Qakbot Analys
IOB - Indicator of Behavior (1000)
Aktiviteter
Intressera
Sårbarheter
IOC - Indicator of Compromise (12936)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (27)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (318)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
| ID | Klass | Indicator | Typ | Förtroende |
|---|---|---|---|---|
| 1 | File | .github/workflows/combine-prs.yml | predictive | Hög |
| 2 | File | /+CSCOE+/logon.html | predictive | Hög |
| 3 | File | /Admin/add-student.php | predictive | Hög |
| 4 | File | /admin/upload/upload | predictive | Hög |
| 5 | File | /bin/sh | predictive | Låg |
| 6 | File | /blogengine/api/posts | predictive | Hög |
| 7 | File | /cgi-bin/nobody/VerifyCode.cgi | predictive | Hög |
| 8 | File | /debug/pprof | predictive | Medium |
| 9 | File | /dev/block/mmcblk0rpmb | predictive | Hög |
| 10 | File | /etc/tomcat8/Catalina/attack | predictive | Hög |
| 11 | File | /forum/away.php | predictive | Hög |
| 12 | File | /fos/admin/ajax.php?action=login | predictive | Hög |
| 13 | File | /fos/admin/index.php?page=menu | predictive | Hög |
| 14 | File | /ims/login.php | predictive | Hög |
| 15 | File | /login/index.php | predictive | Hög |
| 16 | File | /oauth/logout?redirect=url | predictive | Hög |
| 17 | File | /obs/book.php | predictive | Hög |
| 18 | File | /opt/Citrix/ICAClient/util/ctxwebhelper | predictive | Hög |
| 19 | File | /out.php | predictive | Medium |
| 20 | File | /pms/update_user.php?user_id=1 | predictive | Hög |
| 21 | File | /products/view_product.php | predictive | Hög |
| 22 | File | /reports/rwservlet | predictive | Hög |
| 23 | File | /shell | predictive | Låg |
| 24 | File | /spip.php | predictive | Medium |
| 25 | File | /subtitles.php | predictive | Hög |
| 26 | File | /tmp/net-$DEVICE.conf | predictive | Hög |
| 27 | File | /uncpath/ | predictive | Medium |
| 28 | File | /user/upload/upload | predictive | Hög |
| 29 | File | /usr/bin/tddp | predictive | Hög |
| 30 | File | /vendor | predictive | Låg |
| 31 | File | /vendor/htmlawed/htmlawed/htmLawedTest.php | predictive | Hög |
| 32 | File | /views/directive/sys/SysConfigDataDirective.java | predictive | Hög |
| 33 | File | /wp-admin/admin-ajax.php | predictive | Hög |
| 34 | File | /wp-json/wc/v3/webhooks | predictive | Hög |
| 35 | File | 01article.php | predictive | Hög |
| 36 | File | accountrecoveryendpoint/recoverpassword.do | predictive | Hög |
| 37 | File | xxxxxxx.xxx | predictive | Medium |
| 38 | File | xxx_xxxxxxxxxx.xxx | predictive | Hög |
| 39 | File | xxxxx.xxxxxxxxx.xxx | predictive | Hög |
| 40 | File | xxxxx/xxxx_xxxxx_xxxx.xxx | predictive | Hög |
| 41 | File | xxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxx | predictive | Hög |
| 42 | File | xxxxx/xxxxx.xxx | predictive | Hög |
| 43 | File | xxxxx/xxxx_xxxxxxxx.xxx | predictive | Hög |
| 44 | File | xxxxx/xxxxxx_xxxx.xxx | predictive | Hög |
| 45 | File | xxxxx/xxxx-xxxxx.xxx | predictive | Hög |
| 46 | File | xxxxx/xxxxxx/xxxxx/xxxxx.xxxxx.xxxx.xxx | predictive | Hög |
| 47 | File | xxxxx/xxxxxx/xxxxxxxx/xxxxx.xxxxxxxx.xxx | predictive | Hög |
| 48 | File | xxxxx/xxxxxxxx.xxx | predictive | Hög |
| 49 | File | xxxxx/xxxxx-xxxx.xxx | predictive | Hög |
| 50 | File | xxxxxxxxxxx | predictive | Medium |
| 51 | File | xxxxx/xxxxxxxx/xxxxxxxxx/xxxx.xxxx | predictive | Hög |
