosanhapp.com

# Reference: https://twitter.com/killamjr/status/1184219573664530437

ivoireboutique.net
newbestacademy.com

# Reference: https://twitter.com/DGAFeedAlerts/status/1186130743241707520

veadymnpvxjxzicecamltc.com

# Reference: https://www.vkremez.com/2018/07/lets-learn-in-depth-reversing-of-qakbot.html
# Reference: https://tria.ge/reports/191119-kdqwsphw2e/task1
# Reference: https://twitter.com/malware_traffic/status/1223044973836361729



content.markdutchinc.com

# Reference: https://twitter.com/reecdeep/status/1218172158633029632

deccolab.com
helpvan.su

# Reference: https://twitter.com/reecdeep/status/1222429871621709824

productsphotostudio.com/wp-content/uploads/2020/01/lane/444444.png

# Reference: https://twitter.com/ps66uk/status/1244784860927004672

stickit.ae/direct/444444.png
suaritmaservisi.co/direct/444444.png
worldplaces.in/direct/444444.png

# Reference: https://resources.baesystems.com/pages/view.php?ref=39115&k=46713a20f9

411foru.biz
411foru.com
411foru.info
411foru.net
411foru.org
aecfdpuspicop.biz
aifrbgvit.org
akurktsicohzxrfoynqaixspe.org
americansvoice.com
americasvoice.net
angelandthebackbeat.com
angelandthebackbeats.info
angelandthebackbeats.net
angelandthebackbeats.org
anthonybryanauthor.com
aoznszhhyhktgb.com
awtptzoblgkkdmfb.biz
ballbutter.com
bbostybfmaa.org
bdbprqhsomsonztxios.net
beverlyhillsaestheticplasticsurgery.com
beverlyhillsaestheticplasticsurgeryassociates.com
beverlyhillsshrinkwrapliposuction.com
bhapsa.com
bogtdrfdeqabyyxdg.net
bookhotelonlinetoday.com
boomer-talk.com
boomerstalk.com
boomersvoice.com
boomersvoice.net
brpnkctjvgdmnbwtv.biz
bryhitenwzmdtakavoofanp.org
bwzxubzdgaq.biz
bzkgskajhmcwrbk.net
candcbuilding.com
candcplumbing.com
casinobettingpoker.com
cecate.net
cio-inspired.com
cioemea.com
cioeurope.com
cioinnovate.com
cisoinspired.com
cmoinspired.com
cortezs.com
cortezs.net
costcoexpress.com
coxrwiuxkcausxnlbgjmakxrw.net
coxrwiuxkcausxnlbgjmakxrw.net
cpoinspired.com
creinspired.com
csgoclimb.ru
csgoevent.com
csgohs.ru
czkwuxvndxrjsprm.org
dandymanscrubs.com
dandyscrub.com
dandyscrubs.com
dejyjcwo.info
dfnchvkjlzlkdaygzdakqhn.info
dkdjezurex.org
doctorraffi.com
domandvilma.com
dpsjwmwzuwnicaq.biz
dpsjwmwzuwnicaq.biz
drhovsepian.com
drhovsepianbeverlyhillsbotchedme.com
drhovsepianbeverlyhillsbotchedmeup.com
drhovsepianbeverlyhillsexperience.com
drhovsepianbeverlyhillsreview.com
drhovsepianbeverlyhillsreviews.com
drhovsepianbotched.com
drhovsepianbotchedme.com
drhovsepianbotchedmeup.com
drhovsepianplasticsurgeon.com
drhovsepianplasticsurgery.com
drhovsepianreview.com
drhovsepianreviews.com
drhovsepianruinedme.com
drraffibeverlyhills.com
drraffibeverlyhillsbotched.com
drraffibeverlyhillsbotchedme.com
drraffibeverlyhillsbotchedmeup.com
drraffibeverlyhillsreview.com
drraffibeverlyhillsreviews.com
drraffibotched.com
drraffibotchedme.com
drraffibotchedmeup.com
drraffihovsepian.com
drraffihovsepianbeverlyhillsbotched.com
drraffihovsepianbeverlyhillsbotchedme.com
drraffihovsepianbeverlyhillsbotchedmeup.com
drraffihovsepianbeverlyhillsexperience.com
drufxhimmwwnfhegujbutyw.com
drufxhimmwwnfhegujbutyw.com
dslmkpgjvuisnqa.com
dslmkpgjvuisnqa.com
dtvsxudgnort.biz
dynamicwords.us
eeaforums.org
ejnkyujcazyyrehecjmox.net
engeniusforum.com
facilitiesmanagementforum.com
fbptaqbegdpqfkqeniulcz.com
felruzatqofkxlzkrskrbcilq.org
fgmbdteifejszcmn.org
fm-inspired.com
fminnovate.com
fmpevent.com
fobccpaug.org
frcblvtmpuygvxzdjsdw.net
gandhiprobably.com
gdfqutzvshhgzheqksxj.biz
gfapuxkfzsddekagqyvtibckx.org
gfsbfuaogfwrcvstpnvuskqjh.net
gilkeyphotography.com
gjcybzvmvir.com
gjcybzvmvir.com
gkvimqrvoscnuvggw.net
godbetter.com
godbigger.com
godonlinetv.com
gvyxwaslgliazuilhtyl.com
hbjzvgyej.org
hernandezenterprise.com
hernandezenterprise.info
hernandezenterprise.mobi
hernandezenterprise.net
hernandezenterprise.org
hhwkqccfvmbxvgsrfodzblfk.org
hihybiipewmutcpqjsnnn.org
hr-inspired.com
htibkjlyhffmhnetwvaia.net
hvjhbdtxslkr.net
hyfotrom.biz
hyfpcoogiuxackrjlvqfoa.org
iaahouston1.com
inspiredbusinessmedia.com
internetmarketingenterprise.net
izfrynscrek.net
jaxmksttqwcfycm.org
jdqmdauuzavhvzmchymtn.com
jekawtzb.net
jfgsifrptbirusgs.net
jghgaukpemdsitwrbkm.org
jhsjqyopeiivfjonxfd.com
justportraits.ca
jyemfaceteeg.info
kvwyoivqwydfdlpzd.org
kyimozmtezqaghxaqbykf.net
kzdmlrtrdfmuvyczjeoysnnr.com
lifewavechina.com
lifewavedenmark.com
lifewavedistributor.com
lifewaveforever.com
lifewaveindia.com
lifewaveuk.com
listentoamericans.com
listentoamericans.net
ljiececesruwqsiaafspjb.biz
ljiececesruwqsiaafspjb.biz
lowtechinternational.com
lssteedshlf.org
lzxrbgvcpdefafmtkmypd.org
marcelohernandez.net
marcelohernandez.org
messifootball.com
messimessimessi.com
messistar.com
messistars.com
mlmbonus.com
modernhide.com
mushroomalley.com
my-voice.net
myvoiceamerica.com
myvoiceusa.com
mzvmmsedkr.biz
naughtytimebooks.com
nknpagmexfmpivpfkej.org
nkwnfcvlqvouqyspcpfxdbmkv.org
nwqsckeoatb.biz
nyqvjyehgmyzwsutaoeqrzdff.net
oabtwabgoyatl.info
oeisvpck.com
ofcource.com
ohjnxkcqhyzcqxoxyrqsvmovb.org
ohnzjsjoyxmkfpafaouujked.biz
ohpjbauaztbcqjwbxyepjg.info
olecram.info
olecram.org
olecramproductions.info
olecramproductions.net
olecramproductions.org
onlineredwine.com
onlyportraits.com
onpzjbvxnbvuhrjbjb.info
osnyjaaliqdpegehd.com
oxpsuqkej.org
pgnioogwlucnv.com
pptyqmktluqnpameptwtzno.org
pqmqomkgjnfdng.org
pzmftmgqnxaqgrznm.net
qfdjjouamlbqtfyewaxci.org
qotavczeb.info
raymondelectronics.com
rdnzplgrz.net
reckchfhtndingqrynjdgpbjy.net
revivearizona.com
reviveindiana.net
reviveindiana.org
revivejerusalem.org
revivelondon.org
revivemilwaukee.org
reviveminnesota.com
reviveminnesota.info
reviveminnesota.net
reviveminnesota.org
revivemississippi.net
revivemississippi.org
revivemsp.org
reviverichmondca.org
revivesarasota.org
reviveseattle.org
revivesoutherncaribbean.com
revivesoutherncaribbean.org
revivetheholyland.com
revivetheholyland.org
revivethepromisedland.com
revivethepromisedland.org
revivetupelo.com
revivetupelo.org
revivetwincities.org
revivewisconsin.org
rhjbkrqiekhdxlgzrzdzw.net
riiqynnpolhrrqtjq.com
rkdxaovlaoltxnorwhtqo.com
rss.dimadimapress.com
rtachicago.com
rudedogbrewery.com
rudedogbrewery.info
rudedogbrewery.net
rudedogbrewery.org
rudedogbrewing.co
rudedogbrewing.net
rustywallacefordtennessee.com
saveonfordtrucks.com
saveonscion.com
saveontoyotas.com
sda-courier24.biz
sdacourier.info
senior-voice.com
sexlag.com
shehtaamozvljiemrijsgzff.com
shoprustywallace.com
shoprustywallaceford.com
silent-majority.net
simnewsdaily.com
sportsbettingrace.com
stat.nickspizzade.com
tnqnpjthcwhhit.biz
trackbonus.com
ttzioiyzupuntyceqbwqr.org
tybsrwyftchsd.biz
uisfhfwqrcsqcvo.org
uitutnmieyxfk.org
usobtaaxtdkpzqqvkahae.com
utalkhere.com
utalkhere.net
uvaphhxjmijvuvobqfezgnc.com
uvaphhxjmijvuvobqfezgnc.com
uzjwupjsjfpcezlchdsmzodkm.org
vcavovfkbnxdi.org
vpsbrubhqlrpqfnadsvc.net
vvdpprlurgnja.biz
vxozgiucpq.com
vyffojtfi.net
vzdrlswljtpgsmvddeehav.org
walmgvyongcjrfpjjlwiweyiv.biz
wolfgnards.com
wybmdazfdaapjtabgbamyuq.biz
xkwczygvqosxx.com
xykrgjnhkhjgpkdi.net
year2018.com
year2019.com
year2023.com
year2024.com
yliolxjywjpmtpxwkcsc.biz
yqwjvhxgaiszygziq.org
yqwjvhxgaiszygziq.org
yrkinsiwejn.biz
yuhjomyygtrbcr.info
zlczwkjposmtcawsga.org
zvwidimzmcbsrdbrtk.org
zwdhqcthdwlugocbiqn.info

# Reference: https://www.varonis.com/blog/varonis-discovers-global-cyber-campaign-qbot/

content.bigflimz.com
fixdoctorsfirst.net
help.postsupport.net
ontario.postsupport.net
portla.mlcsoft.com
qt.files.diggerspecialities.com
store.thecenterforyoga.com
store.birthtothreeipswich.org
uhfudshfduhsf.com

# Reference: https://twitter.com/Bank_Security/status/1121684786068611072

apps.theandroidstore.tv

# Reference: https://twitter.com/killamjr/status/1184564829140291584

baytk-ksa.com

# Reference: https://twitter.com/VK_Intel/status/1025017793245315072

webcoremetrics.com

# Reference: https://app.any.run/tasks/affb8f2b-864b-4919-94f9-628bb8de9c1c/

maishousemeovac.com

# Reference: https://twitter.com/Arkbird_SOLG/status/1230436957693632512

http://91.196.70.103

# Reference: https://twitter.com/shiftybitshiftr/status/1231422937799856128

qthrebadf.mrbonus.com

# Reference: https://twitter.com/Jouliok/status/1235446560735080449
# Reference: https://app.any.run/tasks/35172a93-5c37-44c2-aac8-7697c4682667/

murreeweather.com

# Reference: https://app.any.run/tasks/4e308047-6593-4aa7-9ca6-aab1d55d324f/

a-o-concepts.ch

# Reference: https://twitter.com/JAMESWT_MHT/status/1244933553151979520
# Reference: https://app.any.run/tasks/d1f38527-29f0-4367-8b65-68896c52ebf6/
# Reference: https://app.any.run/tasks/65300f66-2666-427f-815e-a155b346ceab/

stickit.ae/direct/444444.png
suaritmaservisi.co/direct/444444.png
t.unplugrevolution.com/articles/18928/2910.png
worldplaces.in/direct/444444.png

# Reference: https://twitter.com/ps66uk/status/1245050707180498947

worldsatellitemedia.com/tools/444444.png

# Reference: https://twitter.com/lazyactivist192/status/1246089064182435840

wizcapture.com/Branding/444444.png
swisscleantechreport.ch/Branding/444444.png
aaronfickling.com/Branding/444444.png
5.unplugrevolution.com/234/4324/43.png

# Reference: https://app.any.run/tasks/4eed74e1-5dd0-4a78-8e92-6a0351adf6e5/

darcscc.org/wp-content/themes/twentytwenty/ktfGuekkNp/cursors/444444.png
decorenovacion.cl/wp-content/plugins/ziss/classes/cursors/444444.png
kritids.com/assets/style/images/gradient/cursors/444444.png

# Reference: https://twitter.com/0xCARNAGE/status/1235716209540296704

samphaopet.com/wp-content/uploads/2020/02/idle/111111.png
icietdemain.fr/contents/2020/02/idle/222222.png
careers.sorint.it/idle/33333.png
uniluisgpaez.edu.co/wp-content/uploads/2020/02/idle/444444.png

# Reference: https://pastebin.com/3ZzD5N51

tubolso.cl/wp-content/uploads/2020/02/white/444444.png
samphaopet.com/wp-content/uploads/2020/02/idle/111111.png
icietdemain.fr/contents/2020/02/idle/222222.png
murreeweather.com/wp-content/white/444444.png

# Reference: https://twitter.com/wwp96/status/1234919547590905856

samphaopet.com/wp-content/uploads/2020/02/idle/444444.png

# Reference: https://twitter.com/wwp96/status/1230183193300676609

g2creditsolutions.com/trusty/444444.png

# Reference: https://twitter.com/wwp96/status/1229887414069579777

kantei-center.com/wp/wp-content/uploads/2020/02/safety/444444.png

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1227767571547590657

mostasharanetalim.ir/wp-content/uploads/2020/02/recent/444444.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1246109511473037312

darcscc.org/wp-content/themes/twentytwenty/ktfGuekkNp/cursors/444444.png
kritids.com/assets/style/images/gradient/cursors/444444.png
decorenovacion.cl/wp-content/plugins/ziss/classes/cursors/444444.png
4.unplugrevolution.com/189/24/4788.png

# Reference: https://twitter.com/lazyactivist192/status/1247179930821177344

a.assignmentproff.com/ashduhfudsf.png
corbucrochet.com/cursors/444444.png
stajer.eu/cursors/444444.png

# Reference: https://twitter.com/lazyactivist192/status/1247530680776417282
# Reference: https://app.any.run/tasks/23430199-4079-4202-a847-683ef164c392/

b.assignmentproff.com/amyceyaihd.png
kramo.pl/wp-content/plugins/apikey/slider/444444.png
wppunk.com/wp-content/uploads/2020/04/slider/444444.png
retroband.uk/wp-content/uploads/2020/04/slider/444444.png
almohadonera.clichead.club/slider/825381.zip

# Reference: https://pastebin.com/C9Jmzvdu

greenmagicbd.com/wp-content/themes/calliope/previous/444444.png
higigs.com/wp-content/themes/calliope/previous/444444.png
intermed19.com/wp-content/themes/calliope/previous/444444.png
dctechdelhi.com/wp-content/plugins/advanced-ads-genesis/previous/444444.png
himthailand.org/wp-content/themes/calliope/previous/444444.png
b.teamworx.ph/jksaho/wihf/3284.png

# Reference: https://pastebin.com/pN5DfFyS

millionsawesomeproducts.com/string/444444.png
common-factor.nl/string/444444.png
funpartyrent.com/string/444444.png
leukkado.be/string/444444.png
unik-evenements.fr/string/444444.png
d.teamworx.ph/1839/20/279.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1250473025012711424

greenmagicbd.com/wp-content/themes/calliope/previous/444444.png
higigs.com/wp-content/themes/calliope/previous/444444.png
intermed19.com/wp-content/themes/calliope/previous/444444.png
dctechdelhi.com/wp-content/themes/calliope/previous/444444.png
himthailand.org/wp-content/themes/calliope/previous/444444.png
b.teamworx.ph/jksaho/wihf/3284.png

# Reference: https://pastebin.com/hYd6S8YT
# Reference: https://otx.alienvault.com/pulse/5e97740b990dafad240cf9e7

bizzlon-realty.com/wp-content/themes/calliope/beads/444444.png
pakgt.com/wp-content/themes/calliope/beads/444444.png
marinerevetement.com/wp-content/themes/calliope/beads/444444.png
chattosport.com/wp-content/themes/calliope/beads/444444.png
a.coolbreeze.uk/213/312d/6748.png

# Reference: https://twitter.com/secret_return/status/1250574408566976512

/wp-content/themes/calliope/db.php?u=true
/wp-content/themes/calliope/wp-data.php
/wp-content/themes/calliope/wp_class_datalib.php

# Reference: https://twitter.com/ActorExpose/status/1252183338141601793
# Reference: https://app.any.run/tasks/be4a431b-fdb7-4dec-ad40-f67201493494/

greindustry.com
paceldelivery.express

# Reference: https://www.virustotal.com/gui/domain/automatischer-staubsauger.com/relations

automatischer-staubsauger.com

# Reference: https://www.virustotal.com/gui/file/9a8206be5f1eeca651f0d858f752fd84e7014ab561a3b7a8ad2a56971e5f338f/detection

anamikaindanegas.in
demo.caglificioclerici.com

# Reference: https://twitter.com/lazyactivist192/status/1252946567780319233
# Reference: https://pastebin.com/L0g5fRgv
# Reference: https://app.any.run/tasks/286bb4a8-6392-4b31-8e36-ae143522d0d6/

hasumvina.nrglobal.top/wp-content/themes/mapro/pump/55555.png
4mco.com.pk/wp/wp-content/themes/mapro/pump/55555.png
cloud.wmsinfo.com.br/wordpress/wp-content/themes/mapro/pump/55555.png
jeromenetpanel.ml/wp-content/themes/mapro/pump/55555.png
cheshirecheetah.com/wp-content/themes/mapro/pump/55555.png

# Reference: https://pastebin.com/7bYzetJF

170.82.210.138:2222
178.193.33.121:2222
184.167.2.251:2222
188.26.150.82:2222
195.162.106.93:2222
68.14.210.246:2222
72.204.242.138:50003
75.117.128.20:2222
atn24live.com/spool/8888.png
bg142.caliphs.my/spool/8888.png
afsholdings.com.my/spool/8888.png
alphapioneer.com/spool/8888.png
kbzsa.cn/wp-content/plugins/apikey/spool/8888.png

# Reference: https://pastebin.com/55uiNwYC

auxiliumassessoria.com.br/docs_tmj/8888.png
inglesdoribas.com.br/docs_cyq/8888.png
adamdtmassage.co.uk/docs_394/8888.png
adwokat-pleszka.pl/docs_v6n/8888.png
afterdrugs.life/docs_kxk/8888.png

# Reference: https://pastebin.com/BSe9sHVR

arcyten.cl/iulbxki/88888.png
beforeshithappens.com/docs_2re/55555.png
can-media.de/e/88888.png
cirugiagenital.com.mx/rrigg/88888.png
clair-salon.info/docs_xgy/55555.png
clubtempel.de/zeksv/88888.png
delmaestro.cl/uyc/88888.png
mytex.pe/phsse/88888.png
svvlive.com/docs_fbz/55555.png
themmacoach.com/wp-content/uploads/2020/04/docs_cv0/55555.png
tianmaouae.com/docs_9qu/55555.png
y-sani.com/docs_bcx/55555.png

# Reference: https://pastebin.com/SbZvFXPa

batdongsanbentre.com.vn/vbtbnvxnrl/22222.png
betopceo.com/ivbglae/22222.png
capath.vn/yxrw/22222.png
cerisiers.be/fczjua/22222.png
daricci.de/wp-content/uploads/2020/04/owkf/22222.png

# Reference: https://pastebin.com/Qsf0XmFj

tradingwithharmony.com/wp-content/uploads/2020/04/phsse/8888.png
moinmo.de/phsse/8888.png
herrfischer.me/phsse/8888.png
ngon10.com/phsse/8888.png
gmassurance.fr/wp-content/uploads/2020/04/phsse/8888.png

# Reference: https://app.any.run/tasks/173baaa3-8577-49a3-b525-04dddc3ed2a5/
# Reference: https://app.any.run/tasks/23781225-7661-48b5-a3bb-4f3c22b99252/

tristatehs.com
new.tristatehs.com

# Reference: https://app.any.run/tasks/20fdc52d-21bd-4a76-aa4e-0a0b6729c66f/

hotelbharatpurpalace.com/fjtpbqbq/88888.png

# Reference: https://pastebin.com/czHZP8AJ

beachtour14.fr/bpqlrau/2222.png
casadospa.com.br/wp-content/uploads/2020/05/fougrzbplzd/2222.png
chapaitoday.com/olsce/2222.png
ecogold.com.au/wp-content/uploads/2020/05/ggmjmxnvzabj/2222.png
en.goldwin1.ir/sysaasdyrwt/2222.png
cupid.ninja/jbwyga/3333.png
era.co.id/jwpgqgdwcg/3333.png
escriba.art/wp-content/uploads/2020/05/volbgwi/3333.png
flowersforfuneral.net/zkqsxgiuc/3333.png
ftluae.com/wp-content/uploads/2020/05/nkwyacugcyjt/3333.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1258057381637955586
# Reference: https://app.any.run/tasks/84e1beae-8ca6-484e-9124-c9ffd0116307/

alhussain.pk/ioxix/88888.png
beta.enerbras.com.br/muvolifvmg/88888.png
blog.saigon247.vn/wp-content/uploads/2020/05/axtcud/88888.png
it.shopforever.pk/ewbaleo/88888.png
limonauto.com.ua/gdjcigc/88888.png

# Reference: https://pastebin.com/j5tcBGZR

p2b.in/tpgcy/6666.png
cjemskayyoor.com/wp-content/uploads/2020/05/yaakhc/6666.png
cosmea.pl/wp-content/uploads/2020/05/lqauk/6666.png
hobsnchimney.in/dawfxassh/6666.png
hyundainamdinh.org/wp-content/uploads/2020/05/nxacxffh/6666.png

# Reference: https://pastebin.com/jmh7jtHb

landing1.allencarr.co.il/wp-content/themes/danfe/itfmy/4444.png
laraib.freelancefront.com/wp-content/themes/danfe/seobfszigf/4444.png
learn.milwayresources.com/wp/wp-content/plugins/wp-block-pack/yaziwtgpugnl/4444.png
kazemart.com/wp-content/themes/danfe/eupsvyto/4444.png
kenfendi.com/wp-content/themes/danfe/abfbbq/4444.png

# Reference: https://pastebin.com/NfiYEGRW

datphatlocsg.com/wp-content/uploads/2020/05/scfcgmbjsv/77777.png
moydom.md/wp-content/uploads/2020/05/hflhgo/77777.png
renobarapp.es/wp-content/uploads/2020/05/ahrtqqlwe/77777.png
league265.com/awoaokzq/77777.png
doryfotografia.com/wordpress_1/valoub/77777.png

# Reference: https://pastebin.com/drJgf5aZ

conference.vlgprojects.ru/fsxijcpft/5555.png
sjabbens.xyz/wp-content/uploads/2020/05/xngij/5555.png
telefonrammen.dk/pcixoheru/5555.png
vdovira.net.ua/qjzcgusihgg/5555.png
formationcap.tn/wp-content/uploads/2020/05/avxvwjxvpzh/5555.png

# Reference: https://pastebin.com/55RY1qcm

fitoluri.cat/wp-content/themes/twentyseventeen/inc/turns/55555.png
mrdgrupointegral.com/wp-content/themes/twentytwenty/inc/turns/55555.png
demo.dehliwalalunch.com/wp-content/themes/twentyseventeen/inc/turns/55555.png
dr-nano.ir/wp-content/themes/twentytwenty/classes/turns/55555.png
bondarenkopjatk.ru/wp-content/themes/twentyseventeen/inc/turns/55555.png

# Reference: https://pastebin.com/PwQfddsP

new.myoc.com.au/pqurjvfpjl/8888888.png
uhuru.online/krtxtkiajk/8888888.png
one2onedriving.co.uk/zxzhmxut/8888888.png
kancelariaziolkowscy.pl/xfyinzwfwqv/8888888.png
shop.luisvillalonga.com/fztdvmyodegs/8888888.png

# Reference: https://pastebin.com/15vppTwk

idea-development.ru/afqwno/8888888.png
rifey-zlat.ru/oezwkp/8888888.png
m.alt-hospital.ru/dsancifk/8888888.png
6pond.com/yjssrdxwb/8888888.png
redletterliving.org/iqoehhnywvt/8888888.png

# Reference: https://twitter.com/ffforward/status/1268905190041759744

test.acdlec.be/ilxjzhky/8888888.png

# Reference: https://pastebin.com/HkmkarTG
# Reference: https://app.any.run/tasks/68251632-8093-4ae1-9a33-99c8b2437e21/

salwadm.com/tcphx/8888888.png
flipkenya.com/nujazbwrhjy/8888888.png
10x45.com/zfbjvvqxktx/8888888.png
iamployed.nl/lbbiujdyjy/8888888.png
aptociudadamuralladacartagena.com/gddqez/8888888.png
autoescolaciganos.com.br/gezzf/8888888.png

