1 „Gefällt mir“
Hier einmal die QakBot - Zombies nur für den Zeitraum der letzten drei Wochen im August 2023 vor dem Bust!!
QBot ist ein modularer Information-Stealer, auch bekannt als Qakbot oder Pinkslipbot. Er ist seit 2007 fast unterbrechungsfrei aktiv. In der Vergangenheit war er als Banking-Trojaner bekannt, was bedeutet, dass er Finanzdaten von infizierten Systemen stahl. Die letzten Jahre war Qbot als Loader ausgelegt, der C2-Server zum Targeting und Herunterladen von Payloads nutzte!
| Firstseen (UTC) | Host | Malware | Status | Network (ASN) | Country |
|---|---|---|---|---|---|
| 2023-08-25 15:24:34 | 190.34.24.159 | QakBot | Offline | AS11556 Cable & Wireless Panama |  PA |
| 2023-08-25 11:24:40 | 113.193.95.229 | QakBot | Offline | AS45528 TIKONAIN-AS Tikona Infinet Ltd. |  IN |
| 2023-08-25 10:08:52 | 78.152.198.132 | QakBot | Offline | AS15502 VODAFONE-IRELAND-ASN |  IE |
| 2023-08-25 01:29:36 | 92.9.44.234 | QakBot | Offline | AS13285 OPALTELECOM-AS TalkTalk Communications Limited |  GB |
| 2023-08-24 23:29:43 | 41.97.47.7 | QakBot | Offline | AS36947 ALGTEL-AS |  DZ |
| 2023-08-24 21:29:40 | 197.89.10.236 | QakBot | Offline | AS10474 OPTINET |  ZA |
| 2023-08-24 21:29:39 | 86.130.9.219 | QakBot | Offline | AS2856 BT-UK-AS BTnet UK Regional network | GB |
| 2023-08-24 15:34:25 | 74.12.146.236 | QakBot | Offline | AS577 BACOM |  CA |
| 2023-08-24 13:49:34 | 190.249.221.53 | QakBot | Offline | AS13489 EPM Telecomunicaciones S.A. E.S.P. |  CO |
| 2023-08-24 12:49:59 | 86.176.237.198 | QakBot | Offline | AS2856 BT-UK-AS BTnet UK Regional network | GB |
| 2023-08-24 11:34:34 | 102.159.81.188 | QakBot | Offline | AS37705 TOPNET |  TN |
| 2023-08-24 07:04:38 | 31.117.160.214 | QakBot | Offline | AS2856 BT-UK-AS BTnet UK Regional network | GB |
| 2023-08-24 05:34:37 | 142.198.125.203 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-24 05:34:37 | 201.143.8.193 | QakBot | Offline | AS8151 UNINET |  MX |
| 2023-08-24 03:34:39 | 70.174.49.244 | QakBot | Offline | AS22773 ASN-CXA-ALL-CCI-22773-RDC |  US |
| 2023-08-24 01:34:41 | 78.159.147.1 | QakBot | Offline | AS48544 TECNOADSL-AS |  IT |
| 2023-08-23 19:04:29 | 189.253.228.150 | QakBot | Offline | AS8151 Uninet S.A. de C.V. | MX |
| 2023-08-23 17:34:34 | 85.113.124.240 | QakBot | Offline | AS12975 PALTEL-AS PALTEL Autonomous System |  PS |
| 2023-08-23 17:34:33 | 67.70.18.202 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-23 15:34:17 | 86.165.15.246 | QakBot | Offline | AS2856 BT-UK-AS BTnet UK Regional network | GB |
| 2023-08-23 12:34:43 | 200.90.71.222 | QakBot | Offline | AS8048 CANTV Servicios, Venezuela |  VE |
| 2023-08-23 11:34:32 | 105.184.108.41 | QakBot | Offline | AS37457 Telkom-Internet | ZA |
| 2023-08-23 05:34:33 | 92.17.93.207 | QakBot | Offline | AS13285 OPALTELECOM-AS TalkTalk Communications Limited | GB |
| 2023-08-22 22:34:41 | 190.135.219.189 | QakBot | Offline | AS6057 Administracion Nacional de Telecomunicaciones |  UY |
| 2023-08-22 19:34:29 | 151.48.178.212 | QakBot | Offline | AS1267 ASN-WINDTRE IUNET | IT |
| 2023-08-22 15:34:23 | 175.110.196.31 | QakBot | Offline | AS25019 SAUDINETSTC-AS |  SA |
| 2023-08-22 13:24:37 | 197.87.135.31 | QakBot | Offline | AS10474 OPTINET | ZA |
| 2023-08-22 11:24:39 | 113.193.95.178 | QakBot | Offline | AS45528 TIKONAIN-AS Tikona Infinet Ltd. | IN |
| 2023-08-22 07:27:50 | 116.75.63.156 | QakBot | Offline | AS17488 HATHWAY-NET-AP Hathway IP Over Cable Internet | IN |
| 2023-08-22 04:39:30 | 86.99.51.64 | QakBot | Offline | AS5384 EMIRATES-INTERNET Emirates Internet |  AE |