| 52 | File | xxxxxxxx.xxx | predictive | Medium |
| 53 | File | xxxxxxxx.xxx.xx | predictive | Hög |
| 54 | File | xxx/xxxxxxxxxxx/xxxxx_xxxxxxxxxx.xx | predictive | Hög |
| 55 | File | xxx/xxxxxxxxxxx/xxxxxxxx_xxxxx_xxxxxxxxxx.xx | predictive | Hög |
| 56 | File | xxx/xxxxxxxxxx/xxxxxx/xxxxxxxxxx/xxxxxx_xxxxxxxx_xxx_xxxxx_xxxxxxxxx.xx | predictive | Hög |
| 57 | File | xxxxxxxxx.xxx | predictive | Hög |
| 58 | File | xxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxx.xxx | predictive | Hög |
| 59 | File | xxx\xxxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxx | predictive | Hög |
| 60 | File | xxxx-xxxxxx.x | predictive | Hög |
| 61 | File | xxxx.xxx.xxx | predictive | Medium |
| 62 | File | xxxxx-xxx.x | predictive | Medium |
| 63 | File | xxxxx/xxxx_xxx.x | predictive | Hög |
| 64 | File | xxxxx-xxxx/xxxxxx.x | predictive | Hög |
| 65 | File | xxx-xxxxxxx-xxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxxxxx/xxxx/xxxxxxxxxx.xxxx | predictive | Hög |
| 66 | File | xxxxxxx.xx | predictive | Medium |
| 67 | File | xxxxxxxxxx.xxxx | predictive | Hög |
| 68 | File | xxxxxx_xxxx.xxx | predictive | Hög |
| 69 | File | xxxxx_xxxxxxxx.xxx | predictive | Hög |
| 70 | File | xxxxxxxxxx/xxxxxxxxxx.xxx/xxxxxxx/xxx/xxxxxxxxxxxxxxxx.xx | predictive | Hög |
| 71 | File | xxxxx.xxx | predictive | Medium |
| 72 | File | xxxxx.xxx | predictive | Medium |
| 73 | File | xxx-xxx/xxxxxxxxxxx/xxxxxxxxx.xxx | predictive | Hög |
| 74 | File | xxx-xxx/xxx/xxxxxxxx_xxx.xxx | predictive | Hög |
| 75 | File | xxxx.x | predictive | Låg |
| 76 | File | xxxxxx-xxxxxxxx-xxxxxxxx.xxxxxxx.xxx | predictive | Hög |
| 77 | File | xxxxx.xxx | predictive | Medium |
| 78 | File | xxxxxx.x | predictive | Medium |
| 79 | File | xxxxxx.xxx | predictive | Medium |
| 80 | File | xxxxxxxxx.xxxxxxx.xxx | predictive | Hög |
| 81 | File | xxxxxx/xxx/x_xxxxxxxx_xxxxxxxx.x | predictive | Hög |
| 82 | File | xxxx.xx | predictive | Låg |
| 83 | File | xxxxx.xxx | predictive | Medium |
| 84 | File | xx-x.xxx | predictive | Medium |
| 85 | File | xxxxxxx.xxxx | predictive | Medium |
| 86 | File | xxxxx.x | predictive | Låg |
| 87 | File | xxxxxxxx.xxxx | predictive | Hög |
| 88 | File | xxxxxxx.xx | predictive | Medium |
| 89 | File | xxxxx.xxx | predictive | Medium |
| 90 | File | xxxxxxx_xxxx.xxxx.xxx/xxxxxxx_xxxx.xxx | predictive | Hög |
| 91 | File | xxxx.xxx | predictive | Medium |
| 92 | File | xxx/xxxx/xxxx.x | predictive | Hög |
| 93 | File | xxxx_xxxxxxxxx.xxxxx | predictive | Hög |
| 94 | File | xx-xxxxxxx/xxxxxxxxxxxx/xxxxxx/xxxxx.xxxxxxxxxxxx.xxxx.xxx | predictive | Hög |
| 95 | File | xx/xxxxxx/xxxxx.x | predictive | Hög |
| 96 | File | xx/xxxxxx/xxxxxxx.x | predictive | Hög |
| 97 | File | xxxxxxxxx/xxxx.xxx | predictive | Hög |
| 98 | File | xxxx.xxx | predictive | Medium |
| 99 | File | xxxxxxxxx.xxx | predictive | Hög |
| 100 | File | xxxxxxxxx.xx | predictive | Medium |
| 101 | File | xxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxx | predictive | Hög |
| 102 | File | xxxx-xxxxxxx.x | predictive | Hög |
| 103 | File | xx | predictive | Låg |
| 104 | File | xxxxx/xxxxx/xxxxx/xxxxxxxx.xx | predictive | Hög |
| 105 | File | xxxx.xxx | predictive | Medium |
| 106 | File | xxx/xxxxxx.xxx | predictive | Hög |
| 107 | File | xxx/xxxxxxx/xxxxxxxxxxxxx/xxxxx.xxx | predictive | Hög |