# Reference: https://twitter.com/lazyactivist192/status/1271079253988093953
# Reference: https://pastebin.com/Kx6ADJ3z

amandadecardy.com/NSUEdD/wp-includes/js/tinymce/plugins/directionality/pdvav/8888888.jpg
ameliasmoments.com/wp-includes/js/thickbox/wifgyfro/8888888.jpg
digitalschoolfaridabad.in/courses/images/parallax/mjogqxakfxg/8888888.jpg
sometechsense.com/wp-includes/js/tinymce/plugins/wptextpattern/tbpfdfelf/8888888.jpg
uniquehindunames.com/wp-content/uploads/cnesco/8888888.jpg

# Reference: https://twitter.com/JAMESWT_MHT/status/1271486893188886531
# Reference: https://pastebin.com/L8JGi5nE

leeephee.top
withifceale.top
wpsnoum.pw
wsaexdig.pw
xeemoquo.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1272522078252609538
# Reference: https://pastebin.com/wfQduHVS
# Reference: https://app.any.run/tasks/c5fe9c77-58b8-4e45-9df9-a0fa5e41a627/

sehgalestates.co.in/zvufsph/8888888.png
dentixdentalcare.com/ftoddj/8888888.png
fooodshooters.com/enlokgqs/8888888.png
new.carfinancehotline.ca/lqjdqsckuihv/8888888.png
altuspsg.com/fyhhqlmq/8888888.png

# Reference: https://twitter.com/Bank_Security/status/1272787094319095809

w1.plenimusic.com/fakes/

# Reference: https://twitter.com/0xCARNAGE/status/1274062746716438528
# Reference: https://app.any.run/tasks/78977d8c-8907-418d-87ae-bfbddd3d611d/

savemall.store/shiolmqj/33333333.png
tshirtstirupur.com/zbdmzdogdptt/33333333.png
maxacerna.org/ekasrroy/33333333.png
kwickshop.co.tz/lwhtksmfrbyh/33333333.png
paschalhildreth.com/bnqcndfbrfc/33333333.png

# Reference: https://pastebin.com/sEPSHH4j

test.africanamericangolfersdigest.com/kkmthjsvf/5555555.png
frankiptv.com/liehyidqtu/5555555.png
klubnika-malina.by/utgritefmjq/5555555.png
centr-toshiba.by/wogvynkombk/5555555.png
marokeconstruction.com.au/hhmzmlqct/5555555.png

# Reference: https://app.any.run/tasks/26bee149-383f-4e98-91b9-3f1a36f821e6/

digisham.ir/cbroi/33333333.png
renukagraphics.com/ttgoccwx/33333333.png
tempusout.co.uk/qqzweuuwqo/33333333.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1275434967418327041

girandolegiobas.it/jvhum/33333333.png

# Reference: https://app.any.run/tasks/133c6579-ee89-45d8-ad4b-ab64bac3a9e7/

40chorr.com/xlgkqwjt/8888888.png

# Reference: https://pastebin.com/WVeqdZu6

hospitaisipiranga.com.br/ewtxh/8888888.png
tahanikhawaji.com/imbya/8888888.png
whichworx.com/bmktzamm/8888888.png

# Reference: https://blog.morphisec.com/qakbot-qbot-maldoc-two-new-techniques
# Reference: https://otx.alienvault.com/pulse/5f40159bcca40ac86178f5a1

forum.insteon.com/suowb/111111.png
marineworks.eu/dwaunrsamlbq/111111.png
nashsbornik.com/rqzvoxtjyhw/555555.png
craniotylla.ch/vzufnt/111111.png
atsepetine.com/evuyrurweyib/555555.png
studiomascellaro.it/wnzzsbzbd/111111.png
nanfeiqiaowang.com/tsxwe/111111.png
maplewoodstore.com/rmwclxnbeput/555555.png
quickinsolutions.com/wfqggeott/111111.png
ankaramekanlari.net/vmnzwr/555555.png
rijschoolfastandserious.nl/rprmloaw/111111.png
akindustrieschair.com/smuvtnrgvmd/55555.png
optovik.store/bkatah/555555.png
akersblog.top/kipql/555555.png
quoraforum.com/btmlxjxmyxb/111111.png
duvarsaatcisi.com/gbmac/555555.png
all-instal.eu/mgpui/555555.png
store.anniebags.com/qyvbyjaiu/555555.png
bronco.is/pdniovzkgwwt/111111.png

# Reference: https://www.virustotal.com/gui/file/c11dccbc459882fa6098a1022c5bb187890ea4ab6ef60d69a11af722ab6699e2/detection

poxclip.com

# Reference: https://research.checkpoint.com/2020/exploring-qbots-latest-attack-methods/
# Reference: https://otx.alienvault.com/pulse/5f484a9c3331ef2fad5e0b74

klubnika-malina.by
centr-toshiba.by
kiesow-auto.de
fortinet-cloud.com
requirejscdn.com
frankiptv.com
factory-hot.com
cersomab.com
marokeconstruction.com.au
callunaconycatcher.com
chs.zarifbarbari.com
asn.crs.com.pa
backup.justthebooks.com
test.africanamericangolfersdigest.com

# Reference: https://twitter.com/malware_traffic/status/1303845647691505667
# Reference: https://pastebin.com/XV3PCBTH

acrinetshop.com.br/arnphkv/55555555.png
anawabighschool.com/lipun/55555555.png
dellenbene.de/wpfsjfcrp/55555555.png
emulatorgame.ir/ocdxvkhvmtjx/55555555.png
evutt.ee/imjzrilmu/55555555.png
hillsborobookkeeping.com/yowyvoux/55555555.png
lojacorpoemente.com.br/beuefuqpd/55555555.png
papadeilumi.it/kupmmngtbbn/55555555.png
sulduzkhabar.ir/fhrhowc/55555555.png
talantinua.com/apawn/55555555.png
corbettasalvatore.com/bolcv/55555555.png
crippacostruzioni.it/jnatzwzp/55555555.png
pauwstoffering.nl/pqwwmqzgjot/55555555.png
serramentispada.it/odisaehjgg/55555555.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1310629325285322752

condochicks.com/ynwnx/222222.png

# Reference: https://twitter.com/j_dubp/status/1310604638404710401

mahathi2.ondemandcreative.com/24.gif

# Reference: https://otx.alienvault.com/pulse/5f734f0ea4be892f4e48a71e

donostiayocio.com/jqmapuowktbb/555555555555.png

# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-09-28-Qakbot-IOCs.txt

condochicks.com/ynwnx/222222.png
ideskonline.com/vzpcwa/222222.png
matterandhome.com/twtao/222222.png
pramars.xyz/psswhqxs/222222.png
exploshot.com/24.gif
foundation.shanto-mariamfoundation.org/24.gif
mahathi2.ondemandcreative.com/24.gif
staging.stikbot.toys/24.gif
pramars.xyz

# Reference: https://twitter.com/ps66uk/status/1313495882495655936
# Reference: https://app.any.run/tasks/5723181d-5681-44e1-b166-08ed4daf7eb1/
# Reference: https://www.virustotal.com/gui/file/be22c42d30ca60a3839bac35e79917944ba74f3912e7327093fd1006c840089e/detection

etlapgyartas.hu/0510.gif

# Reference: https://twitter.com/JAMESWT_MHT/status/1314186304414986240
# Reference: https://app.any.run/tasks/a6075bef-0ca8-4565-bb7e-e2091ffbb979/

rapidlending.club/0810.gif

# Generic

/TealeafTarget.php
/treusparq.php
/tpan/azep.php
/uQnED83/tltZT3.php
/tltZT3.php
/vbtbnvxnrl/22222.png
/ivbglae/22222.png
/yxrw/22222.png
/fczjua/22222.png
/owkf/22222.png
/bpqlrau/2222.png
/fougrzbplzd/2222.png
/olsce/2222.png
/ggmjmxnvzabj/2222.png
/sysaasdyrwt/2222.png
/ynwnx/222222.png
/ynwnx/222222.png
/vzpcwa/222222.png
/twtao/222222.png
/psswhqxs/222222.png
/jbwyga/3333.png
/jwpgqgdwcg/3333.png
/volbgwi/3333.png
/zkqsxgiuc/3333.png
/nkwyacugcyjt/3333.png
/cbroi/33333333.png
/jvhum/33333333.png
/ttgoccwx/33333333.png
/qqzweuuwqo/33333333.png
/bnqcndfbrfc/33333333.png
/ekasrroy/33333333.png
/lwhtksmfrbyh/33333333.png
/shiolmqj/33333333.png
/zbdmzdogdptt/33333333.png
/itfmy/4444.png
/seobfszigf/4444.png
/yaziwtgpugnl/4444.png
/eupsvyto/4444.png
/abfbbq/4444.png
/beads/444444.png
/previous/444444.png
/slider/444444.png
/string/444444.png
/differ/999999.png
/ahrtqqlwe/77777.png
/awoaokzq/77777.png
/hflhgo/77777.png
/scfcgmbjsv/77777.png
/valoub/77777.png
/feature/777777.png
/tpgcy/6666.png
/yaakhc/6666.png
/lqauk/6666.png
/dawfxassh/6666.png
/nxacxffh/6666.png
/pump/55555.png
/spool/8888.png
/docs_tmj/8888.png
/docs_cyq/8888.png
/docs_394/8888.png
/docs_v6n/8888.png
/docs_kxk/8888.png
/cnesco/8888888.jpg
/mjogqxakfxg/8888888.jpg
/pdvav/8888888.jpg
/tbpfdfelf/8888888.jpg
/wifgyfro/8888888.jpg
/fztdvmyodegs/8888888.png
/ilxjzhky/8888888.png
/krtxtkiajk/8888888.png
/pqurjvfpjl/8888888.png
/xfyinzwfwqv/8888888.png
/zxzhmxut/8888888.png
/fyhhqlmq/8888888.png
/afqwno/8888888.png
/oezwkp/8888888.png
/dsancifk/8888888.png
/yjssrdxwb/8888888.png
/iqoehhnywvt/8888888.png
/tcphx/8888888.png
/nujazbwrhjy/8888888.png
/zfbjvvqxktx/8888888.png
/lbbiujdyjy/8888888.png
/gddqez/8888888.png
/gezzf/8888888.png
/zvufsph/8888888.png
/ftoddj/8888888.png
/enlokgqs/8888888.png
/lqjdqsckuihv/8888888.png
/xlgkqwjt/8888888.png
ewtxh/8888888.png
/imbya/8888888.png
/bmktzamm/8888888.png
/fsxijcpft/5555.png
/turns/55555.png
/xngij/5555.png
/pcixoheru/5555.png
/qjzcgusihgg/5555.png
/avxvwjxvpzh/5555.png
/docs_2re/55555.png
/docs_9qu/55555.png
/docs_bcx/55555.png
/docs_cv0/55555.png
/docs_fbz/55555.png
/docs_xgy/55555.png
/kkmthjsvf/5555555.png
/liehyidqtu/5555555.png
/utgritefmjq/5555555.png
/wogvynkombk/5555555.png
/hhmzmlqct/5555555.png
/arnphkv/55555555.png
/lipun/55555555.png
/wpfsjfcrp/55555555.png
/ocdxvkhvmtjx/55555555.png
/imjzrilmu/55555555.png
/yowyvoux/55555555.png
/beuefuqpd/55555555.png
/kupmmngtbbn/55555555.png
/fhrhowc/55555555.png
/apawn/55555555.png
/bolcv/55555555.png
/jnatzwzp/55555555.png
/pqwwmqzgjot/55555555.png
/odisaehjgg/55555555.png
/e/88888.png
/fjtpbqbq/88888.png
/iulbxki/88888.png
/phsse/88888.png
/rrigg/88888.png
/uyc/88888.png
/zeksv/88888.png
/ioxix/88888.png
/muvolifvmg/88888.png
/axtcud/88888.png
/ewbaleo/88888.png
/gdjcigc/88888.png
/bkatah/555555.png
/btmlxjxmyxb/111111.png
/dwaunrsamlbq/111111.png
/evuyrurweyib/555555.png
/gbmac/555555.png
/kipql/555555.png
/mgpui/555555.png
/pdniovzkgwwt/111111.png
/qyvbyjaiu/555555.png
/rmwclxnbeput/555555.png
/rprmloaw/111111.png
/rqzvoxtjyhw/555555.png
/smuvtnrgvmd/55555.png
/suowb/111111.png
/tsxwe/111111.png
/vmnzwr/555555.png
/vzufnt/111111.png
/wfqggeott/111111.png
/wnzzsbzbd/111111.png
/rqfardzsgihu/555555555.png
/jqmapuowktbb/555555555555.png

# IP connections

104.153.240.6:2222
104.173.119.54:2222
104.174.71.153:2222
104.221.4.11:2222
104.32.185.213:2222
107.15.153.110:8443
108.184.57.213:8443
108.190.151.108:2222
109.106.69.138:2222
109.209.94.165:2222
111.125.70.30:2222
116.30.4.51:2222
116.72.208.166:2222
116.72.213.83:2222
118.93.167.173:2222
119.157.106.105:3389
120.147.65.97:2222
120.147.83.120:2222
122.148.156.131:995
130.25.130.19:2222
142.117.191.18:2222
144.202.38.185:2222
144.202.38.185:995
146.199.132.233:2222
146.200.250.17:2222
146.200.250.36:2222
149.28.101.90:2222
149.28.101.90:8443
149.28.101.90:995
149.28.98.196:2222
149.28.98.196:995
149.28.99.97:2222
149.28.99.97:995
150.143.128.70:2222
151.242.43.85:32103
151.242.62.59:32103
166.62.180.194:2078
171.100.86.168:2222
172.115.177.204:2222
172.58.107.229:2222
172.87.157.235:3389
173.163.115.89:2078
173.18.126.193:2222
173.197.22.90:2222
173.21.10.71:2222
173.22.120.11:2222
173.22.125.129:2222
173.247.186.90:2087
173.26.65.44:50010
174.30.165.242:2222
174.34.67.106:2222
176.193.14.165:2222
176.202.187.129:61201
176.205.222.30:2078
176.205.222.30:2222
176.223.0.185:2222
176.223.35.19:2222
176.223.43.145:2222
176.223.7.75:2222
178.193.33.121:2222
178.193.38.188:2222
182.190.19.241:3389
183.82.100.249:2222
184.167.2.251:2222
184.180.157.203:2222
184.191.61.13:32100
184.90.139.176:2222
186.47.208.238:50000
186.94.173.62:2078
187.194.16.208:2222
187.250.238.164:995
188.127.231.114:2222
188.25.223.107:2222
188.25.233.157:2222
188.26.150.82:2222
188.26.178.176:2222
188.27.166.186:2222
188.52.106.206:20
189.163.230.27:2222
189.222.216.44:443
189.222.59.177:443
189.250.115.177:2222
190.198.124.212:2078
190.204.58.240:2078
190.75.167.44:2222
190.75.173.8:2078
193.248.221.184:2222
193.248.44.2:2222
195.162.106.93:2222
195.6.1.154:2222
196.194.28.127:2222
196.194.74.33:2222
196.194.76.68:2222
196.194.77.181:2222
196.194.84.165:2222
196.221.15.34:6881
196.221.207.137:995
197.210.96.222:995
197.45.110.165:995
2.232.253.79:995
2.45.53.40:2222
2.50.153.20:2222
2.50.159.112:2222
2.50.161.6:2222
2.50.47.97:2222
2.7.116.188:2222
2.7.202.106:2222
2.7.65.32:2222
2.7.69.217:2222
2.86.41.23:2222
200.140.154.174:2222
201.209.0.55:2078
201.209.218.89:2078
201.209.22.209:2078
201.209.4.83:2078
201.248.122.51:2078
206.51.202.106:5000
206.51.202.106:50002
206.51.202.106:50003
207.246.116.237:2222
207.246.116.237:8443
207.246.116.237:995
207.246.77.75:2222
207.246.77.75:8443
207.246.77.75:995
207.255.161.8:2078
207.255.161.8:2087
207.255.161.8:2222
207.255.161.8:32100
207.255.161.8:32102
207.255.161.8:32103
209.182.121.133:2222
209.210.187.52:995
213.120.109.73:2222
213.31.203.38:2222
216.137.140.236:2222
216.150.207.100:2222
216.21.168.27:32101
216.21.168.27:50000
216.215.77.18:2078
216.221.73.45:2222
216.8.170.82:2222
217.133.54.140:32100
217.165.164.57:2222
220.135.31.140:2222
222.195.69.36:2078
23.49.13.33:7000
24.100.46.201:2222
24.110.14.40:3389
24.136.33.120:2222
24.184.5.251:2222
24.184.6.58:2222
24.201.61.153:2078
24.201.68.105:2078
24.201.68.105:2087
24.201.79.208:2078
24.202.42.48:2222
24.203.221.252:2222
24.203.36.180:2222
24.203.64.26:2222
24.228.185.224:2222
24.229.150.54:995
24.231.54.185:2222
24.26.1.14:2222
24.27.82.216:2222
24.44.142.213:2222
24.44.180.236:2222
24.46.40.189:2222
31.50.210.205:2222
31.53.49.169:2222
35.142.12.163:2222
35.142.24.147:2222
37.116.152.122:2222
37.182.238.170:2222
37.210.160.50:61201
45.32.211.207:2222
45.32.211.207:8443
45.32.211.207:995
45.37.57.119:2222
45.45.51.182:2222
45.46.53.140:2222
45.63.107.192:2222
45.63.107.192:995
45.67.231.247:995
45.77.115.208:2222
45.77.115.208:8443
45.77.115.208:995
45.77.117.108:2222
45.77.117.108:8443
45.77.117.108:995
47.39.177.171:2222
47.48.236.98:2222
49.144.81.46:8443
49.28.99.97:2222
5.107.144.131:2222
5.107.157.6:2222
5.107.208.94:2222
5.107.229.6:2222
5.107.232.32:2222
5.12.213.152:2222
5.12.214.109:2222
5.14.44.173:2222
5.15.90.159:2222
5.193.175.12:2078
5.193.178.241:2078
5.193.181.221:2078
5.193.61.212:2222
5.233.222.211:61202
5.233.232.81:61202
5.89.115.73:2222
50.198.141.161:2078
50.29.166.232:995
51.9.198.164:2222
54.36.108.120:65400
62.38.111.70:2222
63.155.9.141:995
63.230.11.201:2083
63.230.2.205:2083
64.72.102.10:2222
65.100.247.6:2083
65.169.66.123:2222
65.30.213.13:6882
66.25.168.167:2222
66.76.255.133:2078
67.200.146.98:2222
67.209.195.198:3389
67.214.201.117:2222
67.5.33.229:2078
67.60.113.253:2222
67.7.2.109:2222
67.82.244.199:2222
67.83.122.112:2222
67.83.54.76:2222
67.87.38.242:2222
68.14.210.246:22
68.14.210.246:2222
68.207.33.232:2222
68.207.39.244:2222
69.58.147.82:2078
70.123.92.175:2222
70.168.130.172:995
70.21.182.149:2222
70.54.25.76:2222
70.62.160.186:6883
70.74.159.126:2222
70.95.94.91:2078
70.95.94.91:2222
71.12.214.209:2222
71.163.224.206:443
71.217.112.41:2222
71.220.186.241:2222
71.221.224.19:2222
71.222.141.81:61200
71.41.184.10:3389
71.57.230.51:50000
71.69.128.2:2222
71.77.252.14:2222
72.204.242.138:2078
72.204.242.138:2087
72.204.242.138:32100
72.204.242.138:32102
72.204.242.138:50001
72.204.242.138:50003
72.204.242.138:53
72.204.242.138:6881
72.224.213.98:2222
72.231.224.122:2222
72.240.200.181:2222
72.255.200.129:2222
72.255.200.69:2222
72.29.181.77:2078
72.29.181.77:2083
72.29.181.77:2222
72.29.181.78:2078
72.36.59.46:2222
73.152.213.187:80
73.183.145.218:2222
73.216.60.90:2222
73.25.124.140:2222
74.222.204.82:995
74.73.120.197:443
74.88.112.250:2222
74.90.76.128:2222
75.109.193.173:2087
75.109.193.173:8443
75.131.72.82:2087
75.161.36.21:2222
75.165.112.82:50002
75.182.220.196:2222
75.183.171.155:3389
75.86.193.144:2222
76.14.129.53:2222
76.172.59.56:2222
76.182.33.43:2222
76.187.97.98:2222
76.67.162.70:2222
76.86.57.179:2222
76.94.200.148:995
77.132.113.187:2222
77.211.30.202:995
77.27.204.204:995
78.94.55.26:50003
79.129.252.62:2222
79.166.83.103:2222
80.106.85.24:2222
80.11.173.82:8443
80.11.5.65:2222
80.14.209.42:2222
80.195.103.146:2222
81.133.234.36:2222
81.147.42.176:2222
81.147.42.195:2222
81.147.42.227:2222
81.150.181.168:2222
81.214.126.173:2222
82.12.157.95:995
82.127.125.209:990
82.127.193.151:2222
82.77.169.118:2222
83.110.108.100:2222
83.110.108.161:2222
83.110.108.181:2222
83.110.108.38:2222
83.110.109.155:2222
83.110.109.164:2222
83.110.109.252:2222
83.110.12.140:2222
83.110.9.71:2222
83.196.56.65:2222
83.202.68.220:2222
83.25.10.201:2222
83.25.14.84:2222
83.25.18.252:2222
83.25.3.51:2222
83.25.31.13:2222
83.79.2.218:2222
84.232.252.202:2222
84.247.55.190:8443
84.78.128.76:2078
85.132.36.111:2222
85.25.211.31:65400
85.52.72.32:2222
85.58.200.50:2222
85.7.22.186:2222
86.121.121.14:2222
86.121.95.169:2222
86.121.95.197:2222
86.122.251.89:2222
86.122.254.67:2222
86.123.95.59:2222
86.125.140.0:2222
86.126.108.242:2222
86.126.97.183:2222
86.127.144.244:2222
86.153.98.125:2222
86.153.98.2:2222
86.153.98.35:2222
86.153.98.37:2222
86.153.98.75:2222
86.163.174.7:2222
86.182.234.245:2222
86.183.127.100:2222
86.218.67.235:2222
86.220.60.133:2222
86.220.60.247:2222
86.220.62.251:2222
86.233.4.153:2222
86.236.77.68:2222
86.248.16.253:2222
86.97.146.204:2222
86.98.49.75:2078
86.98.89.78:2222
86.98.93.124:2078
87.115.53.122:2222
87.202.87.210:2222
88.106.237.152:2222
88.111.255.235:2222
89.137.211.239:995
89.35.93.254:2222
89.45.102.218:2222
90.101.117.122:2222
90.101.62.189:2222
90.174.217.251:2222
90.175.88.99:2222
90.43.120.113:2222
90.43.6.185:2222
90.65.234.26:2222
90.65.236.181:2222
90.68.84.121:2222
92.1.83.210:2222
92.137.138.52:2222
92.154.83.96:2078
92.154.83.96:2222
92.17.167.87:2222
92.5.146.37:2222
92.59.35.196:2222
93.118.214.168:2222
93.149.253.201:2222
96.20.108.17:2222
96.20.238.2:2078
96.20.238.2:2083
96.20.238.2:2087
96.20.238.2:2222
96.20.238.2:61201
96.21.251.127:2222
96.22.239.27:2222
96.23.62.35:2222
96.27.47.70:2222
96.35.170.82:2078
96.35.170.82:2222
96.56.237.174:32103
96.57.188.174:2222
97.127.144.203:2222
97.69.160.4:2222
97.84.210.38:2222
98.16.70.197:2222
98.207.89.76:2222
98.23.52.168:2222
98.30.44.223:2222

# Reference: https://app.any.run/tasks/b9a2ae6f-4feb-451d-adbf-779e82c45009/

piket.smkyaspim.sch.id

# Reference: https://app.any.run/tasks/7c061adf-e2e1-45b3-91dc-81151117dd9d/

citycarmen.com/lvhyf/

# Reference: https://blog.malwarebytes.com/cybercrime/2020/11/qbot-delivered-via-malspam-campaign-exploiting-us-election-uncertainties/

http://95.77.144.238
china.asiaspain.com/tertgev/1247015.png

# Reference: https://twitter.com/ankit_anubhav/status/1324306444334764033
# Reference: https://app.any.run/tasks/84f1e2cb-577f-4582-9cd8-36e92d60b897/

nics.co.id/yftxdru/1254750.png

# Reference: https://www.virustotal.com/gui/ip-address/172.87.157.235/relations

http://172.87.157.235/t3

# Reference: https://twitter.com/dark0pcodes/status/1327297011155152896
# Reference: https://twitter.com/1ZRR4H/status/1327358754501877762
# Reference: https://twitter.com/dark0pcodes/status/1333788584009101315
# Reference: https://twitter.com/jfslowik/status/1336354790192758785

cloudplatformsnq.com
fortinet-cloud-storage.com
fortinet-storage.com
fortinet-storage-class.com
/wbj/crt/uadmin/adm.php

# Reference: https://twitter.com/jstrosch/status/1332576642493984769

/lxjhux/923753.jpg

# Reference: https://www.virustotal.com/gui/file/a07e0fbaa48ba6e7fed7f97d46e32d78fe45f0a64fe0c59661ca12a1122b6057/detection
# Reference: https://www.virustotal.com/gui/domain/auroratd.cf/relations

auroratd.cf

# Reference: https://twitter.com/p5yb34m/status/1334216244308844545
# Reference: https://twitter.com/InQuest/status/1334427406027927553
# Reference: https://twitter.com/dms1899/status/1334420005887291392
# Reference: https://twitter.com/malware_traffic/status/1334969751509094402
# Reference: https://twitter.com/baberpervez2/status/1334653257197768704
# Reference: https://twitter.com/malware_traffic/status/1336136217004478465