| 108 | File | xxxxx.xxxx | predictive | Medium |
| 109 | File | xxxxx.xx | predictive | Medium |
| 110 | File | xxxxx.xxx | predictive | Medium |
| 111 | File | xxxxx.xxx?xxxx=xxxxx | predictive | Hög |
| 112 | File | xxxxxxxx | predictive | Medium |
| 113 | File | xxxxxxxxxxxxxx.xxx | predictive | Hög |
| 114 | File | xxxxxxxxxxxxxxx.xx | predictive | Hög |
| 115 | File | xxxxxx.x | predictive | Medium |
| 116 | File | xxxxxx.x | predictive | Medium |
| 117 | File | xxx/xxxxxxxx/xxxxxx/xxxxxxx.xx | predictive | Hög |
| 118 | File | xxx/xxxxxx/xxxx_xx.xx | predictive | Hög |
| 119 | File | xxxxxxx/xxx_xxxxxxxx.x | predictive | Hög |
| 120 | File | xxxxxxxx.xxx | predictive | Medium |
| 121 | File | xxxxxx.xxx | predictive | Medium |
| 122 | File | xxxxxxxxxxxxxx/xxxxxxxxxxxx.xxx | predictive | Hög |
| 123 | File | xxx_xxx_xxxxxx.x | predictive | Hög |
| 124 | File | xxxxxxxxx.xxx | predictive | Hög |
| 125 | File | xxxxxxxxxxx | predictive | Medium |
| 126 | File | xxx/xxxxxxxxx/xx_xxxxxxxxx_xxx.x | predictive | Hög |
| 127 | File | xxx/xxxxxxxxx/xx_xxxxxx_xxx.x | predictive | Hög |
| 128 | File | xxxxxxx_xxxx.xxx | predictive | Hög |
| 129 | File | xxxx.xxxxxx.xx | predictive | Hög |
| 130 | File | xxx_xxxx.xxx | predictive | Medium |
| 131 | File | xxxx/xxx/xxxx/xxxxxx/xxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxx | predictive | Hög |
| 132 | File | xxx.xxxxxx.xxxxxx.xxxxxxxxxx.xxxx.xxxxxx.xxxx.xxxxx.xxxxxxxxxxx | predictive | Hög |
| 133 | File | xx/xxxx | predictive | Låg |
| 134 | File | xxxxxxxxxx.xx | predictive | Hög |
| 135 | File | xxx_xxx.xx | predictive | Medium |
| 136 | File | xxxxxxx.xxx | predictive | Medium |
| 137 | File | xxxx/xxxxxxx/xxxxxxxx.xxx | predictive | Hög |
| 138 | File | xxx/xxxx/xxxx.xx | predictive | Hög |
| 139 | File | xxxx/xxxx_xxxxxx.xxx | predictive | Hög |
| 140 | File | xxxxxx.x | predictive | Medium |
| 141 | File | xxxxx/xxxxxxxxxxx/xxxxxxxxxx_xxxxxxxxxxx.xxx | predictive | Hög |
| 142 | File | xxxxxxx.xxx | predictive | Medium |
| 143 | File | xxxxxxxxxxxxx.x | predictive | Hög |
| 144 | File | xxxxxxxxxxxx.xxxx | predictive | Hög |
| 145 | File | xxxx.xxx | predictive | Medium |
| 146 | File | xxxxxxx.x | predictive | Medium |
| 147 | File | xxxxx.xxx | predictive | Medium |
| 148 | File | xxxxx.xxx | predictive | Medium |
| 149 | File | xxxxxxxx.xxx | predictive | Medium |
| 150 | File | xxxxxxxxxx.xxx | predictive | Hög |
| 151 | File | xxxxxxxx.xxx | predictive | Medium |
| 152 | File | xxxxxxxx.xxx?x=xxxxxx&x=xxxxxxxxxx | predictive | Hög |
| 153 | File | xxxxxxxxxxxxxxxxxxxxxxxxx.xxx | predictive | Hög |
| 154 | File | xx_xxxx.x | predictive | Medium |
| 155 | File | xxxxxxxxxxxxx/xxxxxxxxxx/xxxxx/xxxxxxxxx.xx | predictive | Hög |
| 156 | File | xxx.x | predictive | Låg |
| 157 | File | xxxxxxxxxx_xxxx | predictive | Hög |
| 158 | File | xxxxxx.xx | predictive | Medium |
| 159 | File | xxxxxx/xxxxx.xxx | predictive | Hög |
| 160 | File | xxxxxx/xxxxx_xxxx_xxxx/xxxxxxx_xxxxxx_xxxx_xxxxx.xx | predictive | Hög |
| 161 | File | xxx/xxxxxxx/xx-xxxxxx.x | predictive | Hög |
| 162 | File | xxx/xxxx.xxx | predictive | Medium |
| 163 | File | xxx/xxxx/xxxx/xxxxxx/xxxxxxxxxxx.xxxx | predictive | Hög |
| 164 | File | xxx/xxxx/xxxxxxx.xxx | predictive | Hög |
| 165 | File | xxx/xxxxx/xxxxx.xxx | predictive | Hög |
| 166 | File | xxxxx.x | predictive | Låg |
| 167 | File | xxx-xxxx.x | predictive | Medium |
| 168 | File | xxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxx | predictive | Hög |
| 169 | File | xxxxxxxxxx/xxxxxxx | predictive | Hög |
| 170 | File | xxxxxxx.xxx.xx.xxxxxxxxxxx.xxx | predictive | Hög |
| 171 | File | xxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxx | predictive | Hög |
| 172 | File | xxxx-xxxxxxxx.xxx | predictive | Hög |
| 173 | File | xxxx-xxxxx.xxx | predictive | Hög |
| 174 | File | xxxx-xxxxxxxx.xxx | predictive | Hög |
| 175 | File | xxxxxx/xxxx/xxxxxxxx/xxxxxxxxxx.xxx | predictive | Hög |
| 176 | File | xxxx/xxx-xxx.xxx | predictive | Hög |
| 177 | File | xxxx/xxx/xxxx-xxxxx.xxx | predictive | Hög |
| 178 | File | xxxx.xxx | predictive | Medium |
| 179 | File | xxxxxx/xxxxxx.xxxx | predictive | Hög |
| 180 | File | xxxxx/xxxxxxxxx.xxx | predictive | Hög |
| 181 | File | xx-xxxxx/xxxxx-xxxx.xxx | predictive | Hög |
| 182 | File | xx-xxxxx/xxxxxxx.xxx | predictive | Hög |
| 183 | File | xx-xxxxxxxx/xxxx.xxx | predictive | Hög |
| 184 | File | xx-xxxxx.xxx | predictive | Medium |
| 185 | File | xxx/xxxxxxxx/xxxxxxxx.xxx | predictive | Hög |
| 186 | File | xxx xxxxxxx | predictive | Medium |
| 187 | File | xxxxxxxx/xxxxxx/xxxxxxxxx/xxxxxxx/xxxxxxxxx/xx/xxxxxxxxxxxxxxx.xx | predictive | Hög |
| 188 | File | xxxxxxxxxxxxx.xx | predictive | Hög |
| 189 | File | \xxx\xxxxxx\xxxxxxxxxx\xxxxxxxxxxxxxx.xxxxx.xxx | predictive | Hög |
| 190 | File | __xxx/xxxxxxxx/xxxxxx/xxxx/xxxxxx-xxxx?xxxxxx_xxxx=xxxx | predictive | Hög |
| 191 | Library | /xxxxxxxxxxxx/xxxxxxxxx_xxxxxx/xxxxxxxxx_xxxxxx_xxxxxxxxxxxx.xxx | predictive | Hög |
| 192 | Library | /_xxx_xxx/xxxxx.xxx | predictive | Hög |
| 193 | Library | xxxxx.xxx | predictive | Medium |
| 194 | Library | xxxxxxxxxxxxx.xxx | predictive | Hög |
| 195 | Library | xxx/xxxxx_xxxxxxxxxx.xx | predictive | Hög |
| 196 | Library | xxx/xxxxx/xxxxxxxx.xx | predictive | Hög |
| 197 | Library | xxxxxx | predictive | Låg |
| 198 | Library | xxxxxx.xx | predictive | Medium |
| 199 | Library | xxxxxxxxxx.xxx | predictive | Hög |
| 200 | Library | xxxxxxxxxxx.xxx | predictive | Hög |
| 201 | Library | xxxx-xxxxxxxxxx/xxx/xxxx/xxxxxxxxxx/xxxx_xxxxxxxxx.xx | predictive | Hög |
| 202 | Library | xx_xxxx.x/xxx_xxxx.x/xx_xxx.x | predictive | Hög |
| 203 | Library | xxx/xxxxxxx.xxxxxx.xxx/xxx/xxxxxxxxxxxxx.xx | predictive | Hög |
| 204 | Library | xxxx.xxx | predictive | Medium |
| 205 | Library | xxxxxxxxxxxxxxxxxxxx.xxx | predictive | Hög |
| 206 | Argument | $_xxxxxx['xxxx_xxxx_xxxxx'] | predictive | Hög |
| 207 | Argument | $_xxxxxx['xxx_xxxx'] | predictive | Hög |
| 208 | Argument | -x/-x | predictive | Låg |
| 209 | Argument | -x | predictive | Låg |
| 210 | Argument | xxx_xxxxxxxxxx | predictive | Hög |
| 211 | Argument | xx | predictive | Låg |
| 212 | Argument | xxxxxx | predictive | Låg |
| 213 | Argument | xxxxxxxx | predictive | Medium |
| 214 | Argument | xxxxxx | predictive | Låg |
| 215 | Argument | xxxxxxxx | predictive | Medium |
| 216 | Argument | xxxxxxxx | predictive | Medium |
| 217 | Argument | xxx | predictive | Låg |
| 218 | Argument | xxxxxxxxxx | predictive | Medium |
| 219 | Argument | xx | predictive | Låg |
| 220 | Argument | xxx | predictive | Låg |
| 221 | Argument | xxx | predictive | Låg |