/acavskwwkh/423323.jpg
/mmyubbktjopl/423323.jpg
/sqkqkx/423323.jpg
/eksmablcflfg/423323.jpg
/bxdskxok/423323.jpg
/rrblvgkx/423323.jpg
/uqiyr/423323.jpg
/yvwyz/423323.jpg
/nkmqsjd/904400.jpg
/aflwjjneuxg/904400.jpg
/mjbgpabrmph/590906.jpg
/glpmfgve/590906.jpg
/jjjjrfkb/590906.jpg
/uxpjm/590906.jpg
/cnevzpw/590906.jpg
/pmiore/590906.jpg
/wrfebtq/590906.jpg
/wlbleqhpxy/590906.jpg

# Reference: https://app.any.run/tasks/aab68f80-e4df-46cd-9dd6-8f6127336a0f/

/svgqcnjto/590906.jpg

# Reference: https://twitter.com/killamjr/status/1338924486419165186

ventas.website
/lewhqfhdky/5555555555.jpg

# Reference: https://twitter.com/MSteve25/status/1339181272812441601
# Reference: https://twitter.com/Mesiagh/status/1338946344174538752
# Reference: https://twitter.com/bit_dam/status/1341820952196251648

/aypgwsssu/5555555555.jpg
/criizszfsx/5555555555.jpg
/ddqgokffk/5555555555.jpg
/dubpsw/5555555555.jpg
/fvrxhmox/5555555555.jpg
/hjqipbuqsis/5555555555.jpg
/ozkuclxvlgjf/5555555555.jpg
/svwcp/5555555555.jpg
/xhrcex/5555555555.jpg
/zhsvrgfcs/5555555555.jpg

# Reference: https://twitter.com/reecdeep/status/1339973819470114823

demex.ro
onelink.com.bd/ds/1712.gif
/ds/1712.gif

# Reference: https://twitter.com/reecdeep/status/1352267772886216709
# Reference: https://tria.ge/210121-napv9vzmda

bbpqtf.com/qextstpcuumf/5555555555.jpg
digital-box.fr/hjmrcv/5555555555.jpg
leafybuy.com/norzygt/5555555555.jpg
rishtee.com/zbpxyo/5555555555.jpg
webdevelopmentinlahore.com/whoqvn/5555555555.jpg
/hjmrcv/5555555555.jpg
/norzygt/5555555555.jpg
/qextstpcuumf/5555555555.jpg
/whoqvn/5555555555.jpg
/zbpxyo/5555555555.jpg

# Reference: https://www.virustotal.com/gui/file/43fae3b384cd8ca7215b4baf9fd92d753be82b8eaf534b61b9762ee0f5843107/detection
# Reference: https://www.virustotal.com/gui/file/350e16ad2db661167dad6a457aa6970568fb24948001eb1c389cee57504237d5/detection

kangaroo.techonext.com/spywwafea/5555555555.jpg
/spywwafea/5555555555.jpg

# Reference: https://twitter.com/reecdeep/status/1356957674114580483

farias.art.br/ds/0302.gif

# Reference: https://twitter.com/reecdeep/status/1357280290427842561

mywebscrap.com/ds/0402.gif

# Reference: https://twitter.com/reecdeep/status/1357709480587382794

awakenbeautyhq.com/ds/0502.gif

# Reference: https://twitter.com/reecdeep/status/1358787552753430528

fastswitch.org/ds/0702.gif
flipahousebook.com/ds/0702.gif

# Reference: https://twitter.com/reecdeep/status/1359172653442039808

batarey.net/bcorucporp
panic-studios.dk/zqbvc
unit4.space/bjpeqzfvs
interluxcargo.kz/xncvbcbzw
immanta.com/zrqzfrsvu
lagacetadelopositor.com/sdrbzodvwi
test.frogmood.com/wssxsgqu

# Reference: https://twitter.com/reecdeep/status/1359467670148698113

upgradedagent.com/ds/1002.gif

# Reference: https://twitter.com/ps66uk/status/1361302529871654912
# Reference: https://twitter.com/reecdeep/status/1361305219016101891

darmatic.co.rs/ds/1502.gif
lmvidros.com.br/ds/1502.gif
zmprintingbd.com/ds/1502.gif

# Reference: https://twitter.com/reecdeep/status/1362030594264358914

intellectsmart.in/ds/1702.gif
transcription.net.au/ds/1702.gif

# Reference: https://twitter.com/reecdeep/status/1362404765137788929

lloydsindian.co.uk/ds/1802.gif

# Reference: https://urlhaus.abuse.ch/browse/tag/SilentBuilder/

118travel.net/ds/1512.gif
12.ossmarcial.com/ds/0812.gif
123sellfast.com/ds/2312.gif
62.113.113.250/ds/11.gif
62.113.117.225/ds/11.gif
81.4.106.224/ds/1002.gif
acarchidesign.com/ds/0402.gif
adapttostress.co.za/ds/0502.gif
africaincoming.com/ds/1002.gif
alkem.ro/ds/021220.gif
alnujaifi-portal.com/ds/3101.gif
alphabravo.com.br/ds/1702.gif
artwebsite.uk/ds/1512.gif
asimarsy.mycpanel.rs/ds/0902.gif
aula-web.space/ds/2112.gif
aurobliss.com/ds/1502.gif
auroratd.cf/ds/291120.gif
autoabi.pl/ds/021220.gif
awakenbeautyhq.com/ds/0502.gif
axwaydatamasters.com/ds/0502.gif
backup.agewsage.com/ds/1412.gif
bagrover.com/ds/291120.gif
barastea.com/ds/061220.gif
behendige-boxers.nl/ds/0902.gif
bellababy.com.sa/ds/0902.gif
bhtt.vn/ds/021220.gif
birdexim.com/ds/231120.gif
bizarrestudio.net/ds/1612.gif
body.inmedlabs.co.ke/ds/1702.gif
boomideas.pro/ds/0902.gif
bsma.com.bd/ds/2112.gif
bucklindata.net/ds/061220.gif
bumka.com.ua/ds/291120.gif
cacso.org.ng/ds/041220.gif
cards.vaults.ga/ds/0812.gif
casadodestino.com/ds/1802.gif
castingparaguay.com/ds/3101.gif
ccvip.ca/ds/021220.gif
chili.id/ds/041220.gif
clinica-cristal.com/ds/3101.gif
cloud.sofal.com.my/ds/2112.gif
cnc-burundi.bi/ds/2112.gif
compucamp.ink/ds/0502.gif
comunaolari.ro/ds/2112.gif
cpc-spa.cl/ds/021220.gif
crizal.gr/ds/1002.gif
curs.mariamarian.md/ds/1702.gif
cyantech.com/ds/041220.gif
dahasa.danaweb.vn/ds/061220.gif
dailyswail.org/ds/1612.gif
dcain.physio123.com/ds/1602.gif
debragordon.com/ds/1712.gif
demex.ro/ds/1712.gif
depositoclara.com.br/ds/0702.gif
dev.northzone.it/ds/2312.gif
dev.zemp.com/ds/291120.gif
distribuidoramc.com/ds/0502.gif
dpoonabakers.com/ds/1512.gif
dropclose.com/excel/shared.xls
dtmh.gr/ds/231120.gif
duburimusic.com/ds/0812.gif
duniaraha.com/ds/0902.gif
eliteblogspot.com/ds/0702.gif
elixerdigitall.com/ds/1412.gif
ermi.co.zw/ds/2312.gif
etechpk.net/ds/1512.gif
events.sayphin.org/ds/0302.gif
expandcpa.com/ds/291120.gif
eyeqoptical.ca/ds/0302.gif
eyeqoptical.ca/ds/3101.gif
fangs.co.in/ds/1512.gif
farias.art.br/ds/0302.gif
fcco1936.com/ds/231120.gif
ffa.odessa.ua/ds/1512.gif
foresah.com/ds/1712.gif
fotospek.com/ds/2112.gif
ftabajamexicali.com/ds/1002.gif
fu5on.com/ds/231120.gif
furgonsuperior.com/ds/2112.gif
gbhtrade.com.br/ds/3101.gif
gener8media.gi/ds/061220.gif
gerrusi.ru/ds/021220.gif
globaltravel-jo.com/ds/2112.gif
gotoshopping.pk/ds/1502.gif
gravitysoft.in/ds/1712.gif
groupeicaetudes.com/ds/0302.gif
gst-system.com/ds/0902.gif
gtroot.edulinellc.mn/ds/0502.gif
guarartloja.com.br/ds/2112.gif
halalcosmetics.uz/ds/2112.gif
hannesc.com/ds/2112.gif
he.thenamestork.com/ds/1512.gif
hoyamu.tellwhom.com/ds/1512.gif
hwsm-global.com/ds/2312.gif
icveritas.pe/ds/1002.gif
imzps.co.za/ds/041220.gif
inpulsion.net/ds/0702.gif
instamef.webd.pl/ds/0812.gif
israrulhaq.me/ds/1312.gif
izmirburo.com/ds/0812.gif
jathra.co.uk/ds/0402.gif
joostpieter.com/ds/1412.gif
jordanbetterworkplace.org/ds/1802.gif
jordanembassy.or.id/ds/1502.gif
joycapas.com.br/ds/0402.gif
kabinarf.ru/ds/0402.gif
kashful.softwarebd.biz/ds/1802.gif
kavok.ind.br/ds/2312.gif
kbpertiwi.sch.id/ds/0702.gif
keatonberry.me/ds/1412.gif
kelwinsales.com/ds/1702.gif
kgvidhyashram.in/ds/1512.gif
khaugalliindia.com/ds/0812.gif
kientrucadhome.vn/ds/1512.gif
kiniti.net/ds/0402.gif
kliksini.web.id/ds/061220.gif
l.loungu.com/ds/231120.gif
legalpyramids.com/ds/1312.gif
lenimar.com/ds/021220.gif
level-travel.com/ds/2112.gif
linhtumblr.com/ds/2312.gif
luxtorcred.com.br/ds/1002.gif
m2melectronica.com.ar/ds/1002.gif
man.myanmarfas.com/ds/2112.gif
mapleleafnetwork.net/ds/1502.gif
marcostrombetta.com.br/ds/1802.gif
marka.mikronexus.net/ds/0302.gif
martastrubing.com/ds/1002.gif
masadahtime.com/ds/0812.gif
me48.ru/ds/231120.gif
mecamath.com/ds/1712.gif
medstori.com/ds/0902.gif
mempresariales.com/ds/061220.gif
mercados247.com/ds/1602.gif
micmart.store/ds/291120.gif
minet-it.com/ds/021220.gif
miraclecollagen.co.za/ds/1802.gif
mmsesquadrias.com.br/ds/1002.gif
my.loungu.com/ds/1312.gif
mygrandmomskitchen.com/ds/1802.gif
narumi.mn/ds/041220.gif
nearlearn.com/ds/1612.gif
net.cyantech.com/ds/0402.gif
news24mrl.com/ds/1312.gif
newstimeurdu.com/ds/3101.gif
ngoonlinebd.com/ds/0402.gif
novavista.com.py/ds/1612.gif
nrdsbd.org/ds/0702.gif
nyuscape.xyz/ds/291120.gif
ochko123.net/details.xls
oleohitec.com.co/ds/1612.gif
omenstyle.pk/ds/2112.gif
onelink.com.bd/ds/1712.gif
outdoorsphoto.net/ds/1512.gif
p-clone.net/ds/021220.gif
pamltd.co.uk/ds/1502.gif
pin.crptechs.com/ds/0702.gif
planetaiphone.com.mx/ds/0902.gif
platechmold.co.id/ds/1002.gif
pos.staysafe.pk/ds/1412.gif
pqrs.enelar.net.co/ds/1002.gif
prisecomparer.com/ds/1512.gif
probit.digital/ds/0402.gif
proco.lt/ds/021220.gif
rdpspuraini.com/ds/1612.gif
rebeccaumblewhite.com/ds/0502.gif
remacon.net/ds/3101.gif
remedial.aaua.edu.ng/ds/1502.gif
rhinoclothes.com/ds/2312.gif
ruggedcall.com/ds/1002.gif
s-system.ba/ds/1702.gif
sadgad.ru/ds/231120.gif
safetylad.com/ds/2312.gif
saisoftwareinc.com/ds/1002.gif
savasaachi.systems/ds/0302.gif
secam.mycpanel.rs/ds/1002.gif
seligue.net/ds/231120.gi
servicespro.com.pk/ds/3101.gif
shop.paritetdom.ru/ds/1612.gif
shopee.gr/ds/021220.gif
skconstruction.info/ds/3101.gif
ski-travel.pl/ds/231120.gif
skycitymall.co.in/ds/0812.gif
smartgal.us/ds/041220.gif
smf.design4u.ca/ds/0702.gif
softwarecpanel.com/ds/2112.gif
starminimall.com/ds/061220.gif
stevie-m.co.uk/ds/0302.gif
sunmarkholidays.com/ds/0702.gif
surmaconcrete.com/ds/1412.gif
swedenfoods.net/ds/1712.gif
syifabioderma.com/ds/0902.gif
tacefradio.com/ds/1312.gif
tact9.in/ds/1612.gif
talkeasy.in/ds/2312.gif
tearsoftheearth.org/ds/0702.gif
test.dawwie.com/ds/0812.gif
tetek.ru/ds/041220.gif
th.czonediver.com/ds/061220.gif
thetravelingcard.com/ds/0302.gif
tiesta.in/ds/291120.gif
titanautomobiles.com/ds/1002.gif
tolensociety.com/ds/1312.gif
toptipsoffice.us/data_order.php
toptoffice.us/data_order.php
toyotacollege.ac.th/ds/1312.gif
tt-office.us/data_order.php
ttoffices.us/order_data.php
tv5a.com.br/ds/1612.gif
upsfrance-download.com/ireo.png
used-jeans.fr/ds/1702.gif
utbapp.poweritbd.com/ds/0302.gif
vdonkihot.ru/ds/041220.gif
vendedorfenix.com/ds/1602.gif
vestelbd.com/ds/1802.gif
viraugra.com/ds/291120.gif
vmusicsound.com/ds/1412.gif
vytyazhki.by/ds/291120.gif
xn--72c0bbr3dtble.com/ds/0902.gif
yamm.com.my/ds/2312.gif
yanyosa.com/ds/021220.gif

# Reference: https://twitter.com/p5yb34m/status/1362469846634491904
# Reference: https://pastebin.com/raw/7mH09Yyv

biblicalisraeltours.com/otmchxmxeg/
jugueterialatorre.com.ar/xjzpfwc/
pathinanchilearthmovers.com/eznwcdhx/
rzminc.com/fdzgprclatqo/
rzminc.com/xklyulyijvn/

# Reference: https://twitter.com/wato_dn/status/1362661494198996993
# Reference: https://tria.ge/210219-velay7211j

7ruzezendegi.com/samsgtlfwzt/
batikentklinik.com/qtuofsxtov/
chandni.pk/ictrljsfuh/
dindorf.com.ar/ntpnttfypqs/
miaovideo.com/wwdtfgdlijlr/

# Reference: https://twitter.com/p5yb34m/status/1362879210952400902
# Reference: https://pastebin.com/raw/8rth91je

erp.demosoftware.biz/focahjqevd/
jayshreewoods.com/gvazzbwlvyk/
parama-college.id/yxpmmmg/
raivens.com/zdmqwymhhza/
sportsmarquee.com/hmffuzbolyio/

# Reference: https://twitter.com/reecdeep/status/1362716892792823809

i345999.hera.fhict.nl/ds/1902.gif

# Reference: https://twitter.com/reecdeep/status/1363853849283428354

mavenconsulting.com.pk/ds/2202.gif

# Reference: https://twitter.com/p5yb34m/status/1364646433517752322

fernway.com/xjhuljbqv/
hdmedia.pro/noexyryqori/
stadt-fuchs.net/gwixglx/
sumonpro.xyz/nseoqnwbbvmc/
vngkinderopvang.nl/rmyjq/

# Reference: https://twitter.com/pmmkowalczyk/status/1364850641433219074

dicomm-001-site35.ctempurl.com/pmslsda/
dnvillas.com/ncmlzqphuqma/
eventpeople.pro/cfuizfotpz/

# Reference: https://twitter.com/fr0s7_/status/1365308651636989954

rlyrt26rnxw02vqijgs.com

# Reference: https://twitter.com/reecdeep/status/1366406191312683009
# Reference: https://twitter.com/peterkruse/status/1366407348202389505
# Reference: https://twitter.com/InQuest/status/1366447657904992259
# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-03-01-IcedID-IOCs.txt

emqjj27ljgl02hqqzi.com
jqilt27xsbz02anaeu.com
nygvj27cvlk02cktf.com
rlvq27rmjej02sfvb.com
vyw27lfrvoj02kkxo.com
wnah27frybfe02sadb.com
/fedara.gif

# Reference: https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike/27158/
# Reference: https://otx.alienvault.com/pulse/603fd483e52dabf8b0e6223d
# Reference: https://www.virustotal.com/gui/ip-address/8.209.64.96/relations

beazf26awkee02gvog.com
cyh26wcekai02atpeax.com
emqjj27ljgl02hqqzi.com
fb25d3a23hy.com
fb25d3add23hy.com
fb25d3as23hy.com
fb25d3asddd23hy.com
fb25d3erda23hfy.com
fb25era23hfy.com
fb25erhfy.com
gbza26rngn02bekll.com
ghtyrncjf2df.com
hqn27dyhvwp02wznv.com
hqzf28ebdjjm02ywyxek.com
jqilt27xsbz02anaeu.com
kfzhm28pwzrlk02bmjy.com
nvrih26coxejl02enyfn.com
nwvv27dwmy02bgznc.com
nygvj27cvlk02cktf.com
pbdq26xjey02uprxwx.com
pxiw28jgmb02slcqxq.com
qab26utxb02pquc.com
qcywk28rcywfw02ehij.com
qxloq28vhjko02eiiagg.com
rea26ypgvle02hcbunp.com
rlvq27rmjej02sfvb.com
rlyrt26rnxw02vqijgs.com
sbr28gizur02fcxtz.com
sfhbv28xhvi02fbok.com
toj27nlpr02irajz.com
toqku26hwpu02shuroh.com
ugrl28bxsnh02kohk.com
uovxx28jqdgp02kzseg.com
vyhml26anpfyb02aqsehz.com
vyw27lfrvoj02kkxo.com
wlog28dzzmi02spfin.com
wnah27frybfe02sadb.com
ydw27hfhbk02zpidmv.com

# Reference: https://pastebin.com/XvH8rDBD

cidn02mjco03pobx.com
dskl02touc03jeby.com
etysu02scnabr03wzaxue.com
hqcaz02egeq03bvmhm.com
inpa02lzjvt03anas.com
lic02uiccnh03nruvp.com
ououz02naba03oiyd.com
ppk02dmgmzj03dxekog.com
uhfa02eknih03swzdku.com
zkkn02lffiff03zkmh.com

# Reference: https://tria.ge/210305-z4hdat5hzs/static1

dzw10jpcgj03fckc.com

# Reference: https://www.virustotal.com/gui/ip-address/8.208.97.177/relations

cfkko03vvxohq03taep.com
cidn02mjco03pobx.com
cyh26wcekai02atpeax.com
emqjj27ljgl02hqqzi.com
etysu02scnabr03wzaxue.com
fb25d3add23hy.com
fb25d3as23hy.com
fb25d3asddd23hy.com
fb25d3erda23hfy.com
ftkaq03ihfbh03rehx.com
gbza26rngn02bekll.com
ghtyrncjf2df.com
hei03tfxv03mahl.com
ihjpn03sijjl03dtmtr.com
jam03iofwv03jniedf.com
kyvws03ndah03hecon.com
lic02uiccnh03nruvp.com
pbdq26xjey02uprxwx.com
qab26utxb02pquc.com
sal03gicu03qcwtif.com
toqku26hwpu02shuroh.com
vpu03jivmm03qncgx.com
xgka03stox03cloeqz.com
yar03jmtvr03jtqg.com
ydw27hfhbk02zpidmv.com
zkkn02lffiff03zkmh.com

# Reference: https://www.virustotal.com/gui/ip-address/35.228.62.27/relations
# Reference: https://www.virustotal.com/gui/file/d9eded39c99656747708e72c395c9a542d427e588c5343c8e512262f3a42f35b/detection

jhj10jtvwu03zsjwk.com
tmrz10fxhy03ntxjf.com
ttj10qrrqx03kdts.com
xjw10whta03ytgdi.com
ywgiu10zmnwcx03vpnyp.com

# Reference: https://twitter.com/reecdeep/status/1370032331914895360

caqp10snyod03msvsqu.com

# Reference: https://www.virustotal.com/gui/file/e15245fdf2ed6b28499cddd0961265247df5c69158016d0a6e125abbdee49ebb/detection
# Reference: https://www.virustotal.com/gui/ip-address/8.210.31.137/relations

ablefullrun.xyz
actschoolserious.xyz
actsincenose.xyz
actuallyrecognizepack.xyz
afterfreecolou.xyz
agentteartoward.xyz
agreekillsleep.xyz
airtinybrother.xyz
alreadyemptylock.xyz
ammotionmany.xyz
amr16pzcp03omerd.com
amr16pzcp03omerd.xyz
anywayhourtrue.xyz
apartmentmomentgod.xyz
armhowlettershouldr.xyz
armycertainblade.xyz
aroundlatebeen.xyz
attentiongrowdistance.xyz
bedwhoelevator.xyz
belowshopboat.xyz
bpxe15jijmh03ubiwhh.xyz
bqx12lnjk03rrdio.xyz
burstuniformreturn.xyz
calmshipchance.xyz
caqp10snyod03msvsqu.com
cfkko03vvxohq03taep.com
cidn02mjco03pobx.com
commandbebetween.xyz
coollivingmind.xyz
cyh26wcekai02atpeax.com
darkfoodlight.xyz
dskl02touc03jeby.com
dzw10jpcgj03fckc.com
emqjj27ljgl02hqqzi.com
etysu02scnabr03wzaxue.com
everythincausenews.xyz
evz15lmlir03sygmyr.xyz
fb25d3a23hy.com
fb25d3add23hy.com
fb25d3as23hy.com
fb25d3asddd23hy.com
fb25d3erda23hfy.com
fb25era23hfy.com
fb25erhfy.com
fqzzj16gndioz03mxadr.com
fqzzj16gndioz03mxadr.xyz
frownexpressionfoot.xyz
ftkaq03ihfbh03rehx.com
fyz10eijkl03mytjfb.com
gbza26rngn02bekll.com
gcfxb12aefoyn03epdoji.xyz
ghtyrncjf2df.com
glassmuchhuge.xyz
hei03tfxv03mahl.com
holeenoughmore.xyz
hqcaz02egeq03bvmhm.com
hqn27dyhvwp02wznv.com
ihjpn03sijjl03dtmtr.com
inpa02lzjvt03anas.com
ipok12bcame03shzpiq.xyz
jam03iofwv03jniedf.com
jgu16cbxdr03ehqvx.com
jgu16cbxdr03ehqvx.xyz
jhj10jtvwu03zsjwk.com
jqilt27xsbz02anaeu.com
klhlh16zldwun03vlpq.com
klhlh16zldwun03vlpq.xyz
kyvws03ndah03hecon.com
lbgyn15pchoit03azhs.xyz
lic02uiccnh03nruvp.com
lxoyw10bipu03ilyig.com
nvelj12qyyfi03kqxy.xyz
nvrih26coxejl02enyfn.com
nwvv27dwmy02bgznc.com
nygvj27cvlk02cktf.com
openalreadygather.xyz
ououz02naba03oiyd.com
pbdq26xjey02uprxwx.com
ppk02dmgmzj03dxekog.com
qab26utxb02pquc.com
quitelifebreak.xyz
rcj16whwaqg03pmrp.com
rcj16whwaqg03pmrp.xyz
rdraj16rwjw03xnli.com
rdraj16rwjw03xnli.xyz
rea26ypgvle02hcbunp.com
rlvq27rmjej02sfvb.com
rlyrt26rnxw02vqijgs.com
sal03gicu03qcwtif.com
showcertainlychair.com
somebodysergeantshop.xyz
spreadgathertruth.xyz
tmrz10fxhy03ntxjf.com
todayfewnear.xyz
toj27nlpr02irajz.com
toqku26hwpu02shuroh.com
ttj10qrrqx03kdts.com
uhfa02eknih03swzdku.com
uqtgo16datx03ejjz.com
uqtgo16datx03ejjz.xyz
uqw16atsxge03cbwwx.com
uqw16atsxge03cbwwx.xyz
usy15wycqme03dymh.xyz
vad12mhpfp03vyfl.xyz
vdk10pfsny03tzfva.com
vpu03jivmm03qncgx.com
vyhml26anpfyb02aqsehz.com
vyw27lfrvoj02kkxo.com
wecrashdoctor.xyz
whiteotherwhole.xyz
wnah27frybfe02sadb.com
wquwb16swlxr03miuell.com
wquwb16swlxr03miuell.xyz
xgka03stox03cloeqz.com
xjw10whta03ytgdi.com
yar03jmtvr03jtqg.com
ydw27hfhbk02zpidmv.com
ykv16cmtign03mfeen.com
ykv16cmtign03mfeen.xyz
ywgiu10zmnwcx03vpnyp.com
zkkn02lffiff03zkmh.com
zltw15tzezi03nbmru.xyz