| 222 | Argument | xxxxxx | predictive | Låg |
| 223 | Argument | xxxxxxx-xxxxxxxxxxx | predictive | Hög |
| 224 | Argument | xxxxxxx/xxxxxxx/xxxxxxx_xxxxxxxxxx/xxxxxxx_xxxxxx/xxxxxxxx/xxxx_xxxxx | predictive | Hög |
| 225 | Argument | xxxx/xxxx | predictive | Medium |
| 226 | Argument | xxxxxxxxxx | predictive | Medium |
| 227 | Argument | xxxxxxxxxxx | predictive | Medium |
| 228 | Argument | xxxx | predictive | Låg |
| 229 | Argument | xxxxxxxxxxx | predictive | Medium |
| 230 | Argument | xxx/xxxxxxx | predictive | Medium |
| 231 | Argument | xxxxxxx | predictive | Låg |
| 232 | Argument | xxxxxx_xxxx | predictive | Medium |
| 233 | Argument | xxxxx | predictive | Låg |
| 234 | Argument | xxxxx | predictive | Låg |
| 235 | Argument | xxxxxxxx | predictive | Medium |
| 236 | Argument | xxxxxxxx | predictive | Medium |
| 237 | Argument | xxxx | predictive | Låg |
| 238 | Argument | xxxx | predictive | Låg |
| 239 | Argument | xxxx | predictive | Låg |
| 240 | Argument | xxxx | predictive | Låg |
| 241 | Argument | xxxxxxxxxx | predictive | Medium |
| 242 | Argument | xxxx_xxxxx | predictive | Medium |
| 243 | Argument | xx | predictive | Låg |
| 244 | Argument | xxxxx | predictive | Låg |
| 245 | Argument | xxx | predictive | Låg |
| 246 | Argument | xxxx | predictive | Låg |
| 247 | Argument | xxxxx | predictive | Låg |
| 248 | Argument | xxx | predictive | Låg |
| 249 | Argument | x_xx/xxxx | predictive | Medium |
| 250 | Argument | xxxx | predictive | Låg |
| 251 | Argument | xxxx | predictive | Låg |
| 252 | Argument | xx | predictive | Låg |
| 253 | Argument | xxxxxx | predictive | Låg |
| 254 | Argument | xxxxxxxx | predictive | Medium |
| 255 | Argument | xxxxxxxx | predictive | Medium |
| 256 | Argument | xxxx | predictive | Låg |
| 257 | Argument | xxxxxxxxxx | predictive | Medium |
| 258 | Argument | xxxxxx[xxxx].xxx | predictive | Hög |
| 259 | Argument | xxxxxxxx | predictive | Medium |
| 260 | Argument | xxxx_xx_xxxx_xxxxxxx | predictive | Hög |
| 261 | Argument | xxxxxxx_xxxxxxx | predictive | Hög |
| 262 | Argument | xxx_xx | predictive | Låg |
| 263 | Argument | x.xxx.xxxx | predictive | Medium |
| 264 | Argument | xxxxxxxxxxxx_xxxxxxxxx | predictive | Hög |
| 265 | Argument | xxxxxxxx | predictive | Medium |
| 266 | Argument | xxxxxxxxxx | predictive | Medium |
| 267 | Argument | xxxxxxxx | predictive | Medium |
| 268 | Argument | xxxxxxx | predictive | Låg |
| 269 | Argument | xxxxxxxx_xxxx | predictive | Hög |
| 270 | Argument | xxx_xx | predictive | Låg |
| 271 | Argument | xxxxxx | predictive | Låg |
| 272 | Argument | xxxxxx/xxxxxx_xxxxxx | predictive | Hög |
| 273 | Argument | xxxxxxxxxxxxxxxxx | predictive | Hög |
| 274 | Argument | xxx | predictive | Låg |
| 275 | Argument | xxxxxxx | predictive | Låg |
| 276 | Argument | xxxx xxxx xx | predictive | Medium |
| 277 | Argument | xxx | predictive | Låg |
| 278 | Argument | xxxxxxxx | predictive | Medium |
| 279 | Argument | xxx | predictive | Låg |
| 280 | Argument | xxx | predictive | Låg |
| 281 | Argument | xxxxxxx | predictive | Låg |
| 282 | Argument | xxxx_xxxxxx/xxxxxx/xxxxxx | predictive | Hög |
| 283 | Argument | xxx | predictive | Låg |
| 284 | Argument | xx_xxxxx_xx | predictive | Medium |
| 285 | Argument | xxx | predictive | Låg |
| 286 | Argument | xxx_xxxxx | predictive | Medium |