# Reference: https://twitter.com/ps66uk/status/1370078419879362572

lxoyw10bipu03ilyig.com
tmrz10fxhy03ntxjf.com
vdk10pfsny03tzfva.com

# Reference: https://twitter.com/James_inthe_box/status/1370430017830756356

/44265.6787289352.dat

# Reference: https://twitter.com/pmmkowalczyk/status/1370072095925927941

/44266.6080112269.dat

# Reference: https://twitter.com/malware_traffic/status/1370115044734861312

/44266.8078175926.dat

# Reference: https://twitter.com/p5yb34m/status/1370436549691645954

/44267.7472592593.dat

# Reference: https://twitter.com/malware_traffic/status/1370520363520696336

/44267.9354760417.dat

# Reference: https://twitter.com/p5yb34m/status/1371509011825057794

/44270.7073414352.dat

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-03-15-IcedID-IOCs.txt

/44270.7145450231.dat

# Reference: https://twitter.com/James_inthe_box/status/1372268803833294852
# Reference: https://www.virustotal.com/gui/file/cd90621a36e92dfa4b49a804478522670685f234a3916c648779be639f553284/detection

/44272.6229643519.dat

# Reference: https://www.virustotal.com/gui/file/5aaef4f77b79d4bca0df0eae1e2d695da65cd858421f243273fc273afee30b3c/detection

/44272.3462201389.dat

# Reference: https://twitter.com/reecdeep/status/1372511120502759424
# Reference: https://app.any.run/tasks/d46b7411-f9ec-4fd0-ac24-bc9424a5671e/

http://185.82.219.219
http://188.127.231.55
http://45.140.146.180
/44273.5055075232.dat

# Reference: https://twitter.com/peterkruse/status/1372515989913530371

http://185.82.219.80
http://188.119.112.125
http://188.127.230.133
/44272.8138383102.dat

# Reference: https://www.malware-traffic-analysis.net/2021/03/19/index.html

http://185.82.219.225
http://188.127.237.152
/44274.6591174769.dat

# Reference: https://twitter.com/malware_traffic/status/1370520363520696336

# Reference: https://twitter.com/reecdeep/status/1370324080340168704
# Reference: https://twitter.com/reecdeep/status/1370331381277016068
# Reference: https://app.any.run/tasks/cb8d105e-f9b6-4c70-9df5-c1ce912b8586/

bqx12lnjk03rrdio.xyz
gcfxb12aefoyn03epdoji.xyz
ipok12bcame03shzpiq.xyz
nvelj12qyyfi03kqxy.xyz

# Reference: https://twitter.com/InQuest/status/1370473713888542722

fyz10eijkl03mytjfb.com

# Reference: https://twitter.com/reecdeep/status/1371794991614398466

ykv16cmtign03mfeen.com

# Reference: https://otx.alienvault.com/pulse/6050fb82f9a8e34a3ce2b4c1

ablefullrun.xyz
actschoolserious.xyz
actsincenose.xyz
actuallyrecognizepack.xyz
afterfreecolou.xyz
agentteartoward.xyz
agreekillsleep.xyz
airtinybrother.xyz
alreadyemptylock.xyz
ammotionmany.xyz
amr16pzcp03omerd.com
amr16pzcp03omerd.xyz
anywayhourtrue.xyz
apartmentmomentgod.xyz
armhowlettershouldr.xyz
armycertainblade.xyz
aroundlatebeen.xyz
attentiongrowdistance.xyz
beazf26awkee02gvog.com
bedwhoelevator.xyz
belowshopboat.xyz
bpxe15jijmh03ubiwhh.xyz
bqx12lnjk03rrdio.xyz
burstuniformreturn.xyz
calmshipchance.xyz
caqp10snyod03msvsqu.com
cfkko03vvxohq03taep.com
cidn02mjco03pobx.com
commandbebetween.xyz
coollivingmind.xyz
cyh26wcekai02atpeax.com
dskl02touc03jeby.com
dzw10jpcgj03fckc.com
emqjj27ljgl02hqqzi.com
etysu02scnabr03wzaxue.com
everythincausenews.xyz
evz15lmlir03sygmyr.xyz
fb25d3a23hy.com
fb25d3add23hy.com
fb25d3as23hy.com
fb25d3asddd23hy.com
fb25d3erda23hfy.com
fb25era23hfy.com
fb25erhfy.com
fqzzj16gndioz03mxadr.com
frownexpressionfoot.xyz
ftkaq03ihfbh03rehx.com
fyz10eijkl03mytjfb.com
gbza26rngn02bekll.com
gcfxb12aefoyn03epdoji.xyz
ghtyrncjf2df.com
hei03tfxv03mahl.com
holeenoughmore.xyz
hqcaz02egeq03bvmhm.com
hqn27dyhvwp02wznv.com
hqzf28ebdjjm02ywyxek.com
ihjpn03sijjl03dtmtr.com
inpa02lzjvt03anas.com
ipok12bcame03shzpiq.xyz
jam03iofwv03jniedf.com
jgu16cbxdr03ehqvx.com
jgu16cbxdr03ehqvx.xyz
jhj10jtvwu03zsjwk.com
jqilt27xsbz02anaeu.com
kfzhm28pwzrlk02bmjy.com
klhlh16zldwun03vlpq.com
kyvws03ndah03hecon.com
lbgyn15pchoit03azhs.xyz
lic02uiccnh03nruvp.com
lxoyw10bipu03ilyig.com
march-socat01.com
march-socat01.xyz
marchassl01.com
marchassl012.com
mearmyarea.xyz
nvelj12qyyfi03kqxy.xyz
nvrih26coxejl02enyfn.com
nwvv27dwmy02bgznc.com
nygvj27cvlk02cktf.com
openalreadygather.xyz
ououz02naba03oiyd.com
pbdq26xjey02uprxwx.com
ppk02dmgmzj03dxekog.com
pxiw28jgmb02slcqxq.com
qab26utxb02pquc.com
qcywk28rcywfw02ehij.com
quitelifebreak.xyz
qxloq28vhjko02eiiagg.com
rcj16whwaqg03pmrp.com
rdraj16rwjw03xnli.com
rea26ypgvle02hcbunp.com
rlvq27rmjej02sfvb.com
rlyrt26rnxw02vqijgs.com
sal03gicu03qcwtif.com
sbr28gizur02fcxtz.com
sfhbv28xhvi02fbok.com
spreadgathertruth.xyz
testframeline.xyz
theredearmovie.xyz
tirephonerun.xyz
tmrz10fxhy03ntxjf.com
todayfewnear.xyz
togetheremptymind.xyz
toj27nlpr02irajz.com
toqku26hwpu02shuroh.com
ttj10qrrqx03kdts.com
ugrl28bxsnh02kohk.com
uhfa02eknih03swzdku.com
uovxx28jqdgp02kzseg.com
uqtgo16datx03ejjz.com
uqw16atsxge03cbwwx.com
usy15wycqme03dymh.xyz
vad12mhpfp03vyfl.xyz
vdk10pfsny03tzfva.com
vpu03jivmm03qncgx.com
vyhml26anpfyb02aqsehz.com
vyw27lfrvoj02kkxo.com
walkwellquite.xyz
whiteotherwhole.xyz
wishdadwhisper.xyz
wlog28dzzmi02spfin.com
wnah27frybfe02sadb.com
wquwb16swlxr03miuell.com
xgka03stox03cloeqz.com
xjw10whta03ytgdi.com
yar03jmtvr03jtqg.com
ydw27hfhbk02zpidmv.com
ykv16cmtign03mfeen.com
ywgiu10zmnwcx03vpnyp.com
zkkn02lffiff03zkmh.com
zltw15tzezi03nbmru.xyz

# Reference: https://otx.alienvault.com/pulse/605274d69b83780319fac22a
# Reference: https://app.any.run/tasks/0ebbef51-244d-4f9f-9bfb-5bd1db5d2dda
# Reference: https://app.any.run/tasks/04d6eb2d-9548-48d4-8968-a1b079e9cd19
# Reference: https://app.any.run/tasks/c3132802-4657-44df-a7f9-00dff79dfd85

fqzzj16gndioz03mxadr.xyz
rcj16whwaqg03pmrp.xyz
uqtgo16datx03ejjz.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1372559634150592512

lem18iuru03vwvqwt.xyz

# Reference: https://twitter.com/reecdeep/status/1372890526203179009
# Reference: https://www.virustotal.com/gui/ip-address/35.228.48.27/relations

caqp10snyod03msvsqu.com
dfyf19fytrc03magy.xyz
dzw10jpcgj03fckc.com
evz15lmlir03sygmyr.xyz
ghtyrncjf2df.com
ppk02dmgmzj03dxekog.com
qsklc19fboh03zlewu.xyz
qsmbo18vxondw03uimrc.xyz
rcj16whwaqg03pmrp.com
rlyrt26rnxw02vqijgs.com
rmdwk19obfzrq03ohby.xyz
ttj10qrrqx03kdts.com
wyhfi19vkwt03hcrle.xyz
ywgiu10zmnwcx03vpnyp.com

# Reference: https://www.virustotal.com/gui/ip-address/34.65.218.17/relations

aath22rzmo03mvewdj.xyz
drt22uhfjmz03ltxc.xyz
ewiak22wbzmpq03ysileo.xyz
rcwj22jxyvt03swnlt.xyz
tvzhp22pzrh03vdawn.xyz
wnsx22gdouo03tuyu.xyz
xsd22aeofw03lqzf.xyz

# Reference: https://twitter.com/malware_traffic/status/1374800753173352450
# Reference: https://twitter.com/reecdeep/status/1374361487205089282
# Reference: https://www.virustotal.com/gui/ip-address/35.204.191.93/relations
# Reference: https://otx.alienvault.com/pulse/605a414709647aca906c467c/

http://45.150.67.226
/44279.7753403935.dat
amr16pzcp03omerd.xyz
beg23crlsak03wwzwc.xyz
brannon-powlowski25d.xyz
crooks-cooper24g.xyz
demetris9127f.com
dennis-hill25lw.xyz
fegr23ylwp03yfvm.xyz
ghtyrncjf2df.com
hardy-parker27ea.com
hprosacco25i.xyz
ire22wndw03opoq.xyz
kassandra5024d.xyz
lvv23blili03ujrxcp.xyz
lxoyw10bipu03ilyig.com
mtk23gqakwj03bzds.xyz
olfs23kvri03wyyb.xyz
ovesf23knfg03eixqds.xyz
plangosh27a.com
qvqy23thdsed03xjeqtf.xyz
rgleason25s.xyz
rlyrt26rnxw02vqijgs.com
rosenbaum-jaida24nz.xyz
rsjb23tnxjng03dgiy.xyz
sarai7227dl.com
treutel-jamir25ju.xyz
usy15wycqme03dymh.xyz
virgie-will27pn.com
vyhml26anpfyb02aqsehz.com
wsbc23imtnnc03lrmpxa.xyz
xherzog24pv.xyz
yar03jmtvr03jtqg.com
yzq24meogxq03bsvfu.xyz

# Reference: https://twitter.com/JRoosen/status/1376994339281309699

agenbolatermurah.com/ds/3003.gif
columbia.aula-web.net/ds/3003.gif
metaflip.io/ds/3003.gif
partsapp.com.br/ds/3003.gif
tajushariya.com/ds/3003.gif

# Reference: https://twitter.com/fr0s7_/status/1377588184226336772
# Reference: https://pastebin.com/fnd1tHh6

ieclb.com.br/ds/3103.gif
maharaniworld.com/ds/3103.gif
aycconsultoriaempresarial.com/ds/3103.gif
hashmati.com/ds/3103.gif
sgb.ac.ke/ds/3103.gif

# Reference: https://twitter.com/JAMESWT_MHT/status/1377929158593032192

jaishritours.com/ds/0204.gif
digitalcreations.co.in/ds/0204.gif
unityindiversity.in/ds/0204.gif
utabmis.ac.rw/ds/0204.gif
pinkpaprika.co.uk/ds/0204.gif

# Reference: https://twitter.com/JAMESWT_MHT/status/1379339978526883840

jacktech.jackindia.com/ds/0204.gif
moumitas.com/ds/0204.gif

# Reference: https://intel471.com/blog/ettersilent-maldoc-builder-macro-trickbot-qbot/
# Reference: https://otx.alienvault.com/pulse/606f2e77342bd3d1fa7e8d34

http://188.127.254.114
holmesservices.mobiledevsite.co/ds/2803.gif
kfzhm28pwzrlk02bmjy.com
pokojewewladyslawowie.pl
/44270.5684626157.dat
/44270.7082388889.dat

# Reference: https://twitter.com/pmmkowalczyk/status/1382039816968212491

cesiroinsurance.com/ds/0604.gif
innermetransformation.com/ds/0604.gif
shalombaptistchapel.com/ds/0604.gif

# Reference: https://twitter.com/JAMESWT_MHT/status/1385643227538247680

shapoorjipallonji.online/drms/ind.html
studio.joellemagazine.com/drms/ind.html

# Reference: https://twitter.com/d4rksystem/status/1382979851892748290

glsiba.org/drms/body.html
jahthroneafricancrafts.com/drms/body.html

# Reference: https://twitter.com/teamcymru_S2/status/1387085777482489858

185.250.149.187:443

# Reference: https://twitter.com/MBThreatIntel/status/1390375540595507201

http://185.45.193.74
http://195.123.220.175
http://45.144.29.253
/44313.6048108796.dat

# Reference: https://madlabs.dsu.edu/madrid/blog/2021/04/30/qbot-analyzing-php-proxy-scripts-from-compromised-web-server/

http://91.193.180.161
91.193.180.161:7080
/first_loader/first_loader_qbz001.php
/first_loader_qbz001.php

# Reference: https://twitter.com/jstrosch/status/1354913027762622469
# Reference: https://github.com/jstrosch/malware-samples/tree/master/malware_infrastructure/2021/January/qbot_compromised_server

selfstoragemillionaires.com
/hxevjccijc.php
/mhqiFVdEBo.php

# Reference: https://www.virustotal.com/gui/file/521e6ab3da29cda2fc6399ac88289ed9762577ff4e9742a56ec89bf4521be6c1/detection

8.209.64.96:4039

# Reference: https://twitter.com/tosscoinwitcher/status/1384575076293439492

/44300.5396033565.dat

# Reference: https://twitter.com/JAMESWT_MHT/status/1392514493100531714

dsafarm.com/h03itpGP/ue.html
stateoftheartacademy.com.br/E4V8njAb2/ue.html
/E4V8njAb2/ue.html
/h03itpGP/ue.html

# Reference: https://twitter.com/JAMESWT_MHT/status/1393123509090533381

/44330.3435314815.dat

# Reference: https://www.virustotal.com/gui/file/1ecf737a0bd1cb4a25e09d8be8ce9700a8905fcc5891d2a80dbc17677b623553/detection

/44333.8078178241.dat

# Reference: https://www.virustotal.com/gui/file/14bfd4407897eb27a12125e23d08ac7c9be13e69959ffa77b4f7cea1cba2dae4/detection

/44333.7737885417.dat

# Reference: https://www.virustotal.com/gui/file/6befb1bcec9588b17d893ccdfdc0d4c008ce3cbe1671e792eea73829e93268f8/detection

/43976.6705686343.dat

# Reference: https://www.virustotal.com/gui/file/a6bcd1310d0703904889958ffb1bdc1e616ad5a4861519a2f055b03088a96a72/detection

http://185.183.98.29
http://188.165.62.17
http://195.123.221.179
/43976.835568287.dat

# Reference: https://twitter.com/bit_dam/status/1395471492427755525

http://190.14.38.106
http://193.38.54.246
http://51.89.73.152
/44336.7336625.dat

# Reference: https://twitter.com/reecdeep/status/1395296845375619076

http://103.155.93.169
http://45.67.228.153
http://51.89.73.149
/44329.6550195602.dat

# Reference: https://twitter.com/1ZRR4H/status/1395287974309474304
# Reference: https://pastebin.com/3Bmm16zt
# Reference: https://www.virustotal.com/gui/file/6d858e68b298e851836a55f5570c502b9a7bba79afd89c49c1345309f49a91f5/detection

droneteamproject.gr/BfWvudjrIQMF/utka.html
rallyautosport.com/CA2Sz1Pz33Sn/utka.html
dev.favterest.com/VBPFHU4UdmdT/filter.html
ethioshare.com/q22UgZzM3PV7/filter.html
digitrac.org/g31Qro72rb4Q/heart.html
swedish.askochembla.nl/6PNITEcbA/heart.html
academy.haleemcampus.com/GxaCS5azoZlJ/filter.html
tahaffuzenamooserisalat.com/YgUmSu/
jk-systems.in

# Reference: https://twitter.com/papa_anniekey/status/1402066103912697900

http://101.99.95.176
http://185.117.73.153
http://45.67.228.169
/44355.2896359954.dat

# Reference: https://twitter.com/ffforward/status/1401905278501670917

ibcu.cu.edu.eg/0eqB2jiJS/yy.html

# Reference: https://twitter.com/ffforward/status/1402973963853172741

control.sahum.gob.ve/ORqVv3i5b5e/zv.html

# Reference: https://twitter.com/pancak3lullz/status/1405566965553545225

http://101.99.95.230
http://103.155.92.217
http://185.219.43.60
http://190.14.37.2
http://194.36.189.154
http://45.67.230.241
/44364.4585763888.dat
/44364.3929405093.dat

# Reference: https://twitter.com/killamjr/status/1412461591090675713
# Reference: https://app.any.run/tasks/a8785302-6c45-4f32-92d2-5e37298a02bc/

thousandsyears.download
uppercilio.fun
voopeople.fun
/44376,8555986111.jpg
/44376.8555986111.jpg

# Reference: https://www.virustotal.com/gui/file/b2f4a24f66b08be7c8738c363c8d085d6c201bec77530bf3ee6ad97b49ce8eff/detection

http://101.99.95.204
http://185.117.73.134
http://217.147.172.75
/4450064.dat

# Reference: https://blog.group-ib.com/prometheus-tds

aramiglobal.com/ds/0502.gif

# Reference: https://twitter.com/pr0xylife/status/1440322035310153738

/44460.6828835648.dat

# Reference: https://www.virustotal.com/gui/file/358deadbd530adb5b625aae1a82bf3920ca1348982a21ee7bd26a4054a752ac3/behavior

216.238.71.31:443

# Reference: https://twitter.com/tosscoinwitcher/status/1459272591391158272

http://111.90.148.79
http://185.141.26.231
http://91.217.76.197
/44508.5578762731.dat

# Reference: https://twitter.com/Max_Mal_/status/1474423912490545153

83.110.91.18:2222

# Reference: https://www.virustotal.com/gui/file/65f57d55ef72665264daa8789af2c64ef6ccda1be7c753f2d0a8032839d260d7/detection

190.73.3.148:2222

# Reference: https://www.virustotal.com/gui/file/e2a30919eb834e89c192b619a2d824febf6f5a92d75429ec134a8de13fba41ab/detection

189.252.140.141:32101
65.100.174.110:8443
75.169.58.229:32100
173.21.10.71:2222
176.35.109.202:2222
190.73.3.148:2222
27.5.5.31:2222
45.46.53.140:2222
71.13.93.154:2222
73.25.109.183:2222
81.149.119.231:2222
81.250.153.227:2222
85.226.176.123:2222
85.54.179.210:2222
86.220.112.26:2222
92.59.35.196:2222
93.48.58.123:2222
96.21.251.127:2222

# Reference: https://www.virustotal.com/gui/file/46ee2b547901f428122e7d77186c8fda2db19a98d80a564fde1b08acc517dbec/detection

http://144.217.50.241
http://185.117.89.226
http://185.252.144.23
/44538.472677662.dat
/44538.472677662.dat2

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-11-15-IOCs-for-Matanbuchus-Qakbot-CobaltStrike-and-spambot-activity.txt

23.111.114.52:65400
71.13.93.154:6881

# Reference: https://www.virustotal.com/gui/file/53214f4721ef1221632de09fd853580056811ac6632b517d77fb326956129530/detection

103.139.242.30:990
103.143.8.71:6881
106.51.48.170:50001
117.248.109.38:21
121.175.104.13:32100
14.96.108.245:61202
173.21.10.71:2222
190.73.3.148:2222
209.210.95.228:32100
217.128.93.27:2222
217.164.247.241:2222
217.165.11.65:61200
217.165.123.47:61200
24.178.196.158:2222
37.210.226.125:61202
38.70.253.226:2222
45.9.20.200:2211
59.6.7.83:61200
65.100.174.110:8443
70.51.134.181:2222
74.15.2.252:2222
75.169.58.229:32100
76.169.147.192:32103
78.101.89.174:2222
80.14.196.176:2222
86.198.237.51:2222
92.167.4.71:2222
93.48.58.123:2222
96.21.251.127:2222

# Reference: https://twitter.com/James_inthe_box/status/1485684311504216072

/1NDTGG7e4/ght.png
/NoGYhhhaj0/ght.png
/Wis1k1q15zI/ght.png

# Reference: https://twitter.com/pr0xylife/status/1471502590617686022

/arOmtsqbPv/ji.png
/V3yGBDoJ0SCs/ji.png
/xXh8TKVYFik/ji.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1489576918328516611
# Reference: https://www.virustotal.com/gui/file/54d8230199caabbab5472a7c92343960101223744e0cab53f7029113d144d77f/detection

/2O8mGI9Oqg/hn.png
/3NkFv46T/hn.png
/DtKuN3PsJAdz/hn.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1493825391395549187

/bMtWWFJEH1dl/ghy.png
/CZqEc6SxYM/ghy.png
/Xy2Di9Dg/ghy.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1488164364565848068

http://51.195.38.36
http://74.119.194.108
http://79.141.167.194
/8643842914630250.dat

# Reference: https://twitter.com/1ZRR4H/status/1493321773009494019

http://103.155.93.225
http://185.61.151.52
http://188.119.148.108
/1621832826316290.dat

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_15.02.2022.txt

103.123.225.38:6881
162.210.220.137:2222
173.21.10.71:2222
182.121.70.122:2222
190.73.3.148:2222
193.251.59.245:2222
2.50.41.69:61200
217.128.171.34:2222
217.128.93.27:2222
217.164.115.166:2222
220.255.25.1:2222
24.178.196.158:2222
31.215.116.182:2222
31.215.142.105:2078
31.215.23.29:2222
37.210.157.12:2222
38.70.253.226:2222
45.46.53.140:2222
64.231.96.211:2222
70.50.147.95:2222
70.51.137.204:2222
73.67.152.98:2222
74.15.2.252:2222
80.14.196.176:2222
86.198.170.170:2222
86.98.156.24:32101
96.21.251.127:2222

# Reference: https://twitter.com/James_inthe_box/status/1494082168519213056

http://185.61.151.16
http://193.42.36.228
http://91.194.11.253
/9317677760640200.dat

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama157_17.02.2022.txt

107.171.241.236:2222
122.96.50.104:2222
180.183.99.37:2222
184.149.30.83:2222
217.128.122.65:2222
217.164.117.243:2222
37.211.176.26:61202
47.180.172.159:50010
67.69.166.79:2222
72.12.115.90:2078
72.12.115.90:2083
72.12.115.90:3389
72.252.201.34:990
75.99.168.194:61201
89.211.179.202:2222
92.177.45.46:2078

# Reference: https://twitter.com/fr0s7_/status/1494696852763070467

qekaoa.info

# Reference: https://twitter.com/JAMESWT_MHT/status/1496127499130056706

/082zfyXzL7/vg.png
/hceKoEWDRT7/vg.png
/W29qmbvqaq4/vg.png

# Reference: https://twitter.com/nate2x4/status/1496224056198438912

communitybusinesses.info
njmcdirectpay.online
proteogenix.us

# Reference: https://twitter.com/SquiblydooBlog/status/1497203490837434371
# Reference: https://www.virustotal.com/gui/file/a7cf76ca1a8dc312d1669ab90d3f770cbda44b78cf474dd31936876dcd427928/detection

/5Asp1RevTb/56.png
/bgCEPIZO/56.png
/zDRcRDl2Ck/56.png

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama160_28.02.2022.txt

http://111.90.147.222
http://146.19.170.74
http://51.195.37.137
/44620.645818287.dat
/44620.6497204861.dat
/44620.6635916667.dat
/44620.7119049769.dat
103.87.95.131:2222
121.7.223.188:2222
139.228.65.100:2222
173.21.10.71:2222
180.183.100.147:2222
190.73.3.148:2222
193.253.44.249:2222
217.128.122.65:2222
217.164.121.201:2222
24.178.196.158:2222
31.215.84.57:2222
38.70.253.226:2222
45.46.53.140:2222
64.231.96.211:2222
70.51.153.159:2222
74.15.2.252:2222
76.69.155.202:2222
76.70.9.169:2222
86.198.170.170:2222
89.211.185.240:2222
96.21.251.127:2222
190.200.231.217:61202
58.105.167.35:50000
78.100.194.138:6883
78.101.152.231:61202
84.241.8.23:32103

# Reference: https://twitter.com/JAMESWT_MHT/status/1498553873216200710

http://23.106.215.210
http://37.120.247.240
http://91.193.18.68
/44621.280440625.dat

# Reference: https://twitter.com/JAMESWT_MHT/status/1498646486153838594

/20HtGYkXdys/fn.png
/CxOxnOoTqPv/fn.png
/PQR7lz0kJGW/fn.png

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama163_03.03.2022.txt

http://185.244.149.152
http://66.70.218.62
http://79.141.171.33
64.231.210.71:2222
80.11.74.81:2222
80.14.188.219:2222
86.195.158.178:2222
92.99.229.158:2222
94.59.139.37:2222
118.189.242.45:2083
190.189.33.6:32101
209.210.95.228:32100
47.180.172.159:50010
58.105.167.35:50000
75.99.168.194:61201
76.169.147.192:32103
78.100.194.138:6883
83.110.218.94:32101
89.249.215.26:61202
92.177.45.46:2078
/8494228.dat

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama161_01.03.2022.txt

http://185.82.126.154
http://190.14.37.159
http://46.17.107.177
/44621.6449424769.dat
/44621.8128211806.dat

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama164_09.03.2022.txt

http://101.99.95.195
http://190.14.37.231
http://23.227.202.198
/3772809.dat
/7796124.dat

# Reference: https://twitter.com/pr0xylife/status/1502004854960664585

3639optical.ga
/41ypRER4/6.png
/eO9TWNAUzS/6.png
/j058gDRty3C7/6.png

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_11.03.2022.txt

5.95.58.211:2087
83.110.153.238:61200
83.110.218.135:32101
180.183.125.141:2222
183.88.63.73:2222
217.164.120.130:2222
69.159.200.138:2222
70.51.139.58:2222
85.1.164.37:2222
86.97.209.134:2222
89.211.187.132:2222
3635optical.ga
plokoto.cf
/IB61RO0Z6C/33.png
/JSHi41WBfv/33.png
/YFPzuOmr/33.png

# Reference: https://isc.sans.edu/diary/28448

http://101.99.95.190
http://146.70.81.64
http://190.14.37.12
/6537991.dat

# Reference: https://twitter.com/0xhido/status/1504096707759464449

autoplacasdilger.com.br
mustafaksoy.com
/ECg8m6oX27/gmkox.png
/S4ABFgxnWO/gmkox.png
/UMWPpecHvg/gmkox.png

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama167_15.03.2022.txt

201.172.31.135:2222
217.164.119.130:2222
50.192.106.153:2222
70.51.135.39:2222
78.100.227.241:2222
78.100.194.196:6883
83.110.154.202:61200
90.74.16.2:6881
http://146.70.79.77
http://185.106.120.100
http://185.82.126.140
/9338160.dat
/9403565.dat

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-14%20Qakbot%20(AA)%20IOCs

69.159.200.40:2222
69.159.200.82:2222
70.51.139.165:2222
70.51.139.248:2222
70.51.139.53:2222
71.13.93.237:2222
71.13.93.25:2222
71.13.93.3:2222
74.15.2.12:2222
74.15.2.160:2222
74.15.2.224:2222
76.69.155.49:2222
76.69.155.68:2222
76.69.155.7:2222
76.70.9.134:2222
76.70.9.221:2222
76.70.9.98:2222
80.11.74.178:2222
80.11.74.68:2222
80.11.74.96:2222
80.14.188.107:2222
80.14.188.169:2222
80.14.188.73:2222
80.14.188.8:2222
85.1.164.106:2222
85.1.164.138:2222
85.1.164.147:2222
85.1.164.184:2222
86.195.158.156:2222
86.195.158.181:2222
86.195.158.48:2222
86.198.170.111:2222
86.198.170.165:2222
86.198.170.1:2222
86.97.209.208:2222
86.97.209.241:2222
86.97.209.50:2222
89.211.187.114:2222
89.211.187.130:2222
89.211.187.56:2222
92.99.229.183:2222
92.99.229.19:2222
92.99.229.71:2222
96.21.251.19:2222
96.21.251.236:2222
96.21.251.39:2222
209.210.95.136:32100
209.210.95.38:32100
209.210.95.63:32100
47.180.172.135:50010
47.180.172.242:50010
47.180.172.79:50010
58.105.167.123:50000
58.105.167.156:50000
58.105.167.164:50000
58.105.167.180:50000
75.99.168.1:61201
75.99.168.11:61201
75.99.168.92:61201
76.169.147.131:32103
76.169.147.136:32103
78.100.194.12:6883
78.100.194.142:6883
78.100.194.200:6883
83.110.153.171:61200
83.110.153.41:61200
83.110.153.43:61200
83.110.218.110:32101
83.110.153.148:61200
83.110.218.160:32101
83.110.218.252:32101
90.74.16.202:6881
90.74.16.3:6881
92.177.45.11:2078
92.177.45.177:2078
/D2AGySOhfNEZ/ety.png
/M0m4x0HO1NQM/ety.png
/u5DqWRqHP/ety.png

# Reference: https://tria.ge/220317-t2h62scfa7

131.154.102.171:32100
5.81.177.71:2078
103.87.95.131:2222
31.215.116.39:2222
38.70.253.226:2222
74.15.2.252:2222
80.11.74.81:2222
92.99.229.158:2222
/5395601.dat

# Reference: https://twitter.com/JAMESWT_MHT/status/1507304731613487126

/7ZflR1ubibNT/Hnfho.png
/cyL5fzZgbH8/Hnfho.png
/L2Xe4PaSpwYi/Hnfho.png

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_28.03.2022.txt

179.100.109.11:32101
200.100.246.85:32101
202.134.152.2:2222
79.52.204.9:50001
81.132.186.248:2078
86.98.208.214:2222
90.120.65.153:2078
92.96.183.242:2222
e2ekijutol.tk
/8VUrJk0a/NchonhNh.png
/McvmGTWB48/NchonhNh.png
/tbTcC1DRWTmC/NchonhNh.png
/NchonhNh.png

# Reference: https://twitter.com/pmmkowalczyk/status/1509164029310341128
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_30.03.2022.txt

103.87.95.133:2222
180.183.128.80:2222
191.205.7.5:32101
201.211.64.196:2222
58.105.167.36:50000
70.51.134.168:2222
75.113.214.234:2222
78.101.91.50:2222
80.14.52.110:2222
82.84.66.211:2222
83.110.157.57:2222
87.17.45.67:50001
92.132.135.233:2222
94.59.56.162:2222
/gVrvSKJK/Gnp.png
/lSfw4WE7W07S/Gnp.png
/VgStWXMu3/Gnp.png

# Reference: https://twitter.com/fr0s7_/status/1509507027575394316
# Reference: https://pastebin.com/mWbKWgrM

142.118.77.41:2222
175.138.246.117:2222
217.164.117.187:2222
78.100.225.12:2222
95.247.42.198:50001
/0cpRIDGdkB/PomK.png
/2RZvX0fN33u/PomK.png
/jQti5hjVS/PomK.png

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-06%20Qakbot%20(obama174)%20IOCs

http://185.141.26.231
http://91.199.147.18
http://94.140.115.210
187.207.48.194:61202
191.17.223.93:32101
31.56.197.90:32103
144.136.35.102:2222
187.102.135.142:2222
31.215.185.114:2222
83.110.75.97:2222
86.220.98.71:2222
89.211.187.3:2222
92.154.9.41:2222
94.36.195.250:2222
webdesignme.xyz
/7790983516.dat

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama172_04.04.2022.txt

http://149.255.36.223
http://185.82.126.17
http://185.33.86.42
176.205.119.81:2078
187.207.7.231:61202
78.101.150.251:61202
140.0.161.213:2222
42.235.149.83:2222
78.100.227.177:2222
92.96.182.192:2222
/44651.6679619213.dat
/44651,6679619213.dat

# Reference: https://twitter.com/Max_Mal_/status/1512043876269400067

http://173.232.146.31

# Reference: https://twitter.com/malware_traffic/status/1516242488855564289

http://146.70.87.163
http://5.254.118.198
http://91.194.11.15
179.174.52.27:32101
/44666.6175321759.dat
/44666,6175321759.dat

# Reference: https://twitter.com/JAMESWT_MHT/status/1516302904231088129

/07jMiafn/Asnhfn.png
/DAZYS42a/Asnhfn.png
/uRl2nqDPMH/Asnhfn.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1516404783334277125

/088aFy0Xc8ap/NbVfNbhn.png
/HLpeQJZi/NbVfNbhn.png
/OHTvXEr9c/NbVfNbhn.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1519635413174005760

/JIXkz3NEYo/Fvnnff.png
/MIwL5j9E1yP/Fvnnff.png
/uZAriaGwYF/Fvnnff.png

# Reference: https://twitter.com/lazy_daemon/status/1531605300045828098

digitallyremastering.xyz
/hQfHMUFZg/FF.png

# Reference: https://twitter.com/JAMESWT_MHT/status/1531631741714288648

transportesromano.com

# Reference: https://isc.sans.edu/diary/rss/28728
# Reference: https://otx.alienvault.com/pulse/62a31cf4127145c9fb126ef6

http://104.36.229.139
http://185.234.247.119
http://85.239.55.228

# Reference: https://twitter.com/Max_Mal_/status/1536697935861362688

http://85.17.9.19

# Reference: https://twitter.com/pr0xylife/status/1536780369223110657

/8NMlHT/EWw.png

# Reference: https://twitter.com/pr0xylife/status/1536386977863442432

http://194.36.191.227

# Reference: https://twitter.com/Max_Mal_/status/1535252652161912832

altosieg.com
/10Mh/D2.png

# Reference: https://twitter.com/0xhido/status/1536989383886258176

http://185.198.59.103
http://193.29.104.123
http://66.70.218.63
http://91.199.147.26
http://91.234.254.106

# Reference: https://otx.alienvault.com/pulse/62bdd2563351c47da5562b26
# Reference: https://www.virustotal.com/gui/file/e85c3d74bd674383230c752ba6cdfbd49ce03e324c59ee72813211bfd8cd90d3/detection

elblogdeloscachanillas.com.mx/S3sY8RQ10/Ophn.png
lalualex.com/mJYvpo2xhx/Ophn.png
lizety.com
/ApUUBp1ccd/Ophn.png
/mJYvpo2xhx/Ophn.png
/S3sY8RQ10/Ophn.png

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-09-29-IOCs-for-Obama207-Qakbot-and-Cobalt-Strike.txt

186.90.144.235:2222

# Reference: https://www.virustotal.com/gui/file/0498778878d53eb969283fde2c9a570ac1cc199aef8dd5dd8c18a7608ed9dccf/detection

adboat.live
alexadrivingschool.online
uniross.site
/SVmGtFWUNWs/I.png
/TCA1oiqkA/I.png
/ViaawNBw/I.png
/SVmGtFWUNWs/
/TCA1oiqkA/
/ViaawNBw/

# Reference: https://tria.ge/220908-lzag5aecb2/

104.34.212.7:32103
121.7.223.38:2222
157.51.47.233:50001
188.136.218.20:61202
200.100.55.252:32101
200.161.62.126:32101
217.164.121.130:1194
217.164.237.54:2222
70.51.153.182:2222
72.252.157.93:990
78.101.202.75:50010
81.131.161.131:2078
86.213.191.206:2078
89.211.179.14:2222
99.232.140.205:2222

# Reference: https://twitter.com/cr4shtest/status/1542075025817313281
# Reference: https://twitter.com/TheDFIRReport/status/1587051781267374083
# Reference: https://twitter.com/Max_Mal_/status/1542053741259522049
# Reference: https://twitter.com/pr0xylife/status/1541847827218931714
# Reference: https://twitter.com/pr0xylife/status/1541814062211907587
# Reference: https://twitter.com/pr0xylife/status/1465252246975885315
# Reference: https://twitter.com/Max_Mal_/status/1463909174279090185
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB05_04.11.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB05_03.11.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB05_02.11.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama220_02.11.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB05_01.11.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB05_31.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama217_26.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama216_25.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB04_25.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama215_24.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB04_24.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB04_20.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama214_18.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB03_18.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama213_17.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB02_14.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_12.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_11.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_10.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_06.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama210_06.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama209_05.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_05.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_03.10.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_30.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama207_28.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_28.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_26.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_22.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_20.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_16.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama203_15.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_14.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_13.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_08.09.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_vip01_12.07.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_vip01_13.07.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama201_14.07.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama200_11.07.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama199_08.07.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama198_01.07.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama197_30.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama195_28.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_28.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_27.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_23.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_22.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_21.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama189_13.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_09.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama187_08.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama186_07.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_02.06.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_31.05.2022_new_lnk.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama185_26.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_25.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_23.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_19.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_16.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_13.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_12.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_11.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_10.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama182_05.05.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama180_26.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama179_21.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama177_20.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama176_18.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_14.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_13.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_12.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama175_12.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_07.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama174_06.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama172_04.04.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_biden56_31.03.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama173_31.03.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_30.03.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_AA_25.03.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama169_23.03.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama168_22.03.2022.txt
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-11-03%20Qakbot%20(BB05)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-31%20Qakbot%20(BB05)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-26%20Qakbot%20(BB04)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-24%20Qakbot%20(obama215)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-18%20Qakbot%20(obama214)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-14%20Qakbot%20(BB02)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-11%20Qakbot%20(obama212)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-10%20Qakbot%20(BB)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-03%20Qakbot%20(BB)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-09-12%20Qakbot%20(BB)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-14%20Qakbot%20(obama201)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-30%20Qakbot%20(obama197)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-29%20Qakbot%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-24%20Qakbot%20(obama193)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-22%20Qakbot%20(obama191)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-08%20Qakbot%20(obama187)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-07%20Qakbot%20(obama186)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-13%20Qakbot%20(obama183)%20IOCs
# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Quakbot/Quakbot-%2009072022
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-12%20Qakbot%20(AA)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-05%20Qakbot%20(obama182)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-29%20Qakbot%20(obama181)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-21%20Qakbot%20(obama179)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-18%20Qakbot%20(obama176)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-27%20Qakbot%20IOCs
# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-06-21-IOCs-for-AA-distribution-Qakbot-with-DarkVNC-and-Cobalt-Strike.txt
# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-12-07-IOCs-for-Qakbot-and-Matanbuchus-activity.txt
# Reference: https://tria.ge/reports/221027-l5mpmsbhak
# Reference: https://tria.ge/221026-zxgqbahah4
# Reference: https://tria.ge/221026-w9ngvagfar
# Reference: https://tria.ge/221018-qsd9ysgcan
# Reference: https://tria.ge/221017-rtlabsccck
# Reference: https://tria.ge/221014-1stpraefa6
# Reference: https://tria.ge/221013-1z6mwsfhf5
# Reference: https://tria.ge/220926-ps571abhhq
# Reference: https://tria.ge/220920-yqgajahhcl
# Reference: https://tria.ge/220915-13skfahhcp
# Reference: https://tria.ge/reports/220913-qg8dnabdhm
# Reference: https://tria.ge/220908-11w5vadaeq
# Reference: https://tria.ge/220712-tyx6ssaahj
# Reference: https://tria.ge/220627-3fnzvadhdq
# Reference: https://tria.ge/220411-q74hdsagc9