| 287 | Argument | xxx | predictive | Låg |
| 288 | Argument | xxxxx | predictive | Låg |
| 289 | Argument | xxxx_xxx | predictive | Medium |
| 290 | Argument | xxx | predictive | Låg |
| 291 | Argument | xxx | predictive | Låg |
| 292 | Argument | xxxxxxx | predictive | Låg |
| 293 | Argument | xxxxxxxx | predictive | Medium |
| 294 | Argument | xxxxxxxx | predictive | Medium |
| 295 | Argument | xxxxx | predictive | Låg |
| 296 | Argument | xxxxxxx_xxxx | predictive | Medium |
| 297 | Argument | xx | predictive | Låg |
| 298 | Argument | xxxx.xxxxxxxxxxxxxxxxxxxxxxxxx | predictive | Hög |
| 299 | Argument | x-xxxxxxxxx-xxxx | predictive | Hög |
| 300 | Argument | x-xxxx | predictive | Låg |
| 301 | Argument | _xxx_xxxxxxxxxxx_ | predictive | Hög |
| 302 | Input Value | $xxxxxx | predictive | Låg |
| 303 | Input Value | '/x' | predictive | Låg |
| 304 | Input Value | ../../../xxx/xxxxxx | predictive | Hög |
| 305 | Input Value | <?xxx xxxxxxx();?> | predictive | Hög |
| 306 | Input Value | <?xxx xxxxxx($_xxx['x']); ?> | predictive | Hög |
| 307 | Input Value | <x xxxxxxx=xxxxx(x)>xxxxx</x> | predictive | Hög |
| 308 | Input Value | xxxxx | predictive | Låg |
| 309 | Pattern | /xxxxx/xxxxxxxxxxxxx.xxx | predictive | Hög |
| 310 | Pattern | xxx | predictive | Låg |
| 311 | Pattern | xxxx | predictive | Låg |
| 312 | Pattern | xxxxx-xxxxxxxxxxxxx|xx| xxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx+xx+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx | predictive | Hög |
| 313 | Pattern | xxxxxx.xxxxxxxxx | predictive | Hög |
| 314 | Pattern | |xx|x | predictive | Låg |
| 315 | Pattern | |xx xx xx| | predictive | Medium |
| 316 | Network Port | xxxxx | predictive | Låg |
| 317 | Network Port | xxx/xx | predictive | Låg |
| 318 | Network Port | xxx/xxxx | predictive | Medium |
Referenser (115)
The following list contains external sources which discuss the actor and the associated activities:
- https://1275.ru/ioc/131/qakbot-qbot-trojan-iocs/
- https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html
- https://blog.talosintelligence.com/2019/08/threat-roundup-0823-0830.html
- https://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.html
- https://blog.talosintelligence.com/2020/05/threat-roundup-0508-0515.html
- https://community.blueliv.com/#!/s/604fca0782df413eaf346287
- https://community.blueliv.com/#!/s/622b003f82df417ed03309da
- https://community.blueliv.com/#!/s/6131fcd682df417a0032fabb
- https://community.blueliv.com/#!/s/604009c282df413eb235396b
- https://github.com/A-dd-Y/secops/blob/main/MalwareIOC/mwdb-qakbot-c2.txt
- https://github.com/A-dd-Y/secops/blob/main/MalwareIOC/triage-qakbot-c2.txt
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-22%20SquirrelWaffle%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-24%20SquirrelWaffle%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-28%20Squirrel%20Waffle%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-29%20SquirrelWaffle%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-07%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-12%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-15%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-19%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-20%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-25%