http://101.99.90.115
http://101.99.90.73
http://101.99.94.76
http://101.99.95.143
http://103.155.93.201
http://103.155.93.77
http://111.90.151.109
http://138.124.184.233
http://141.98.169.72
http://143.202.163.216
http://144.217.60.52
http://158.247.204.173
http://162.19.135.167
http://167.88.15.126
http://172.96.137.171
http://178.23.190.8
http://185.106.123.103
http://185.117.90.162
http://185.123.53.229
http://185.123.53.48
http://185.141.26.240
http://185.141.26.245
http://185.244.149.138
http://185.244.149.89
http://185.82.126.11
http://185.82.126.193
http://185.82.126.45
http://185.82.127.209
http://185.82.200.35
http://188.119.113.3
http://188.127.237.46
http://190.14.37.165
http://190.14.37.236
http://190.14.37.238
http://190.14.37.244
http://190.14.37.247
http://190.14.37.254
http://194.36.189.211
http://194.36.191.13
http://194.36.191.16
http://194.36.191.243
http://194.36.191.30
http://194.36.191.35
http://194.38.20.30
http://194.62.42.128
http://202.182.116.198
http://212.46.38.249
http://213.109.192.242
http://213.109.192.31
http://213.109.192.61
http://217.195.153.111
http://217.195.153.187
http://23.106.122.207
http://23.106.122.40
http://37.120.234.12
http://45.133.216.76
http://5.149.255.195
http://5.196.247.11
http://5.196.247.5
http://51.161.42.94
http://51.195.38.40
http://51.89.115.113
http://67.43.234.71
http://74.119.193.29
http://77.83.198.21
http://77.91.72.75
http://79.141.167.24
http://80.92.205.44
http://80.92.205.91
http://84.246.85.56
http://85.239.55.212
http://91.193.18.167
http://91.194.11.121
http://91.194.11.27
http://91.194.11.67
http://91.199.147.183
http://91.199.154.137
http://91.234.254.233
http://91.242.229.89
http://94.140.112.52
http://94.140.115.118
http://95.174.65.251
http://95.179.137.172
1.104.105.37:49572
1.156.197.160:30467
1.156.220.169:30723
1.161.100.47:995
1.161.101.20:995
1.161.104.149:995
1.161.104.31:995
1.161.116.40:995
1.161.118.53:995
1.161.121.58:995
1.161.123.180:995
1.161.123.53:995
1.161.124.241:995
1.161.126.64:995
1.161.66.82:995
1.161.67.235:995
1.161.70.129:995
1.161.71.109:995
1.161.72.70:995
1.161.75.18:995
1.161.76.70:995
1.161.79.116:995
1.161.80.99:995
1.161.81.21:995
1.181.56.171:771
1.57.114.95:2222
100.1.5.250:995
100.38.242.113:995
101.109.135.60:995
101.109.44.197:995
101.109.57.236:995
101.50.103.193:995
101.50.110.17:995
101.50.120.124:995
101.50.120.166:995
101.50.67.155:995
101.50.67.212:995
101.50.67.7:995
102.156.82.38:995
102.157.250.192:995
102.158.228.70:995
102.159.110.79:995
102.159.77.134:995
102.182.232.3:995
102.184.151.194:995
102.185.146.113:995
102.185.86.69:995
102.187.59.86:995
102.187.63.127:995
102.188.100.131:995
102.188.91.158:995
102.189.184.12:995
102.189.242.128:995
102.190.190.242:995
102.38.96.108:995
102.38.97.229:995
102.38.97.72:995
102.40.236.32:995
103.104.54.213:2222
103.108.180.52:2222
103.116.178.85:995
103.133.11.10:995
103.139.242.30:22
103.139.242.30:995
103.139.242.57:990
103.139.243.207:990
103.139.243.207:993
103.150.40.76:995
103.157.122.130:21
103.207.85.38:995
103.233.141.26:2222
103.73.101.14:995
103.82.211.39:990
103.82.211.39:993
103.82.211.39:995
103.91.182.114:2222
105.111.60.60:995
105.154.214.130:995
105.154.56.232:995
105.154.60.233:995
105.155.151.29:995
105.156.0.235:995
105.158.118.241:8443
105.159.49.123:995
105.184.13.131:995
105.184.133.198:995
105.184.195.104:995
105.184.56.118:995
105.186.127.127:995
105.197.192.21:995
105.197.208.168:995
105.198.236.99:995
105.208.24.120:59473
105.225.175.168:995
105.226.83.196:995
105.247.171.130:995
105.69.142.130:995
105.69.147.88:995
105.69.155.85:995
105.69.189.28:995
105.99.213.235:995
105.99.214.62:995
105.99.217.147:995
106.193.213.197:995
106.51.48.188:50001
108.56.213.219:995
109.128.221.164:995
109.133.67.116:995
109.151.171.116:2222
109.155.5.164:993
109.158.159.179:993
109.159.119.162:2222
109.177.77.83:50000
109.178.178.110:995
109.249.181.70:995
110.23.76.9:2222
111.125.245.116:995
111.125.245.118:995
111.91.87.187:995
112.141.184.246:995
112.199.148.55:995
113.11.89.165:995
113.11.89.170:995
113.110.253.185:995
113.110.253.82:995
113.53.59.10:995
113.8.18.249:2222
113.89.5.252:995
113.89.6.31:995
114.143.36.16:61202
114.38.161.124:995
115.34.223.65:24926
115.50.79.104:2222
115.70.203.2:995
115.96.64.9:995
116.253.204.85:2222
116.30.161.215:995
116.30.5.32:995
116.30.6.16:995
117.202.161.73:2222
117.95.81.95:2222
118.161.14.242:995
118.161.15.217:995
118.161.34.21:995
118.161.37.101:995
118.161.9.45:995
118.173.7.219:995
118.174.200.169:995
118.174.207.134:995
118.174.213.11:995
118.175.242.26:995
118.175.247.124:995
119.158.103.16:995
119.158.120.114:995
119.158.121.244:995
119.158.122.112:995
119.158.126.69:995
119.158.97.217:995
120.150.218.241:995
121.236.113.177:14197
121.7.223.250:2222
121.7.223.45:2222
121.7.223.59:2222
121.74.167.191:995
121.74.178.16:995
121.74.182.236:995
122.118.129.227:995
122.118.131.132:995
122.118.146.205:995
122.118.154.106:995
122.125.236.31:0
122.60.71.201:995
123.201.44.86:6881
123.3.240.16:995
124.109.35.171:995
124.109.35.32:995
124.40.244.115:2222
124.40.244.118:2222
124.58.65.86:13247
125.168.47.127:2222
125.25.73.17:995
125.25.77.249:995
125.25.77.80:995
125.26.193.137:995
125.26.54.57:995
125.43.87.167:2222
128.234.26.174:995
129.208.0.52:995
129.208.147.188:995
129.208.151.177:995
129.208.158.180:995
129.208.5.147:995
129.208.61.75:995
129.35.116.77:990
130.255.238.245:61202
131.100.40.13:995
136.232.184.134:995
136.66.66.194:40287
139.195.132.210:2222
139.195.43.166:2222
139.195.63.45:2222
139.228.33.176:2222
139.242.121.12:23370
139.84.167.18:995
140.0.79.30:2222
140.82.63.183:995
141.237.86.114:995
141.237.95.186:995
142.115.159.36:2222
142.115.84.88:2222
142.118.239.135:2222
142.161.120.116:2222
142.181.183.42:2222
142.184.161.168:2222
142.186.49.224:2222
143.0.219.6:995
144.202.15.58:995
144.202.2.175:995
144.202.3.39:995
146.70.9.13:2222
148.213.109.165:995
148.64.96.100:993
149.254.111.67:39052
149.28.238.199:995
149.28.38.16:995
149.28.63.197:995
151.213.183.141:995
151.231.60.200:2083
151.234.63.48:990
151.234.97.239:990
151.234.99.49:990
154.181.136.133:995
154.181.199.80:995
154.181.203.230:995
154.183.135.35:995
154.237.235.43:995
154.237.49.4:995
154.237.60.254:995
154.238.151.197:995
154.247.15.173:2078
154.247.15.173:32103
154.247.15.173:990
154.247.15.173:993
154.247.15.173:995
154.247.31.51:32103
154.247.31.51:993
154.247.31.51:995
155.28.49.2:51545
156.146.55.173:2222
156.197.160.119:995
156.197.230.148:995
156.205.3.210:993
156.213.107.29:995
156.216.134.70:995
156.216.39.119:995
156.217.140.150:995
156.217.185.90:995
156.217.60.239:995
156.218.169.48:995
156.219.10.43:995
156.219.49.22:995
156.220.14.160:993
156.220.169.120:993
156.220.185.41:993
156.220.4.75:993
156.221.50.226:995
157.231.42.190:995
159.146.13.168:995
159.146.13.189:995
159.196.166.193:58136
16.95.145.59:42025
160.152.135.188:2222
160.176.151.70:995
160.176.187.142:995
160.176.249.11:995
160.177.168.51:995
160.177.207.113:8443
160.177.47.116:6881
160.179.220.87:995
160.179.32.101:995
166.33.149.229:19515
167.56.53.143:995
167.58.124.198:995
167.58.86.35:995
167.60.82.242:995
168.13.24.67:37382
169.159.95.135:2222
17.219.125.20:59669
171.248.157.128:995
172.102.164.60:43562
172.112.37.112:2222
172.114.160.81:995
172.117.139.142:995
172.219.147.156:3389
172.249.99.143:2087
173.189.167.21:995
173.71.147.134:995
174.124.34.188:14831
174.80.15.101:2083
174.95.174.163:2222
176.205.194.245:2078
176.205.194.245:2222
176.205.209.183:2222
176.205.21.139:1194
176.205.21.139:2222
176.205.23.138:2222
176.205.23.170:1194
176.205.23.170:2222
176.205.23.48:2222
176.42.245.2:995
176.45.216.134:995
176.45.218.138:995
176.45.232.204:995
176.45.233.14:995
176.88.238.122:995
176.90.193.145:2222
177.102.2.175:32101
177.102.84.28:32101
177.103.94.155:32101
177.134.208.155:993
177.134.208.155:995
177.139.44.173:32101
177.17.210.208:2222
177.189.180.214:32101
177.205.74.14:2222
177.209.202.242:2222
177.255.14.99:995
177.27.225.16:32101
177.45.18.42:32101
177.45.64.254:32101
177.45.78.52:993
177.62.254.60:32101
177.76.251.27:995
177.94.57.126:32101
177.94.65.26:32101
178.143.168.245:48707
178.192.56.13:2222
178.197.228.37:2222
179.100.109.130:32101
179.100.20.32:32101
179.105.126.196:995
179.105.182.216:995
179.111.111.88:32101
179.111.23.186:32101
179.111.8.52:32101
179.113.97.4:32101
179.145.13.69:32101
179.158.64.147:2222
179.179.162.9:993
179.223.89.154:995
179.225.221.169:32101
179.24.245.193:995
179.25.144.177:995
179.25.153.200:995
179.251.119.206:995
179.60.29.80:995
179.99.49.37:32101
180.127.90.0:2222
180.129.102.214:995
180.129.108.214:995
180.129.18.199:995
180.129.20.164:995
180.129.26.139:995
180.129.97.57:995
180.179.25.125:42514
180.180.213.94:995
180.183.102.114:2222
180.183.134.56:2222
180.183.97.165:2222
180.233.150.134:995
181.222.130.143:993
181.56.171.3:995
182.121.68.188:2222
182.182.197.34:995
182.182.206.5:995
182.182.228.80:995
182.182.255.93:995
182.183.211.163:995
182.185.29.69:995
182.191.92.203:995
182.253.189.74:2222
183.88.61.229:2222
184.162.156.115:2222
184.74.22.12:50436
184.82.110.50:995
185.233.79.238:995
185.253.160.134:2222
186.154.189.162:995
186.155.62.161:995
186.177.93.18:2222
186.213.214.13:2222
186.48.174.77:995
186.48.206.63:995
186.50.137.148:995
186.50.139.45:995
186.50.245.74:995
186.52.96.202:995
186.53.115.151:995
186.54.172.237:995
186.72.236.88:995
186.90.13.85:2222
186.90.153.162:2222
186.93.143.86:2222
187.0.1.109:34115
187.0.1.151:54711
187.0.1.160:45243
187.0.1.186:39742
187.0.1.197:7017
187.0.1.207:52344
187.0.1.24:17751
187.0.1.59:24056
187.0.1.74:23795
187.0.1.97:30597
187.1.1.190:4844
187.101.200.186:995
187.102.135.141:2222
187.114.156.142:993
187.116.126.216:32101
187.135.153.221:2222
187.143.114.3:2222
187.143.131.190:2222
187.143.143.58:2222
187.16.64.193:2222
187.16.64.194:2222
187.189.168.121:22
187.199.171.252:32103
187.207.131.50:61202
187.207.47.198:61202
187.213.18.52:22
187.213.21.78:22
187.251.132.144:22
187.251.132.155:22
187.37.47.42:995
187.56.91.215:995
187.58.79.229:993
187.75.66.160:995
188.136.218.225:61202
188.161.200.40:995
188.211.181.237:61202
188.236.139.240:3389
188.50.2.220:995
188.50.241.63:995
188.50.49.149:995
188.55.215.137:995
188.55.248.211:995
188.55.249.231:995
189.110.3.60:2222
189.129.38.158:2222
189.148.124.243:2222
189.159.2.152:2222
189.174.46.65:995
189.178.217.247:22
189.178.44.144:22
189.19.189.222:32101
189.203.103.109:22
189.203.103.147:22
189.224.99.142:995
189.252.201.83:32101
189.78.107.163:32101
189.79.27.174:995
19.168.189.106:26139
190.100.149.122:995
190.199.109.80:2222
190.199.161.250:993
190.199.186.117:2222
190.199.97.108:993
190.199.99.171:993
190.200.10.82:2222
190.203.106.109:2222
190.203.116.63:2222
190.203.51.133:2222
190.204.101.210:2222
190.204.112.207:2222
190.204.74.4:2222
190.204.83.110:2222
190.205.229.67:2222
190.206.68.150:2222
190.206.95.220:2222
190.207.121.156:2222
190.207.137.189:2222
190.207.196.66:2222
190.24.45.24:995
190.24.54.187:995
190.26.159.133:995
190.27.103.174:995
190.27.77.14:995
190.36.189.154:2222
190.36.189.34:993
190.36.232.221:2222
190.36.233.41:2222
190.37.112.223:2222
190.37.174.11:2222
190.39.23.63:2222
190.44.40.48:995
190.59.247.136:995
190.74.239.37:2222
190.75.151.66:2222
190.75.37.178:2222
190.75.67.21:993
190.78.69.192:993
190.78.83.246:993
190.78.89.157:993
190.79.133.56:2222
191.165.254.63:2222
191.17.223.222:32101
191.254.53.134:995
191.254.74.89:32101
191.33.187.192:2222
191.84.204.214:995
191.96.67.93:995
191.97.234.238:995
193.27.13.28:32100
194.166.205.204:995
194.166.207.160:995
195.244.180.161:995
195.44.25.26:29277
196.206.133.114:995
196.207.140.40:995
196.64.230.149:8443
196.65.103.80:995
196.65.123.130:995
196.65.217.253:995
196.65.230.248:995
196.65.255.151:995
196.70.77.11:995
196.89.213.40:995
196.92.172.24:8443
197.1.227.26:995
197.1.252.96:995
197.120.66.183:995
197.145.137.210:995
197.161.135.169:993
197.161.137.196:993
197.161.137.67:993
197.161.46.181:993
197.161.54.85:993
197.162.109.164:995
197.162.117.38:995
197.162.118.178:993
197.164.163.81:993
197.164.175.205:995
197.164.182.46:993
197.165.163.159:995
197.167.27.20:993
197.167.5.180:993
197.167.61.123:993
197.167.62.14:993
197.167.63.31:993
197.2.193.4:995
197.27.105.165:995
197.27.75.232:995
197.37.7.47:995
197.41.235.69:995
197.49.45.244:995
197.49.68.15:995
197.53.0.166:995
197.63.250.197:993
198.2.51.242:993
2.152.181.194:995
2.178.120.112:61202
2.178.166.220:61202
2.182.104.151:990
2.185.201.50:990
2.185.206.148:990
2.237.74.121:2222
2.50.17.128:2222
2.89.78.130:993
200.100.126.210:32101
200.109.204.20:2222
200.109.56.159:2222
200.148.9.225:32101
200.155.61.245:995
200.233.108.153:993
200.233.108.153:995
200.44.222.59:2222
200.93.11.28:2222
201.1.202.82:32101
201.128.252.151:58865
201.13.50.41:32101
201.172.20.105:2222
201.172.20.167:2222
201.172.23.68:2222
201.172.23.72:2222
201.176.6.24:995
201.205.130.251:995
201.208.45.23:2222
201.208.58.92:2222
201.210.119.28:993
201.210.121.173:2222
201.210.121.49:2222
201.210.121.95:993
201.210.162.138:2222
201.223.166.250:32100
201.223.169.238:32100
201.223.175.208:32100
201.242.175.29:2222
201.242.206.44:2222
201.245.250.192:995
201.249.100.208:995
201.42.3.27:32101
201.68.209.47:32101
201.68.60.118:995
202.170.206.61:995
206.1.199.156:2087
206.1.199.69:2087
206.1.208.223:2087
206.1.216.19:2087
206.1.222.56:2087
206.1.223.234:2087
206.1.225.5:2087
206.1.230.114:2087
206.1.233.162:2087
206.1.251.127:2087
206.1.254.89:2087
206.217.0.154:995
209.197.176.40:995
210.195.18.76:2222
210.246.4.69:995
211.47.11.62:33850
211.76.239.250:34506
212.133.85.240:62503
212.204.93.86:48405
212.251.122.147:995
212.70.96.76:995
213.194.234.75:995
216.131.22.236:995
216.238.108.61:995
216.238.83.82:995
216.44.143.70:26851
217.118.46.41:2222
217.164.117.187:1194
217.164.117.199:1194
217.164.117.199:2222
217.164.117.22:1194
217.164.117.22:2222
217.164.117.87:1194
217.164.117.87:2222
217.164.118.117:1194
217.164.118.117:2222
217.164.118.252:2222
217.164.118.38:1194
217.164.118.38:2222
217.164.119.236:1194
217.164.119.236:2222
217.164.119.30:2222
217.164.119.69:1194
217.164.119.69:2222
217.164.120.195:1194
217.164.120.195:2222
217.164.121.161:1194
217.164.121.161:2222
217.164.121.25:2222
217.164.76.203:2078
217.165.109.10:993
217.165.109.187:993
217.165.109.52:993
217.165.109.72:993
217.165.146.136:993
217.165.146.158:993
217.165.146.223:993
217.165.146.249:993
217.165.146.41:993
217.165.147.77:993
217.165.147.83:993
217.165.157.202:995
217.165.176.49:2222
217.165.21.84:995
217.165.68.122:993
217.165.68.125:993
217.165.77.134:995
217.165.79.31:995
217.165.84.103:993
217.165.84.153:993
217.165.84.177:993
217.165.84.253:993
217.165.85.191:993
217.165.85.223:993
217.165.85.224:993
217.165.85.73:32101
217.165.97.141:993
217.165.97.237:993
217.165.97.52:993
218.101.110.3:995
218.253.234.82:2222
220.134.54.185:2222
220.255.25.187:2222
220.255.25.28:2222
220.68.130.196:7948
222.169.71.98:2222
223.237.237.100:2222
225.108.223.250:46683
227.26.3.227:1
23.86.160.130:53103
239.39.127.10:38876
24.152.219.253:995
24.158.23.166:995
24.231.209.2:2083
24.231.209.2:2222
24.231.209.2:6881
24.64.114.59:2222
24.64.114.59:3389
250.151.244.173:3488
27.109.19.90:2078
27.110.134.202:995
27.223.92.142:995
27.73.215.46:32102
31.215.102.193:2078
31.215.118.154:1194
31.215.118.154:2222
31.215.184.140:1194
31.215.184.140:2222
31.215.184.145:1194
31.215.184.145:2222
31.215.185.114:1194
31.215.185.136:1194
31.215.185.213:1194
31.215.185.213:2222
31.215.185.244:1194
31.215.185.244:2222
31.215.185.26:1194
31.215.185.26:2222
31.215.185.49:1194
31.215.185.49:2222
31.215.214.189:1194
31.215.214.189:2222
31.215.215.152:1194
31.215.215.152:2222
31.215.67.68:2222
31.219.154.176:32101
31.22.202.71:32101
31.48.166.122:2078
31.48.174.63:2078
31.51.7.55:2078
31.54.39.153:2078
31.56.252.29:32103
32.221.224.140:995
32.221.225.247:995
36.152.128.2:2222
36.152.128.7:2078
37.117.191.19:2222
37.186.54.166:995
37.186.54.254:995
37.186.54.96:995
37.186.58.115:995
37.186.58.99:995
37.208.128.172:6883
37.208.129.81:6883
37.208.131.49:50010
37.208.132.102:6883
37.208.132.76:50010
37.208.135.172:6883
37.208.138.247:6883
37.208.145.168:6883
37.208.155.29:6883
37.208.158.83:6883
37.210.148.30:995
37.210.149.61:2222
37.210.155.239:995
37.210.156.191:2222
37.210.156.247:2222
37.210.158.242:2222
37.210.160.58:2222
37.210.164.171:2222
37.210.169.150:2222
37.210.170.123:2222
37.210.238.79:61202
37.245.136.135:2222
37.245.56.205:2222
37.36.84.34:3389
37.37.206.87:995
37.37.80.2:3389
39.33.163.183:995
39.33.164.181:995
39.33.168.236:995
39.33.170.57:995
39.33.181.190:995
39.33.182.192:995
39.33.198.164:995
39.33.211.246:995
39.33.216.128:995
39.40.37.70:32100
39.41.10.170:995
39.41.101.74:995
39.41.114.133:995
39.41.116.234:995
39.41.142.101:995
39.41.148.211:995
39.41.155.156:995
39.41.158.185:995
39.41.16.210:995
39.41.17.134:995
39.41.173.204:995
39.41.177.36:995
39.41.18.76:995
39.41.194.118:995
39.41.194.45:995
39.41.196.34:995
39.41.2.45:995
39.41.217.75:995
39.41.225.204:995
39.41.23.220:995
39.41.247.72:995
39.41.249.181:995
39.41.250.39:995
39.41.252.110:995
39.41.29.200:995
39.41.59.177:995
39.41.59.211:995
39.41.82.68:995
39.41.89.221:995
39.41.90.210:995
39.44.106.187:995
39.44.116.107:995
39.44.120.20:995
39.44.127.250:995
39.44.144.159:995
39.44.144.64:995
39.44.146.220:995
39.44.151.234:995
39.44.151.33:995
39.44.158.215:995
39.44.164.54:995
39.44.178.7:995
39.44.206.162:995
39.44.213.68:995
39.44.215.70:995
39.44.223.101:995
39.44.23.250:995
39.44.235.10:995
39.44.30.209:995
39.44.34.119:995
39.44.46.206:995
39.44.5.102:995
39.44.5.104:995
39.44.60.200:995
39.44.62.55:995
39.44.66.76:995
39.44.86.21:995
39.49.101.104:995
39.49.106.26:995
39.49.107.255:995
39.49.111.194:995
39.49.112.64:995
39.49.115.85:995
39.49.121.174:995
39.49.123.123:995
39.49.17.215:995
39.49.23.148:995
39.49.23.236:995
39.49.3.84:995
39.49.31.161:995
39.49.35.170:995
39.49.39.239:995
39.49.4.147:995
39.49.41.221:995
39.49.42.164:995
39.49.44.239:995
39.49.46.114:995
39.49.48.167:995
39.49.48.82:995
39.49.56.93:995
39.49.6.42:995
39.49.64.108:995
39.49.67.4:995
39.49.69.112:995
39.49.69.116:995
39.49.7.132:995
39.49.71.247:995
39.49.71.64:995
39.49.81.128:995
39.49.82.115:995
39.49.82.253:995
39.49.84.44:995
39.49.85.29:995
39.49.9.134:995
39.49.94.35:995
39.49.96.122:995
39.52.105.156:995
39.52.114.18:995
39.52.114.251:995
39.52.115.81:995
39.52.119.141:995
39.52.12.84:993
39.52.12.84:995
39.52.121.43:995
39.52.13.230:995
39.52.15.220:995
39.52.2.90:995
39.52.221.9:995
39.52.224.154:995
39.52.28.146:995
39.52.31.233:995
39.52.34.138:995
39.52.38.164:995
39.52.40.18:995
39.52.41.80:995
39.52.44.132:995
39.52.48.91:995
39.52.54.195:993
39.52.55.99:995
39.52.59.14:995
39.52.59.184:995
39.52.59.221:995
39.52.61.174:993
39.52.66.201:995
39.52.67.40:995
39.52.7.77:995
39.52.72.51:995
39.52.74.226:995
39.52.74.55:995
39.52.75.201:995
39.52.77.102:995
39.52.77.241:995
39.52.78.146:995
39.52.78.252:995
39.52.80.230:995
39.52.93.195:995
39.52.94.22:995
39.53.124.57:995
39.53.139.2:995
39.53.139.94:995
39.53.156.127:995
39.53.160.99:995
39.53.165.129:995
39.57.111.109:995
39.57.112.37:995
39.57.119.44:995
39.57.12.26:995
39.57.23.116:995
39.57.23.5:995
39.57.40.50:995
39.57.56.11:995
39.57.56.19:995
39.57.60.246:995
39.57.76.82:995
40.134.246.185:995
40.134.247.125:995
41.104.28.115:995
41.107.112.236:995
41.107.78.223:995
41.109.170.156:995
41.109.199.129:995
41.109.228.108:995
41.111.1.60:995
41.111.121.4:995
41.111.126.13:995
41.111.72.234:995
41.129.82.125:995
41.130.124.40:993
41.130.140.32:993
41.140.98.37:995
41.141.216.137:995
41.141.239.223:995
41.143.109.111:61202
41.215.148.84:995
41.215.149.92:995
41.215.150.246:995
41.215.151.247:995
41.215.152.154:995
41.215.152.211:995
41.215.153.104:995
41.228.249.243:995
41.230.166.34:995
41.230.62.211:993
41.230.62.211:995
41.234.116.241:993
41.248.155.126:995
41.248.72.229:8443
41.249.123.100:995
41.251.15.7:990
41.36.159.36:993
41.38.167.179:995
41.40.146.5:995
41.43.205.42:995
41.44.11.227:995
41.62.204.250:995
41.68.209.102:995
41.69.103.179:995
41.69.107.192:995
41.69.118.117:995
41.69.236.243:995
41.8.154.58:7614
41.84.226.103:995
41.84.229.11:995
41.84.229.153:995
41.84.229.83:995
41.84.232.168:995
41.84.232.39:995
41.84.232.77:995
41.84.233.226:995
41.84.233.25:995
41.84.234.161:995
41.84.236.153:995
41.84.236.245:995
41.84.237.10:995
41.84.237.118:995
41.84.238.50:995
41.84.240.210:995
41.84.241.23:995
41.84.242.5:995
41.84.246.143:995
41.84.246.159:995
41.84.246.168:995
41.84.247.0:995
41.84.248.41:995
41.84.249.56:995
41.84.249.88:995
41.86.42.158:995
42.103.128.35:2222
42.103.132.91:2222
42.228.224.249:2222
42.235.146.7:2222
43.248.68.33:2222
43.252.72.97:2222
45.160.124.211:995
45.184.179.188:2222
45.227.251.167:2222
45.230.169.132:993
45.230.169.132:995
45.240.140.233:995
45.241.139.60:993
45.241.140.181:995
45.241.140.203:995
45.241.140.246:993
45.241.145.100:995
45.241.145.155:993
45.241.145.252:995
45.241.152.155:993
45.241.160.25:993
45.241.169.86:993
45.241.173.232:993
45.241.202.203:995
45.241.205.91:993
45.241.207.212:995
45.241.214.192:995
45.241.215.15:993
45.241.222.104:993
45.241.228.188:995
45.241.231.78:993
45.241.232.25:995
45.241.254.110:993
45.241.254.69:993
45.48.36.226:2087
45.51.148.111:993
45.63.1.12:995
45.63.10.144:995
45.76.167.26:995
45.77.159.252:995
46.100.25.239:61202
46.103.163.104:995
46.103.169.248:995
46.103.186.43:995
46.176.192.130:995
46.176.222.34:995
46.186.216.41:32100
46.190.93.247:50000
46.198.215.152:995
46.198.215.60:995
46.198.231.232:995
46.9.77.245:995
47.2.191.47:32393
47.205.209.7:2222
47.23.89.60:993
47.23.89.61:993
47.23.89.61:995
47.23.89.62:993
47.23.89.62:995
47.40.196.233:2222
49.128.172.7:2222
49.93.218.109:41033
5.193.104.246:2222
5.193.122.139:2222
5.193.138.70:2222
5.203.199.157:995
5.54.49.78:995
5.54.50.169:995
5.54.53.124:995
50.194.160.233:32100
50.194.160.233:995
50.237.134.22:995
50.33.112.74:995
50.6.212.181:17804
50.68.204.71:993
50.68.204.71:995
51.219.234.104:2222
57.33.10.57:17737
58.247.115.126:995
6.55.240.195:27003
60.15.135.203:2222
61.166.221.46:995
61.166.221.67:995
62.114.193.186:995
62.204.41.187:2078
62.204.41.187:2222
62.204.41.187:61201
62.204.41.187:990
62.204.41.187:995
62.36.24.8:2222
63.143.92.99:995
63.172.177.141:57252
64.55.103.194:9151
65.100.174.110:32103
65.100.174.110:6881
65.100.174.110:995
66.180.226.117:2222
66.180.227.170:2222
66.37.239.222:2078
66.37.239.222:995
67.10.175.47:2222
67.165.206.193:993
67.209.195.198:990
67.212.106.154:59890
68.103.242.126:995
68.151.196.147:995
68.53.110.74:995
7.122.114.191:33775
70.187.0.87:2078
70.49.33.200:2222
70.51.132.161:2222
70.51.132.197:2222
70.51.133.230:2222
70.51.135.90:2222
70.51.137.244:2222
70.51.137.64:2222
70.51.138.126:2222
70.51.138.133:2222
70.51.139.148:2222
70.51.152.186:2222
70.51.152.61:2222
70.51.153.189:2222
70.51.153.227:2222
70.51.153.90:2222
70.60.142.214:2222
70.81.121.237:2222
70.93.80.154:995
71.10.27.196:2222
72.12.115.71:22
72.12.115.78:22
72.12.115.90:22
72.252.157.172:990
72.252.157.172:995
72.252.157.93:993
72.252.157.93:995
72.252.201.34:993
72.252.201.34:995
72.252.201.69:995
72.27.84.16:995
72.66.116.235:995
72.66.96.129:995
72.80.249.39:995
73.252.27.208:995
74.14.5.179:2222
74.14.7.71:2222
74.59.46.149:2222
74.92.243.113:50000
74.92.243.113:995
75.116.87.44:14933
75.156.125.215:995
75.163.118.79:995
75.71.96.226:995
75.99.125.238:2222
76.169.76.44:2222
76.23.237.163:995
76.68.34.167:2222
78.100.192.210:6883
78.100.197.230:6883
78.100.206.189:6883
78.100.210.132:6883
78.100.219.38:50010
78.100.225.202:2222
78.100.225.34:2222
78.100.228.93:995
78.100.234.143:2222
78.100.235.8:2222
78.100.254.17:2222
78.101.139.15:6883
78.101.193.241:6883
78.101.194.193:6883
78.101.84.56:2222
78.101.88.134:2222
78.101.91.101:2222
78.12.148.155:2222
78.168.87.170:2222
78.180.66.163:995
78.187.65.132:995
78.191.24.189:995
78.71.154.58:2222
78.71.167.243:2222
78.87.196.125:995
78.87.206.213:995
79.129.121.68:995
79.130.115.197:2222
79.167.192.206:995
79.167.206.144:995
79.45.134.162:22
79.80.80.29:2222
8.81.30.103:64297
80.214.68.88:40730
81.129.112.49:2078
81.132.186.218:2078
81.158.239.251:2078
81.159.35.141:2222
81.241.252.59:2078
81.250.191.49:2222
81.56.22.251:995
81.60.216.223:995
81.60.217.218:995
81.60.218.17:995
83.11.89.137:2222
83.110.218.147:993
83.110.218.155:993
83.110.219.59:993
83.110.219.9:32101
83.110.75.225:2222
83.110.85.209:995
83.110.95.167:995
83.199.144.45:2222
83.79.122.192:2222
83.79.89.141:2222
84.17.43.161:2222
84.35.26.14:995
85.139.203.42:32101
85.59.61.52:2222
85.6.232.221:2222
85.60.147.26:2078
85.60.147.26:2222
85.61.165.153:2222
85.74.48.5:995
85.94.178.73:995
85.98.206.165:995
86.105.44.249:61202
86.129.13.178:2222
86.132.13.105:2078
86.132.13.49:2078
86.132.13.91:2078
86.132.14.70:2078
86.176.180.223:993
86.196.181.62:2222
86.200.151.188:2222
86.213.75.30:2078
86.217.167.235:2222
86.225.214.138:2222
86.97.209.138:2222
86.97.209.157:2222
86.97.246.166:1194
86.97.246.166:2222
86.97.246.216:1194
86.97.246.216:2222
86.97.247.101:2222
86.97.247.161:1194
86.97.247.161:2222
86.97.247.20:1194
86.97.247.20:2222
86.98.149.168:2222
86.98.150.187:995
86.98.151.244:2222
86.98.156.176:993
86.98.156.198:993
86.98.156.250:993
86.98.157.114:993
86.98.157.14:993
86.98.157.42:993
86.98.33.141:995
86.98.78.118:993
86.98.78.177:993
86.98.78.42:993
86.98.78.51:993
87.109.229.215:995
87.139.163.216:995
87.218.114.203:2222
87.220.229.164:2222
87.220.68.51:2222
87.243.113.104:995
88.122.208.197:32100
88.171.156.150:50000
88.231.221.198:995
88.233.194.154:2222
88.237.6.72:53
88.242.228.16:53
88.245.103.132:2222
88.245.168.200:2222
88.253.171.236:995
89.211.179.247:2222
89.211.181.64:2222
89.211.182.31:2222
89.211.185.1:2222
89.211.209.234:2222
89.211.217.38:995
89.211.218.88:2222
89.211.223.138:2222
90.104.22.28:2222
90.114.10.16:2222
90.120.209.197:2078
90.165.109.4:2222
90.29.227.242:1085
91.165.188.74:50000
91.169.12.198:32100
91.171.72.214:32100
91.177.173.10:995
91.178.126.51:995
91.73.77.234:995
91.75.85.128:1194
92.132.132.81:2222
92.132.172.197:2222
92.137.225.8:2222
92.154.9.41:50002
92.185.204.18:2078
92.24.200.226:995
92.26.102.243:995
92.96.182.192:1194
92.96.183.242:1194
92.96.187.206:2222
93.48.80.198:995
94.140.8.13:2222
94.140.8.249:2222
94.140.8.55:2222
94.200.181.154:995
94.26.122.9:995
94.36.191.129:2222
94.36.193.176:2222
94.36.195.102:2222
94.59.138.43:2222
94.59.138.62:1194
94.59.138.62:2222
94.59.15.180:2222
94.59.252.166:2222
94.59.56.162:1194
94.59.57.24:2222
94.60.141.48:995
94.62.161.77:995
94.71.169.156:995
94.71.169.212:995
94.99.110.157:995
95.159.33.115:995
96.234.66.76:995
96.246.158.154:995
96.37.113.36:993
96.45.66.216:61202
96.80.109.57:995
96.9.66.118:995
97.184.129.40:2118
97.92.4.205:8443
98.143.70.147:2222
jickhargaura.com
/07jMiafn/Asnhfn.png
/0BDRCN8DXn/n3.html
/10Mh/D2.png
/1rGwJ/sd.html
/26w65d4rS80/Vbfhnoom.png
/4REat6sBv0/1.png
/4XWLQ0Ttz/090322.gif
/5jajRnhLV0/Cvnhfn.png
/7FSBEwva7VvZ/y.png
/7mpBmsflb7fe/n1.html
/BuQQdjLrrO19/li.html
/DAZYS42a/Asnhfn.png
/FZayiWyMa/Cbvnh.png
/FbX5r/09.png
/HSDvRJ/13.html
/HdIJOEW4X0/Dnchnf.png
/JQWj78/Y.png
/LosZkUvr/B.png
/NfbpkuFXSS/NhfmN.png
/OYcMRJbL/ji.html
/Pheo/1309.html
/QUU/1209.html
/RL7bKiI/05.html
/SVmGtFWUNWs/I.png
/TBFQsJiVAv/Pmnhf.png
/TCA1oiqkA/I.png
/VgStWXMu3/Gnp.png
/ViaawNBw/I.png
/WUK4Q/q.png
/XGLCPZf6et/Cvnhfn.png
/XjLiTfgYn/090322.gif
/Yfk5ePLYERFM/Nvhnfhpm.png
/aYMst/A.png
/bHFj5k/206.png
/bMV2pzMI/090322.gif
/caaVmFUbkzV5/Vbfhnoom.png
/czAzb2BcXg/Cbvnh.png
/dFk5quE7t/Dnchnf.png
/eCPwo9Ae/Vbfhnoom.png
/fbmKk6n48G/ji.html
/fo8Lwyr0/Cbvnh.png
/fui6yOqX0Wyb/li.html
/gVrvSKJK/Gnp.png
/gZPZb6yK/n2.html
/gZugqifRD/NhfmN.png
/hjeBrBwMdY/Pmnhf.png
/i8wqDQ0uV/q.png
/iSx1Ch/0509.html
/ke6iyv8o0UfS/NhfmN.png
/lSfw4WE7W07S/Gnp.png
/nluGZ/082.html
/rmaS/Es.png
/ryrwQGN3wPpT/li.html
/s4Y/0.html
/soIBZcwNfoui/Nvhnfhpm.png
/uRl2nqDPMH/Asnhfn.png
/vNQEgKwUwti8/Pmnhf.png
/vWPPYeRiHKF/Nvhnfhpm.png
/vlaq7GFVbI/AQ.png
/w2X7dAxp/Cvnhfn.png
/wKQ/272.png
/wiw02luwJ/Dnchnf.png
/yVuL6RYk/EW.png
/zxywJAC24KJ/ji.html
/auo/lacepaat
/ei/rietestvitas
/et/mpoedteri
/iq/nonnits
/mfuu/emnilihni
/nm/upmaaettmvonmagl
/nroi/iieiasvtrtvtea
/nsni/imioetsranneencetctiux
/siai/cnbssmeieestvatutolaptui
/siua/relsugnltapuedeif
/td/loqttpeuavuodm
/uet/musraetietobqrpua
/umqs/poraiualrlti
/vnpu/qtnuuniaiicd
/teua/qastutei
/ln/trsdepteereinreh
/cnbssmeieestvatutolaptui
/emnilihni
/iieiasvtrtvtea
/imioetsranneencetctiux
/lacepaat
/loqttpeuavuodm
/mpoedteri
/musraetietobqrpua
/nonnits
/poraiualrlti
/qtnuuniaiicd
/qastutei
/trsdepteereinreh
/relsugnltapuedeif
/rietestvitas
/upmaaettmvonmagl
/Asnhfn.png
/Cbvnh.png
/Cvnhfn.png
/Dnchnf.png
/NhfmN.png
/Hnfho.png
/Nvhnfhpm.png
/Pmnhf.png
/Vbfhnoom.png

# Reference: https://isc.sans.edu/diary/28804

/butPeopleOur.dat

# Reference: https://tria.ge/220124-tvkrasfec4

101.50.120.112:995
103.139.242.30:993
111.119.252.178:995
114.143.84.25:61202
116.86.26.140:995
142.186.63.108:2222
217.164.76.107:2078
217.165.109.189:32101
217.165.21.244:995
27.5.4.194:2078
31.215.226.115:2222
36.234.184.238:995
37.210.172.200:2222
39.49.110.129:995
70.51.153.245:2222
71.163.110.53:995
75.139.7.190:2083
75.168.192.223:2222
78.101.147.76:61202
78.180.191.206:995
78.191.27.236:995
78.87.44.54:995
86.97.246.244:1194
86.97.246.244:2222
86.98.47.119:61200
89.114.156.182:995
90.8.56.248:2222
91.185.131.89:61202
92.98.33.251:995
94.59.253.222:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB05_14.11.2022.txt

105.103.27.80:2078
105.103.27.80:22
105.103.27.80:32103
105.103.27.80:990
109.11.175.42:2222
109.152.70.207:50000
188.4.196.132:995
2.84.98.228:2222
206.1.223.209:2087
213.67.255.57:2222
24.228.132.224:2222
24.49.232.96:995
24.64.114.59:2078
24.64.114.59:61202
27.99.45.237:2222
41.109.78.231:995
62.31.130.138:465
70.120.228.205:2083
78.253.154.211:50000
78.69.251.252:2222
81.159.252.167:2222
81.229.117.95:2222
82.121.237.106:2222
82.127.174.33:2222
83.11.84.105:2222
85.74.158.150:2222
86.129.13.128:2222
87.202.101.164:50000
87.220.205.14:2222
87.65.160.87:995
88.126.94.4:50000
89.129.109.27:2222
89.240.102.164:995
91.180.68.95:2222
92.106.70.62:2222
92.137.74.174:2222
92.207.132.174:2222
92.27.86.48:2222
93.24.192.142:20

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama221_14.11.2022.txt

105.103.33.225:32103
105.103.33.225:990
105.103.33.225:993
105.103.33.225:995
109.149.147.221:2222
109.218.233.44:2222
125.27.3.221:995
142.119.40.220:2222
142.161.27.232:2222
176.137.187.206:995
177.205.114.49:2222
178.147.24.70:995
2.98.146.106:995
200.44.208.217:2222
200.84.201.101:993
37.128.17.176:2222
46.177.99.230:995
60.48.250.151:2222
72.133.240.122:2083
79.166.120.168:995
79.169.119.144:2222
80.103.77.44:2222
80.13.179.151:2222
80.189.213.49:2222
80.233.87.78:995
86.167.26.227:2222
86.45.66.141:2222
90.78.85.59:2222
92.149.205.238:2222
92.189.214.236:2222
92.191.49.255:2222
95.94.33.189:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB05_15.11.2022.txt

102.157.73.215:995
137.186.193.226:3389
156.217.219.147:995
172.90.139.138:2222
190.78.64.132:993
193.92.233.183:995
200.93.14.206:2222
209.171.163.72:995
70.121.198.103:2078
70.50.3.214:2222
76.80.180.154:993
76.80.180.154:995
90.89.95.158:2222
94.70.37.145:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB06_16.11.2022.txt

105.103.50.1:2078
105.103.50.1:22
105.103.50.1:32103
105.105.232.103:995
121.122.99.151:995
177.205.92.100:2222
177.46.111.176:995
183.82.100.110:2222
186.28.85.119:995
187.199.224.16:32103
193.251.52.34:2222
197.148.17.17:2078
2.99.47.198:2222
37.14.229.220:2222
47.16.73.77:2222
66.191.69.18:995
70.51.153.72:2222
77.129.205.124:995
80.121.8.212:995
82.121.73.56:2222
86.165.15.180:2222
86.176.144.225:2222
86.195.32.149:2222
86.217.250.15:2222
90.162.45.154:2222
90.4.98.190:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB06_17.11.2022.txt

102.157.69.217:995
103.141.50.117:995
12.172.173.82:2087
12.172.173.82:21
12.172.173.82:22
12.172.173.82:465
12.172.173.82:993
12.172.173.82:995
154.247.95.119:2078
180.156.240.239:995
184.176.154.83:995
217.128.91.196:2222
23.240.47.58:995
69.119.123.159:2222
71.247.10.63:50003
71.247.10.63:995
83.114.60.6:2222
85.139.176.42:2222
86.130.9.167:2222
86.99.15.243:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama222_17.11.2022.txt

105.111.45.51:995
12.172.173.82:50001
154.247.94.160:32103
188.54.79.88:995
2.8.39.175:2222
41.228.223.122:995
41.35.196.18:995
70.115.104.126:995
76.184.95.190:993
81.156.198.115:2222
81.250.33.243:2222
83.79.150.24:2222
86.180.222.237:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB06_18.11.2022.txt

102.158.245.248:995
117.186.222.30:993
12.172.173.82:990
130.43.107.232:995
174.112.25.29:2078
174.112.25.29:2222
188.4.142.139:995
71.247.10.63:2083

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-11-18%20Qakbot%20(obama223)%20IOCs

64.228.191.212:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB07_21.11.2022.txt

102.47.130.52:995
105.103.41.128:2078
105.103.41.128:22
105.103.41.128:32103
105.103.41.128:465
105.103.41.128:990
190.75.150.58:2222
2.91.187.6:995
213.22.188.57:2222
83.110.90.214:995
83.31.254.67:2222
86.130.9.140:2222
86.176.144.202:2222
86.213.224.109:2222
86.98.15.100:995
92.11.189.236:2222

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-11-28-IOCs-for-BB08-Qakbot-with-Cobalt-Strike.txt

86.159.48.25:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB08_28.11.2022.txt

103.144.201.62:2078
105.109.140.201:32103
108.162.6.34:995
109.218.104.206:2222
121.122.99.223:995
122.178.197.139:995
130.43.99.103:995
190.207.253.41:2222
197.3.64.204:995
2.91.184.252:995
216.196.245.102:2083
216.196.245.102:2222
24.64.114.59:50010
75.99.125.235:2222
83.21.138.251:2222
85.52.73.34:2222
85.7.61.22:2222
86.98.182.30:2222
87.221.197.110:2222
90.116.219.167:2222
92.186.69.229:2222
92.98.228.28:2222

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-11-30%20Qakbot%20(obama224)%20IOCs
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama224_30.11.2022.txt

106.212.18.255:995
109.177.245.176:2222
156.217.158.177:995
176.133.4.230:995
188.54.99.243:995
197.2.209.208:995
216.196.245.102:2078
46.246.245.152:995
75.161.233.194:995
81.198.136.151:995
85.231.105.49:2222
92.98.72.220:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama225_02.12.2022.txt

109.159.119.169:2222
156.216.253.65:995
201.208.139.250:2222
41.34.106.203:993
41.62.220.86:995
70.51.136.94:2222
72.68.175.55:2222
78.100.230.10:995
90.119.197.132:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB09_05.12.2022.txt

102.46.139.82:993
105.103.56.28:2078
105.103.56.28:990
109.150.179.158:2222
188.48.123.229:995
190.206.70.80:2222
2.14.82.210:2222
201.210.107.223:993
31.167.254.199:995
38.166.242.12:2087
41.44.19.36:995
65.30.139.145:995
85.245.221.87:2078
86.96.75.237:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB09_06.12.2022.txt

200.109.14.93:2222
74.93.148.97:995
81.248.77.37:2222

# Reference: https://twitter.com/0xToxin/status/1601561676356419584
# Reference: https://tria.ge/221210-prj85sac51

150.107.231.59:2222
156.220.229.249:993
182.75.189.42:995
184.68.116.146:2078
184.68.116.146:2222
184.68.116.146:3389
184.68.116.146:61202
190.199.169.127:993
37.56.111.49:995
70.55.120.16:2222
83.213.201.104:993
86.130.9.250:2222
86.169.19.140:2222
86.176.83.127:2222
90.66.229.185:2222
92.154.17.149:2222
92.8.190.211:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB10_12.12.2022.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_azd_12.12.2022.txt

121.121.100.148:995
69.159.156.133:2222
72.80.7.6:995
74.83.128.70:2083
75.99.125.236:2222
78.101.91.215:2222
80.44.148.126:2222
86.99.14.46:2222
87.221.154.65:2222
92.145.203.167:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama227_13.12.2022.txt

100.36.249.75:995
102.40.202.189:995
103.141.50.151:995
147.148.234.231:2222
156.220.0.161:993
190.199.126.108:993
23.242.141.218:2222
31.53.29.245:2222
62.102.228.245:2222
87.221.215.41:2222
90.79.129.166:2222
91.178.75.146:2222
92.154.45.81:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB10_13.12.2022.txt

109.136.130.9:2222
109.159.118.162:2222
216.160.116.140:2222
41.231.232.134:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB10_14.12.2022.txt

184.68.116.146:50010
188.48.116.37:995
49.245.119.12:2222
60.234.194.12:2222
79.77.142.22:2222
94.71.209.47:2222

# Reference: https://tria.ge/221215-3ye5nadg58

175.139.130.191:2222
49.205.231.75:2222
75.99.125.234:2222
84.219.213.130:6881

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB10_15.12.2022.txt

181.118.206.65:995
87.149.127.43:995
91.231.172.236:995
96.246.158.46:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama230_19.12.2022.txt

109.219.126.249:2222
109.220.196.24:2222
12.172.173.82:32101
174.112.22.106:2078
187.199.184.14:32103
2.14.96.234:2222
202.187.239.67:995
31.53.29.141:2222
37.15.128.31:2222
72.80.7.6:50003
86.176.144.240:2222
86.183.251.169:2222
87.220.205.65:2222
90.27.44.76:2222
90.4.190.217:2222
90.48.151.17:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB11_19.12.2022

103.212.19.254:995
103.42.86.42:995
176.44.121.220:995
217.128.200.114:2222
76.170.252.153:995
78.100.238.92:995
83.110.95.209:995
86.196.35.232:2222
86.99.15.254:2222
90.78.138.217:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama231_20.12.2022.txt

109.159.119.186:2222
206.166.209.170:2222
86.195.14.72:2222
92.148.54.239:2222
94.30.98.134:32100
96.255.66.51:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama232_22.12.2022.txt

103.195.16.175:995
109.50.131.204:2222
175.139.207.179:2222
176.44.58.217:995
201.244.108.183:995
202.142.98.62:995
31.53.29.201:2222
41.228.201.138:995
41.237.141.34:993
86.222.191.162:2222
87.252.106.197:995
92.8.187.85:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB11_21.12.2022.txt

142.118.49.193:2222
149.74.159.67:2222
201.210.114.115:993
208.180.17.32:2222
38.166.221.92:2087
65.95.85.172:2222
67.253.226.137:995
70.51.136.204:2222
76.68.151.148:2222
86.176.246.195:2222
95.23.15.84:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB11_22.12.2022.txt

192.164.157.52:995
47.16.68.188:2222
47.61.51.44:2078
50.26.197.236:993
82.31.37.241:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB11_23.12.2022.txt

188.52.183.146:995
190.199.157.49:2222
190.78.77.15:993
2.14.140.222:2222
222.35.203.59:995
27.0.62.241:995
41.227.93.13:995
46.24.136.17:2078
84.219.213.130:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama233_23.12.2022.txt

130.43.25.249:995
156.217.79.168:995
70.51.134.110:2222
85.72.107.2:2222

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-12-27%20Qakbot%20(azd)%20IOCs

109.159.119.203:2222
121.121.100.88:995
188.48.85.14:995
201.210.79.16:2222
213.31.90.183:2222
41.228.225.131:995
85.85.34.201:993
86.160.217.36:50000
87.221.196.217:2222

# Reference: https://www.virustotal.com/gui/file/0301cd732181509ff95b939094f1c70fca0fa99a26ecf4ac865e25a25ef1dcf9/detection

http://111.90.148.10
http://111.90.148.104
http://190.14.37.173
http://51.89.115.111

# Reference: https://blog.eclecticiq.com/qakbot-malware-used-unpatched-vulnerability-to-bypass-windows-os-security-feature
# Reference: https://otx.alienvault.com/pulse/63c815a9e4a051d0f689a848

83.114.60.171:2222

# Reference: https://twitter.com/TrackerC2Bot/status/1605276306287087625
# Reference: https://www.virustotal.com/gui/file/bfee539a38f06cdd72cfd33e571ece9d5e7a76545333b115880cbd14dc045a16/detection

98.50.191.202:443

# Reference: https://twitter.com/TrackerC2Bot/status/1605631153108549651
# Reference: https://www.virustotal.com/gui/file/59c21d357e179042f57a8c45cb17c912c383b5b5907cdb69f67032de280bf861/detection

31.167.72.198:443

# Reference: https://twitter.com/TrackerC2Bot/status/1606355089345609748

173.76.49.61:443

# Reference: https://twitter.com/TrackerC2Bot/status/1613512613572349958
# Reference: https://www.virustotal.com/gui/file/4790886698ac26cbb4017c0b4ca8d8797e4104c7dd86e20684defd267f0f000a/detection

189.216.29.135:443

# Reference: https://twitter.com/pr0xylife/status/1625181615889563669

casualscollection.com
casualcollection.shop
casualcollection.store

# Reference: https://twitter.com/idclickthat/status/1623340976344559619
# Reference: https://www.virustotal.com/gui/ip-address/89.117.9.58/relations

download-oculus.com
oculus-download.com
oculusg.com
oculusj.com
oculuso.com
oculusq.com

# Reference: https://www.virustotal.com/gui/file/9f1db11fb3b0cf5eaf28ece66ed13ee78fcd264e6fd566e98c46714c8c4fd504/detection

/crtfc/kmK2kBNW.dll
/kmK2kBNW.dll

# Reference: https://twitter.com/James_inthe_box/status/1621536918529007616
# Reference: https://www.virustotal.com/gui/file/b84903b8761580c1b40fdf7b40af2bdd8847f0e3c4f578b71ab094df6ed4992b/detection

http://216.238.76.210

# Reference: https://twitter.com/TrackerC2Bot/status/1619778597098606593

99.247.60.103:465

# Reference: https://twitter.com/TrackerC2Bot/status/1620409518332022785

92.8.190.175:2222

# Reference: https://twitter.com/TrackerC2Bot/status/1620760841338470405

93.238.63.3:995
95.94.41.77:2222

# Reference: https://twitter.com/TrackerC2Bot/status/1623032491115221031

188.49.124.57:995
200.84.210.63:2222

# Reference: https://twitter.com/TrackerC2Bot/status/1623032538624102404

92.8.191.120:2222
93.190.140.122:32100

# Reference: https://twitter.com/TrackerC2Bot/status/1623394957191946240

15.181.199.242:2083
161.142.105.32:995
169.150.196.131:32100
188.116.62.165:995
2.88.198.90:995

# Reference: https://twitter.com/TrackerC2Bot/status/1623394958395822080

35.143.97.145:995
88.111.182.118:2222

# Reference: https://twitter.com/TrackerC2Bot/status/1623759112419913731

184.176.35.223:2222

# Reference: https://twitter.com/TrackerC2Bot/status/1624024032751370243

37.56.105.165:995

# Reference: https://twitter.com/TrackerC2Bot/status/1628471938615050240

108.190.203.42:995
109.149.147.146:2222
161.142.107.68:995
185.107.56.214:32100
188.49.125.169:995
190.75.95.164:2222
202.187.232.161:995
41.228.236.143:995
68.173.170.110:8443
71.212.147.224:2222
78.84.123.237:995
80.47.57.131:2222
86.130.9.146:2222
86.180.74.35:2222
89.32.159.192:995
92.17.122.33:2222
92.97.197.177:2222
95.242.101.251:995
97.93.192.2:2083
98.22.28.34:995

# Reference: https://twitter.com/embee_research/status/1623142315073351682
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-01-31%20Qakbot%20(obama234)%20IOCs
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-02-22%20Qakbot%20(BB16)%20IOCs
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB12_01.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB12_02.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB14_07.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB14_08.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB15_13.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB15_15.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB15_17.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB16_22.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_azd_14.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama234_31.01.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama236_03.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama239_09.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama240_15.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama241_22.02.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_tok01_15.02.2023.txt

http://103.214.71.45
http://104.236.1.43
http://128.254.207.55
http://135.148.144.191
http://139.99.117.17
http://139.99.247.43
http://144.202.127.44
http://147.182.206.33
http://149.28.202.165
http://154.7.253.191
http://165.22.160.25
http://174.139.150.45
http://185.231.204.245
http://193.57.138.12
http://198.44.140.78
http://213.169.148.78
http://216.120.201.100
http://45.155.37.124
http://45.8.191.141
http://45.86.231.23
http://49.50.84.121
http://5.43.221.117
http://51.222.199.226
http://64.225.8.202
http://77.75.230.128
http://77.83.199.118
http://77.83.199.12
http://79.141.175.208
http://87.236.146.124
http://91.235.234.97
103.111.70.115:995
103.12.133.134:2222
103.140.174.19:2222
103.141.50.102:995
103.144.201.53:2078
103.42.86.110:995
103.42.86.238:995
103.42.86.246:995
105.184.159.223:995
105.186.138.165:995
105.186.229.144:995
107.146.12.26:2222
108.2.111.66:995
109.149.147.177:2222
109.150.179.236:2222
109.159.118.60:2222
109.159.119.95:2222
109.49.52.108:2222
114.79.180.14:995
114.92.98.210:995
116.86.252.13:2222
119.155.227.81:995
121.121.100.207:995
130.43.172.217:2222
14.192.241.76:995
142.182.109.233:2222
143.159.167.231:2222
156.216.125.255:995
156.217.208.137:995
156.217.247.173:995
161.142.104.187:995
175.139.129.94:2222
180.158.187.35:995
190.199.188.186:2222
190.206.75.58:2222
190.75.132.158:2222
193.253.100.236:2222
193.92.232.75:995
2.13.73.146:2222
2.14.144.105:2222
2.50.137.46:995
200.109.207.186:2222
206.188.201.143:2222
209.142.97.83:995
216.228.41.244:2222
217.165.1.53:2222
217.165.186.116:2222
24.64.112.40:2078
24.64.112.40:2222
24.64.112.40:3389
24.64.112.40:50010
24.64.112.40:61202
31.166.48.125:995
31.53.29.145:2222
31.53.29.161:2222
37.111.194.36:2078
41.231.232.68:995
45.246.235.113:995
46.24.103.218:2078
46.27.231.50:2078
47.21.51.138:995
47.61.70.188:2078
49.245.82.178:2222
5.163.163.51:995
5.193.84.234:2222
50.60.157.175:995
66.35.126.223:2222
67.70.5.159:2222
69.159.158.183:2222
70.27.104.2:2222
70.51.133.160:2222
70.51.153.37:2222
72.203.216.98:2222
76.64.202.44:2222
76.64.202.88:2222
79.67.165.149:995
79.9.64.37:995
80.13.205.69:2222
81.157.202.71:995
81.157.227.223:2222
82.121.195.187:2222
82.127.204.82:2222
83.202.26.241:2222
85.74.149.3:2222
86.128.15.66:2222
86.130.9.182:2222
86.130.9.197:2222
86.130.9.232:2222
86.138.7.220:2222
86.151.21.134:2222
86.161.143.7:2222
86.176.144.213:2222
86.194.156.14:2222
86.196.12.21:2222
86.202.48.142:2222
86.207.227.152:2222
86.236.114.212:2222
86.250.12.217:2222
86.96.34.182:2222
86.96.72.139:2222
86.98.44.165:2222
86.99.54.39:2222
87.221.197.113:2222
88.126.112.14:50000
88.169.33.180:2222
89.32.157.195:995
89.32.158.118:995
90.23.19.86:2222
90.78.51.182:2222
91.170.115.68:32100
91.171.148.162:50000
91.231.173.199:995
92.11.194.53:995
92.136.182.108:2222
92.177.204.2:2222
92.57.227.146:2222
92.97.203.51:2222
94.59.56.206:2222
95.255.60.223:995
98.175.176.254:995

# Reference: https://github.com/pan-unit42/tweets/blob/master/2023-01-31-BB12-Qakbot-infection-IOCs.txt

aixjobsonline.net
rmbonlineshop.com

# Reference: https://twitter.com/TrackerC2Bot/status/1630279363945017345

161.142.102.110:995
188.49.116.2:995
212.69.141.168:995
80.47.61.240:2222
86.130.9.136:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB17_28.02.2023.txt

http://142.93.76.59
109.149.147.104:2222
118.250.180.74:995
119.155.246.94:995
167.56.52.254:995
86.190.223.11:2222
86.250.10.160:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB17_02.03.2023.txt

http://138.197.74.198
http://143.244.147.175
http://157.245.254.227
105.186.229.134:995
109.158.144.102:995
109.218.13.132:2222
142.118.23.130:2222
142.118.243.5:2222
184.174.138.70:2222
184.176.110.61:61202
187.199.238.208:32103
212.70.98.183:2222
31.53.29.205:2222
45.243.201.24:995
47.16.69.185:2222
49.37.96.184:2222
65.92.221.105:2222
66.35.125.42:2222
70.27.163.177:2222
78.192.109.105:2222
81.157.206.138:2222
86.152.112.216:2222
86.208.35.220:2222
87.221.197.34:2222

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-smuggling-the-hidden-threat-in-your-inbox/
# Reference: https://otx.alienvault.com/pulse/63e5060938acb74e57470d90
# Reference: https://www.virustotal.com/gui/file/3b33129fa1e5f921dee595e62430986891d5055a4036ae25e36212fc93190695/detection

huhuwarcanoefestival.com
purepowerinc.net

# Reference: https://minerva-labs.com/blog/beepin-out-of-the-sandbox-analyzing-a-new-extremely-evasive-malware/
# Reference: https://otx.alienvault.com/pulse/63ebf5b30b9daf087b543dc7
# Reference: https://www.virustotal.com/gui/file/67c61f649ec276eb57fcfe70dbd6e33b4c05440ee10356a3ef10fad9d0e224ef/detection

37.1.215.220:443

# Reference: https://isc.sans.edu/diary/rss/29592
# Reference: https://otx.alienvault.com/pulse/640130d681b7a59ce9aa50ee

meieou.info

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB18_06.03.2023.txt

http://134.209.216.163
http://142.93.250.152
http://146.190.116.245
http://161.35.58.146
http://162.243.186.39
102.46.73.102:995
105.186.229.25:995
109.149.148.242:2222
176.205.188.253:2222
180.158.186.175:995
202.187.239.34:995
217.165.230.100:2222
27.99.34.220:2222
31.167.215.175:995
37.186.55.152:2222
86.99.51.33:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB18_07.03.2023.txt

http://45.66.248.9
http://45.66.249.78
http://85.239.52.29
http://85.239.52.47
105.109.157.34:2078
105.109.157.34:990
105.109.157.34:993
187.199.103.21:32103
190.75.151.215:2222
200.109.20.215:2222
24.187.145.201:2222
41.228.236.70:995
47.16.77.136:2222
64.229.202.224:995
69.159.158.197:2222
70.24.104.146:2222
70.51.133.238:2222
70.55.187.152:2222
81.158.112.20:2222
92.98.139.2:2222
95.95.175.98:2222