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-26%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-28%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-01%20Qakbot%20Campaign%201%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-01%20Qakbot%20Campaign%202%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-02%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-04%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-10%20Qakbot1%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-10%20Qakbot2%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-12%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-16%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-18%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-23%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-24%20Qakbot1%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-24%20Qakbot2%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-01%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-02%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-07%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-08%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-10%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-13%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-14%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-15%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-20%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-21%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-23%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-27%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-24%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-15%20Qakbot%20(TR)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-17%20Qakbot%20(TR)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-23%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-24%20Qakbot%20(presidents)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-24%20Qakbot%20(TR)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-28%20Qakbot%20(PR)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-28%20Qakbot%20(TR)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-01%20Qakbot%20(PR)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-01%20Qakbot%20(TR)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-09%20Qakbot%20(AA)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-09%20Qakbot%20(PR)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-10%20Qakbot%20(AA)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-11%20Qakbot%20(AA)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-14%20Qakbot%20(AA)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-15%20Qakbot%20(AA)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-16%20Qakbot%20(AA)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-18%20Qakbot%20(tzr02)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-22%20Qakbot%20(AA)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-23%20Qakbot%20(obama169)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-25%20Qakbot%20(AA)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-29%20Qakbot%20(obama171)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-31%20Qakbot%20(obama173)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-04%20Qakbot%20(biden57)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