# Reference: https://twitter.com/Hercux7/status/1633830775555764226

http://194.213.18.142

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB18_09.03.2023.txt

http://85.239.53.83
http://85.239.54.236
118.250.110.98:995
154.246.62.48:993
2.14.45.117:2222
202.187.95.12:995
212.70.107.156:2222
92.159.173.52:2222

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/a-noteworthy-threat-how-cybercriminals-are-abusing-onenote-part-1/
# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/a-noteworthy-threat-how-cybercriminals-are-abusing-onenote-part-2/
# Reference: https://otx.alienvault.com/pulse/6408e41498a0d60be89c252e

codezian.com
ezintern.com
notefudeal.com
oiartzunirratia.eus
ozcontests.com
shifa365.com
somosacce.org
thetwindollar.com
vielagroglobal.com

# Reference: https://twitter.com/pr0xylife/status/1634189944691257344

http://45.66.249.196
http://85.239.54.220

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB18_10.03.2023.txt

http://149.255.35.153
http://149.255.35.189
http://194.213.18.132
http://194.213.18.84
http://194.37.97.154
http://37.72.174.5
http://85.239.53.76
http://85.239.53.88
http://85.239.54.233

# Reference: https://www.secneurx.com/post/malware-starts-up-abusing-microsoft-s-onenote
# Reference: https://www.virustotal.com/gui/file/bf8c7c35cb5b8f47ad7fe7e89322960e105efa754360953ca854925a6b914092/detection

http://194.26.192.24

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB19_13.03.2023.txt

105.186.191.24:995
180.162.231.210:995
2.49.58.47:2222
200.84.195.17:2222
201.249.12.75:2222
202.187.87.178:995
212.70.98.141:2222
223.176.7.23:2222
31.166.152.157:995
39.55.251.26:995
47.61.70.76:2078
70.53.96.223:995
86.98.216.189:2222
90.55.105.42:2222
92.20.204.198:2222
94.200.183.66:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB19_14.03.2023.txt

105.186.229.59:995
174.21.72.135:2222
217.165.247.145:2222
220.77.183.218:6881
24.178.201.230:2222
5.192.141.187:2222
80.42.186.99:2222
84.216.198.124:6881
85.84.119.210:993
92.1.170.110:995

# Reference: https://twitter.com/TrackerC2Bot/status/1635705959682125824

186.48.181.17:995
190.75.139.66:2222
37.186.55.60:2222
86.130.9.213:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB19_15.03.2023.txt

109.145.96.251:2222
173.185.50.218:995
193.92.214.52:995
2.14.105.160:2222
23.251.92.171:2222
45.243.162.199:995
65.94.87.200:2222
65.95.49.237:2222
66.35.125.114:2222
76.71.137.91:2222
80.107.149.84:2222
86.178.33.20:2222
89.32.159.107:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama243_15.03.2023.txt

http://128.254.207.26
http://139.180.170.206
http://198.44.132.63
http://206.53.48.51
http://87.236.146.84
http://94.131.115.19
109.218.83.111:2222
174.93.5.232:2222
2.51.44.191:2222
41.227.92.194:995
47.16.77.194:2222
82.127.172.214:2222
87.220.204.179:2222
88.122.133.88:32100

# Reference: https://twitter.com/TrackerC2Bot/status/1636161760926261248

109.205.204.229:2222
173.47.125.178:995
174.54.24.110:995
187.213.136.249:995
187.227.87.235:995
189.140.45.48:995
189.222.242.165:995
193.248.154.174:2222
201.127.76.175:2222
201.152.69.198:995
206.183.190.53:993
37.210.133.63:995
39.45.175.245:995
41.215.148.115:995
47.153.115.154:465
47.153.115.154:993
47.187.49.3:2222
50.60.166.59:995
65.131.47.74:995
67.237.68.126:2222
67.40.253.209:995
68.224.121.148:993
68.46.142.48:995
73.51.245.231:995
77.145.0.57:2222
78.101.145.96:61201
79.115.171.106:2222
81.247.148.252:995
82.10.43.130:2222
82.76.238.65:2222
85.122.141.42:995
87.238.133.187:995
87.27.110.90:2222
87.65.204.240:995

# Reference: https://twitter.com/TrackerC2Bot/status/1637880887650951181

161.142.103.5:995
175.143.63.68:2222
190.199.184.114:2222
78.159.144.244:995
80.76.163.207:2222
91.2.135.211:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama244_20.03.2023.txt

http://109.49.47.10
http://185.205.187.235
http://192.99.207.65
http://216.238.106.231
http://85.239.54.184
http://87.236.146.102
http://94.131.12.37
175.156.65.126:2222
176.224.85.237:995
2.14.137.60:2222
41.228.211.91:995
49.245.95.124:2222
70.53.31.142:2222
80.12.88.148:2222
86.191.9.6:995
92.149.250.113:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB19_20.03.2023.txt

105.186.191.244:995
2.98.147.157:995
201.210.105.249:2222
31.53.29.195:2222
47.61.11.253:2078
81.133.163.79:2222
86.97.85.42:2222
87.221.197.44:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB20_20.03.2023.txt

109.146.46.4:50000
182.178.178.105:995
188.79.242.89:2222
197.207.61.243:2078
200.109.6.16:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB20_22.03.2023.txt

103.111.70.66:995
105.186.229.70:995
109.159.118.229:2222
2.14.137.211:2222
2.237.150.131:2222
2.50.16.41:995
217.165.246.19:2222
217.165.69.89:2222
223.167.12.241:995
37.186.55.238:2222
67.10.2.240:995
70.48.233.117:995
70.55.67.13:2222
75.90.114.237:995
86.209.22.193:2222
86.97.68.68:2222
90.55.106.37:2222

# Reference: https://twitter.com/0xToxin/status/1638599955517415431
# Reference: https://tria.ge/230322-v3x72aad27/behavioral2

http://139.180.209.206
http://151.80.5.50
http://185.231.204.114
http://195.20.17.142
http://203.96.177.121
http://87.236.146.162
/FIvB5lhB.dat

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB20_23.03.2023.txt

103.140.174.20:2222
112.222.83.147:6881
124.246.122.199:2222
174.21.64.35:2222
182.185.248.125:995
209.216.123.118:3389
212.70.98.161:2222
5.192.141.211:2222
99.252.190.205:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB21_30.03.2023.txt
# Reference: https://twitter.com/TrackerC2Bot/status/1641413202746523649

105.186.191.229:995
109.154.254.126:2222
109.218.220.228:2222
174.115.79.40:2222
187.199.156.176:32103
200.84.207.143:2222
209.93.207.224:2222
213.66.245.200:2222
24.236.90.196:2078
70.48.189.240:2222
74.92.243.115:50000
75.90.87.37:995
86.130.9.243:2222
86.154.216.221:2222
86.97.67.62:2222
88.164.20.177:21
90.93.132.149:2222
90.94.143.158:2222
91.160.70.68:32100
92.98.76.164:2222
93.150.183.229:2222
94.30.31.47:50000
95.60.243.24:995
96.87.28.170:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama247_31.03.2023.txt

http://104.225.129.114
http://141.94.86.90
http://199.247.30.203
http://216.146.25.129
http://85.239.41.205
http://94.131.117.111
109.159.119.176:2222
109.218.244.210:2222
142.126.173.85:2222
27.99.32.26:2222
41.228.56.8:995
45.243.143.141:995
47.16.74.194:2222
65.94.84.173:2222
66.35.127.94:2222
70.51.153.108:2222
84.155.13.118:995
86.143.119.184:995
92.136.51.189:2222
92.186.32.33:2222
92.97.45.55:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB22_04.04.2023.txt

109.150.179.215:2222
109.218.86.223:2222
139.226.47.229:995
176.171.4.107:2222
82.41.36.110:22

# Reference: https://twitter.com/Unit42_Intel/status/1643011286618259464

172.107.98.3:65400

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB22_05.04.2023.txt

105.225.50.146:995
109.159.118.65:2222
109.50.143.218:2222
190.78.69.250:2222
213.67.139.53:2222
71.31.232.65:995
82.122.128.149:2222
92.20.199.185:2222
92.9.45.20:2222
92.97.115.255:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama248_05.04.2023.txt

http://162.19.130.46
http://192.95.55.65
http://45.66.248.25
http://45.95.18.115
http://51.254.78.3
http://95.179.162.104
176.145.84.217:2222
201.210.85.178:2222
27.253.11.10:2222
76.178.148.107:2222
95.60.243.32:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB22_06.04.2023.txt

105.184.103.142:995
2.36.64.159:2078
36.152.128.5:6883
70.28.50.223:1194
70.28.50.223:2083
70.28.50.223:2087
70.28.50.223:32100
83.77.208.166:2222
86.176.87.35:2222
86.209.8.236:2222
86.97.66.70:2222
99.228.131.116:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama249_06.04.2023.txt

http://193.200.17.207
http://206.53.48.21
http://45.59.170.48
http://45.63.69.116
http://91.199.147.177
http://94.131.117.30
36.152.128.2:6883
69.123.4.221:2222
95.60.243.64:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB23_10.04.2023.txt

103.141.50.79:995
195.74.245.190:995
23.30.22.225:50003
70.28.50.223:2078
78.159.145.17:995
85.2.185.70:2222
90.104.151.37:2222
90.70.150.94:2222
92.97.227.224:2222

# Reference: https://twitter.com/malware_traffic/status/1644029208757149703

94.103.85.86:65400

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB23_11.04.2023.txt

200.90.67.216:2222
23.30.22.225:993
23.30.22.225:995
70.28.50.223:3389
86.130.9.222:2222
86.99.79.136:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama250_11.04.2023.txt

http://149.102.243.204
http://45.159.249.33
http://45.66.248.187
http://5.42.221.124
http://51.222.199.244
http://87.236.146.34
95.60.243.61:995

# Reference: https://twitter.com/James_inthe_box/status/1646200273017409536
# Reference: https://app.any.run/tasks/c3c2e0b5-a8c2-43b2-af6d-42ff776e2e0b/

http://154.47.17.180
http://70.34.218.85

# Reference: https://twitter.com/TrackerC2Bot/status/1646214033815502871

212.70.98.78:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB23_12.04.2023.txt

101.184.134.98:2222
105.184.209.37:995
109.159.118.107:2222
213.240.106.71:995
37.166.25.168:21
86.180.120.159:2222
90.4.110.221:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama251_12.04.2023.txt

http://147.135.248.250
http://74.119.193.49
http://79.141.174.253
http://87.236.146.93
109.218.12.137:2222
180.156.215.130:995
182.185.159.137:995
76.64.99.251:2222

# Reference: https://twitter.com/TrackerC2Bot/status/1646396256057450496

75.188.35.168:995

# Reference: https://twitter.com/TrackerC2Bot/status/1646396256057450496
# Reference: https://twitter.com/TrackerC2Bot/status/1646396253645811712

http://187.192.68.210
181.4.52.159:465
188.55.203.55:995
75.188.35.168:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama252_13.04.2023.txt

http://194.165.59.51
http://203.96.177.111
http://87.236.146.236
http://91.193.19.217
http://94.131.101.15
http://94.131.117.45
103.144.201.56:2078
124.149.143.189:2222
74.102.98.63:2222
78.159.147.45:995
86.176.144.145:2222
90.78.147.141:2222
95.60.243.84:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama253_18.04.2023.txt

http://216.238.80.217
http://45.125.67.156
105.184.209.7:995
109.146.76.176:2222
161.142.104.40:995
45.243.231.146:995
71.31.232.156:995
86.171.131.244:995
86.178.33.125:2222
86.99.49.64:2222
91.231.173.14:995
93.238.52.211:995
95.60.243.102:995

# Reference: https://twitter.com/TrackerC2Bot/status/1648388459730444300

187.199.234.229:32103
41.227.79.177:995
86.130.9.214:2222
91.35.212.133:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB24_19.04.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama254_19.04.2023.txt

http://103.20.235.243
http://5.252.23.94
http://51.83.193.0
http://77.91.100.135
http://85.239.53.73
105.186.216.2:995
109.153.252.176:2222
109.218.242.15:2222
118.249.191.32:995
187.199.85.154:32103
23.30.22.225:2083
41.228.47.155:995
68.14.195.55:995
71.30.208.174:995
85.85.160.57:993
87.221.196.82:2222
92.136.62.50:2222
95.60.243.119:995

# Reference: https://twitter.com/TrackerC2Bot/status/1648663672724570113

103.157.122.198:995
103.246.130.114:1194
103.246.130.122:20
103.246.130.2:20
103.246.130.35:21
122.11.220.212:2222
190.75.64.251:2222
217.17.56.163:2078
217.17.56.163:465
37.210.152.224:995
66.177.215.152:50010
69.30.190.105:995
75.163.81.130:995
78.145.153.73:995
82.18.173.253:2222
98.22.92.139:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama255_20.04.2023.txt

http://104.156.232.97
http://104.238.190.98
http://51.222.96.42
105.186.242.17:995
161.142.98.36:995
70.26.75.148:2222
75.90.41.108:995
86.176.80.98:2222
89.36.206.220:995
96.56.197.26:2078
96.56.197.26:2083

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB24_20.04.2023.txt

190.206.92.41:2222
45.246.235.177:995
5.194.64.194:2222
87.221.197.91:2222
95.60.243.16:995
96.56.197.26:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB25_24.04.2023.txt

105.186.229.208:995
187.199.153.185:32103
2.14.24.66:2222
85.240.173.251:2078
86.176.80.81:2222
86.96.72.175:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB25_25.04.2023.txt

105.184.103.214:995
109.149.148.20:2222
147.147.30.126:2222
151.213.66.34:995
200.90.68.166:2222
31.53.29.207:2222
86.130.9.135:2222
95.60.243.19:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama256_25.04.2023.txt

http://172.96.137.33
http://185.39.18.107
http://94.131.100.149

# Reference: https://twitter.com/TrackerC2Bot/status/1650834732995706880

85.214.93.93:8080

# Reference: https://twitter.com/TrackerC2Bot/status/1651287581596741632

109.50.147.18:2222
46.24.47.205:995
87.67.214.236:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama257_27.04.2023.txt

http://149.102.255.183
http://155.138.132.190
http://185.117.89.76
http://193.243.147.185
http://209.182.225.155
http://45.59.170.61
109.149.147.12:2222
175.139.205.73:2222
175.156.119.219:2222
2.50.16.10:995
24.69.137.232:2222
5.192.142.238:2222
65.94.85.74:2222
75.106.110.100:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama258_28.04.2023.txt

http://128.254.207.196
http://149.102.249.66
http://185.33.87.23
http://51.161.204.236
http://94.131.12.213
105.184.103.151:995
217.128.147.6:2222
24.236.90.197:2078
31.50.179.221:50000
31.53.29.232:2222
46.24.47.206:995
70.51.137.58:2222
71.104.102.13:2222
82.127.153.75:2222
86.130.9.180:2222
86.250.12.86:2222
92.136.62.153:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama259_02.05.2023.txt

http://104.36.229.105
http://185.205.187.238
http://45.89.55.145
http://66.135.3.99
http://85.239.52.150
http://94.131.119.113
105.184.209.10:995
109.218.108.3:2222
31.53.29.198:2222
46.24.47.243:995
62.35.230.21:995
64.40.4.89:995
86.130.9.128:2222
86.140.160.231:2222
87.220.204.177:2222
92.97.119.138:2222
/aMS8jtw13s6.dat

# Reference: https://twitter.com/TrackerC2Bot/status/1653402160321687553

100.12.173.247:995
108.58.9.238:995
116.202.36.62:21
189.159.144.227:995
203.213.104.25:995
66.222.88.126:995
71.213.29.14:995
72.132.249.144:995
72.204.242.138:990
72.204.242.138:993
72.204.242.138:995
81.245.66.237:995
86.124.215.242:21

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama260_03.05.2023.txt

http://104.238.172.90
http://185.117.88.214
http://207.246.114.83
http://45.155.37.150
http://45.8.191.173
http://98.142.254.175
105.184.209.139:995
109.159.119.82:2222
109.50.128.59:2222
193.253.53.157:2078
194.118.121.231:995
217.44.108.89:2222
217.55.0.153:995
67.10.9.125:995
71.78.95.86:995
99.230.89.236:2078
99.230.89.236:2083
/rentfree.dat

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB26_04.05.2023.txt

http://104.234.118.153
http://104.234.119.79
http://172.86.123.103
81.240.235.122:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama261_05.05.2023.txt

http://104.238.191.69
http://185.104.195.77
http://209.182.225.132
http://45.66.249.5
http://5.42.221.155
http://51.195.157.108
201.208.46.165:2222
70.51.136.238:2222
85.53.128.200:3389
94.59.122.53:2222
98.19.224.125:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB26_05.05.2023.txt

http://151.236.14.127
http://192.121.16.232
http://192.121.16.233
105.184.115.147:995
45.243.237.211:995
88.168.199.84:50000

# Reference: https://twitter.com/TrackerC2Bot/status/1654574131910680578

204.112.31.4:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB27_10.05.2023.txt

http://151.236.22.158
http://158.255.213.110
http://158.255.213.247
http://162.252.175.224
105.184.99.42:995
173.61.50.155:3389
178.167.139.197:995
2.49.63.193:2222
2.50.16.167:995
200.93.26.107:2222
201.208.135.167:2222
66.180.226.58:2222
66.35.125.74:2222
67.70.122.196:2222
81.224.201.143:2222
86.130.9.208:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama262_10.05.2023.txt

http://144.208.127.242
http://149.102.225.18
http://207.148.14.105
http://45.155.37.101
http://5.42.221.144
http://91.193.16.139
/a2nZbs476.dat

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB27_11.05.2023.txt

http://77.91.87.158
http://77.91.87.198
http://79.137.248.163
http://91.193.43.101
http://91.193.43.98
105.184.108.82:995
142.189.121.178:2222
186.52.239.187:995
212.70.98.236:2222
37.14.97.206:2222
47.16.75.99:2222
69.157.243.204:2222
69.158.56.94:2222
70.28.50.223:2222
70.54.65.197:2222
84.216.198.201:6881
86.222.100.184:2222
86.244.255.82:2222
86.99.48.130:2222

# Reference: https://twitter.com/Unit42_Intel/status/1657015363593203713

46.151.30.109:443

# Reference: https://twitter.com/1ZRR4H/status/1657506155801763840

aezaj.com
aiea.mobi
aiueuebdep.org
akpaiy.info
aotineabvut.biz
aouzguwmnu.com
apeiome.mobi
areomikc.info
arinu.biz
avbxl.us
awkec.org
axaitoqo.net
axajn.info
befjoliwxz.mobi
bkehavtkr.com
cfbivshk.com
clfqnok.com
deoltctat.us
dipbi.info
eaohoug.info
ecxibjyllat.org
elbi.info
epooohruieo.us
escmcz.us
etatd.info
evaq.org
ezmc.org
ezspcoa.com
fourtpoapx.biz
ghnxsrb.org
goreoti.info
hayvygpxclb.mobi
heivr.com
hetiaxuozbo.mobi
hoveohntx.biz
ientoztz.com
imifeikekt.biz
jameft.org
jegadaqeydn.us
jirtehtie.info
jkjea.info
jwzdhemzdot.biz
kblnfxjf.mobi
kxce.biz
ltwgirv.biz
maibeuguc.com
maoaretv.net
nekt.com
nltapwej.net
nozme.info
nsnvadcskwj.biz
ntax.mobi
obajfyeera.org
oeacote.org
oejciku.info
oeovb.info
oioj.org
opnika.org
oysgtfoeiej.biz
peitqtciwo.com
preg.biz
ptnrumh.org
pujalhdekd.com
rjnwxeutz.com
rouheure.org
seiauoalth.info
shoflmsoiws.info
syfeyrswn.us
tbnzi.biz
tdowvt.biz
tfhwyiakz.mobi
tjasdrn.mobi
tnodk.com
totieclge.org
toxupoi.biz
tqhiaey.net
trjyiouilhc.us
uaqoaoza.com
uewasoiewh.mobi
unpcnbyuois.info
vkbkayf.mobi
vtmyfu.info
wayabrigai.us
wemkiepw.net
wetpalyspo.org
xaigmbjimp.info
xtqtaqyi.net
yfgozyu.mobi
yjyenqafs.us
ylzen.org
yqadkcf.org
zoolret.mobi

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB28_15.05.2023.txt
# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB28_16.05.2023.txt

http://109.172.45.9
http://151.236.22.114
http://151.236.22.87
http://158.255.213.192
http://77.91.86.122
http://91.193.43.119
105.186.242.203:995
12.20.0.235:2222
142.181.206.222:2222
182.185.181.202:995
200.109.16.12:2222
201.208.136.202:2222
37.186.59.197:2222
51.14.29.227:2222
65.95.141.84:2078
65.95.141.84:2083
65.95.141.84:2222
70.50.83.139:2222
70.53.193.201:2222
82.7.145.109:22
86.128.15.167:2222
86.130.9.227:2222
86.178.33.63:2222
91.2.143.185:995
92.98.159.9:2222
98.19.234.243:995

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB28_Pikabot_17.05.2023.txt

http://149.154.158.91
http://158.255.213.181
http://162.252.172.54
129.153.135.83:2078
132.148.79.222:2222
45.154.24.57:2078
45.85.235.39:2078
94.199.173.6:2222

# Reference: https://github.com/pan-unit42/tweets/blob/master/2023-05-17-IOCs-for-Pikabot-with-Cobalt-Strike.txt

129.153.22.231:32999
129.213.54.49:2078
129.80.164.200:32999
144.172.126.136:2222
185.87.148.132:1194
193.122.200.171:2078

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB28_Pikabot_18.05.2023.txt

http://176.124.198.214
http://77.91.85.124
http://77.91.87.226
104.233.193.227:2078
192.213.54.49:2078
192.9.135.73:1194
123mkv.dev

# Reference: https://twitter.com/TrackerC2Bot/status/1660257492905984004

188.211.190.128:61202

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB29_Pikabot_23.05.2023.txt

http://151.236.14.179
http://192.121.17.68
http://192.121.17.92
38.54.33.239:2222

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB29_Pikabot_22.05.2023.txt

http://109.172.45.79
http://176.124.198.212
http://176.124.198.213

# Reference: https://twitter.com/yvesago/status/1669311556927082496
# Reference: https://www.virustotal.com/gui/file/cbf9387fc73a0bf270b8bde639723a15c377a3593c6142dbf41261db6430c04a/detection

http://151.236.14.139
http://151.236.28.181
http://192.121.16.225
cautions.kitchen
spotless.bingo

# Reference: https://www.virustotal.com/gui/file/04b46a5cf4add15d6d3bf71449ee547eac6d84c841daf418dbb47b00a4361af5/detection

http://190.14.37.245
http://193.203.202.55
http://194.67.214.216
/44300.5396033565.dat
/44300,5396033565.dat

# Reference: https://www.team-cymru.com/post/visualizing-qakbot-infrastructure
# Reference: https://otx.alienvault.com/pulse/64664ae7e409a29a7716fdfa

103.11.80.148:443
103.111.70.115:443
103.111.70.66:443
103.113.68.33:443
103.12.133.134:443
103.123.221.16:443
103.123.223.121:443
103.123.223.130:443
103.123.223.131:443
103.123.223.132:443
103.123.223.141:443
103.123.223.144:443
103.123.223.168:443
103.123.223.171:443
103.123.223.76:443
103.212.19.254:443
103.231.216.238:443
103.252.7.228:443
103.252.7.231:443
103.252.7.238:443
103.42.86.110:443
103.42.86.238:443
103.42.86.246:443
103.42.86.42:443
103.71.20.249:443
103.71.21.107:443
103.87.128.228:443
109.49.47.10:443
114.143.176.234:443
114.143.176.235:443
117.248.109.38:443
119.82.120.15:443
119.82.120.175:443
119.82.121.251:443
119.82.121.87:443
119.82.122.226:443
119.82.123.160:443
157.119.85.203:443
174.171.10.179:443
174.171.130.96:443
174.58.146.57:443
180.151.104.240:443
180.151.108.14:443
183.82.107.190:443
183.82.112.209:443
183.87.163.165:443
183.87.192.196:443
189.151.95.176:443
197.92.136.122:443
197.94.78.32:443
197.94.95.20:443
201.130.119.176:443
201.142.195.172:443
201.142.207.183:443
201.142.213.13:443
202.142.98.62:443
23.30.173.133:443
23.30.22.225:443
24.9.220.167:443
27.0.48.205:443
27.0.48.233:443
27.109.19.90:443
43.243.215.206:443
43.243.215.210:443
59.153.96.4:443
64.237.207.9:443
64.237.212.162:443
64.237.221.254:443
64.237.245.195:443
64.237.251.199:443
67.187.130.101:443
68.62.199.70:443
69.242.31.249:443
73.155.10.79:443
73.161.176.218:443
73.161.178.173:443
73.165.119.20:443
73.215.22.78:443
73.22.121.210:443
73.223.248.31:443
73.228.158.175:443
73.230.28.7:443
73.29.92.128:443
73.36.196.11:443
73.60.227.230:443
73.78.215.104:443
73.88.173.113:443
74.92.243.113:443
74.92.243.115:443
74.93.148.97:443
75.149.21.157:443
76.16.49.134:443
76.27.40.189:443
89.203.252.238:443
96.87.28.170:443
98.159.33.25:443
98.222.212.149:443
98.37.25.99:443
99.251.67.229:443
99.252.190.205:443
99.254.167.145:443