-06%20Qakbot%20(obama174)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-12%20Qakbot%20(obama175)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-18%20Qakbot%20(obama176)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-20%20Qakbot%20(obama177)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-21%20Qakbot%20(obama179)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-25%20Qakbot%20(AA)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-26%20Qakbot%20(AA)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-26%20Qakbot%20(obama180)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-27%20Qakbot%20(AA)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-29%20Qakbot%20(obama181)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-05%20Qakbot%20(obama182)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-13%20Qakbot%20(obama183)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-26%20Qakbot%20(%22obama185%22)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-02%20Qakbot%20(AA)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-07%20Qakbot%20(obama186)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-08%20Qakbot%20(obama187)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-21%20Qakbot%20(obama190)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-22%20Qakbot%20(obama191)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-23%20Qakbot%20(obama192)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-24%20Qakbot%20(obama193)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-27%20Qakbot%20(%22obama194%22)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-28%20Qakbot%20(obama195)%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-29%20Qakbot%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-30%20Qakbot%20(obama197)%20IOCs
- https://github.com/firehol/blocklist-ipsets/blob/master/bambenek_qakbot.ipset
- https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB_22.09.2022.txt
- https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama202_14.09.2022.txt
- https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama203_15.09.2022.txt
- https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama204_16.09.2022.txt
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/Qakbot
- https://isc.sans.edu/forums/diary/Emotet+Qakbot+more+Emotet/26750/
- https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest+Answers+and+Analysis/27582/
- https://isc.sans.edu/forums/diary/Qakbot+activity+resumes+after+holiday+break/27008/
- https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/
- https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike/27158/
- https://isc.sans.edu/forums/diary/Recent+Qakbot+Qbot+activity/26862/
- https://pastebin.com/u/MalwareQuinn
- https://research.checkpoint.com/2020/exploring-qbots-latest-attack-methods/
- https://thedfirreport.com/2022/02/07/qbot-likes-to-move-it-move-it/
- https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/
- https://tria.ge/210511-kvcz7vyfkx
- https://twitter.com/Malwar3Ninja/status/1483514897266737154
- https://www.cybereason.com/blog/threat-alert-aggressive-qakbot-campaign-and-the-black-basta-ransomware-group-targeting-u.s.-companies
- https://www.zscaler.com/blogs/security-research/rise-qakbot-attacks-traced-evolving-threat-techniques