| 2023-08-22 03:24:37 | 74.12.146.220 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-21 20:24:35 | 142.198.147.146 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-21 18:34:28 | 145.82.132.49 | QakBot | Offline | AS25019 SAUDINETSTC-AS | SA |
| 2023-08-21 16:59:17 | 82.2.136.141 | QakBot | Offline | AS5089 NTL | GB |
| 2023-08-21 16:24:14 | 41.98.242.3 | QakBot | Offline | AS36947 ALGTEL-AS | DZ |
| 2023-08-21 16:24:08 | 73.48.4.128 | QakBot | Offline | AS7922 COMCAST-7922 | US |
| 2023-08-21 13:34:11 | 41.227.197.112 | QakBot | Offline | AS37671 GLOBALNET-AS | TN |
| 2023-08-21 12:24:31 | 31.117.180.203 | QakBot | Offline | AS2856 BT-UK-AS BTnet UK Regional network | GB |
| 2023-08-21 10:29:24 | 86.130.9.155 | QakBot | Offline | AS2856 BT-UK-AS BTnet UK Regional network | GB |
| 2023-08-21 09:13:31 | 82.14.84.152 | QakBot | Offline | AS5089 NTL | GB |
| 2023-08-21 07:09:23 | 171.96.205.159 | QakBot | Offline | AS17552 TRUEONLINE-AS-AP True Online |  TH |
| 2023-08-21 06:29:25 | 181.118.183.99 | QakBot | Offline | AS27953 NODOSUD S.A |  AR |
| 2023-08-21 05:59:22 | 103.252.6.88 | QakBot | Offline | AS132996 THREESAINFOWAY-AS Threesa Infoway Pvt.Ltd. | IN |
| 2023-08-20 22:59:33 | 86.178.219.105 | QakBot | Offline | AS2856 BT-UK-AS BTnet UK Regional network | GB |
| 2023-08-20 18:59:39 | 201.226.226.88 | QakBot | Offline | AS11556 Cable & Wireless Panama | PA |
| 2023-08-20 18:29:41 | 74.12.146.246 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-20 16:29:41 | 167.56.123.176 | QakBot | Offline | AS6057 Administracion Nacional de Telecomunicaciones | UY |
| 2023-08-20 16:29:38 | 86.150.32.228 | QakBot | Offline | AS2856 BT-UK-AS BTnet UK Regional network | GB |
| 2023-08-20 14:29:46 | 82.205.93.129 | QakBot | Offline | AS12975 PALTEL-AS PALTEL Autonomous System | PS |
| 2023-08-20 12:29:38 | 74.12.146.246 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-20 12:29:37 | 86.168.131.44 | QakBot | Offline | AS2856 BT-UK-AS BTnet UK Regional network | GB |
| 2023-08-20 06:29:37 | 141.164.164.166 | QakBot | Offline | AS25019 SAUDINETSTC-AS | SA |
| 2023-08-20 06:29:37 | 79.19.146.107 | QakBot | Offline | AS3269 ASN-IBSNAZ | IT |
| 2023-08-19 22:29:44 | 92.186.137.74 | QakBot | Offline | AS12479 UNI2-AS |  ES |
| 2023-08-19 18:29:48 | 190.33.20.235 | QakBot | Offline | AS11556 Cable & Wireless Panama | PA |
| 2023-08-19 16:29:49 | 70.27.1.248 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-19 16:29:49 | 74.12.146.246 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-19 12:29:49 | 82.0.180.5 | QakBot | Offline | AS5089 NTL | GB |
| 2023-08-19 02:29:49 | 45.62.79.227 | QakBot | Offline | AS40440 NRTC- | CA |
| 2023-08-18 12:29:41 | 142.115.159.127 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-18 11:24:29 | 103.172.227.110 | QakBot | Offline | AS132996 THREESAINFOWAY-AS Threesa Infoway Pvt.Ltd. | IN |
| 2023-08-18 09:29:40 | 197.87.63.121 | QakBot | Offline | AS10474 OPTINET | ZA |
| 2023-08-18 05:29:42 | 70.29.120.52 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-18 03:22:40 | 190.33.214.172 | QakBot | Offline | AS11556 Cable & Wireless Panama | PA |
| 2023-08-18 01:22:38 | 174.114.222.23 | QakBot | Offline | AS812 ROGERS-COMMUNICATIONS | CA |
| 2023-08-18 01:22:38 | 87.1.202.127 | QakBot | Offline | AS3269 ASN-IBSNAZ | IT |
| 2023-08-17 18:22:39 | 190.249.211.106 | QakBot | Offline | AS13489 EPM Telecomunicaciones S.A. E.S.P. | CO |
| 2023-08-17 16:22:37 | 181.167.166.8 | QakBot | Offline | AS7303 Telecom Argentina S.A. | AR |
| 2023-08-17 16:22:11 | 31.185.54.53 | QakBot | Offline | AS6871 PLUSNET UK Internet Service Provider | GB |
| 2023-08-17 14:22:27 | 62.66.147.220 | QakBot | Offline | AS9158 TELENOR_DANMARK_AS |  DK |
| 2023-08-17 14:22:27 | 86.153.18.118 | QakBot | Offline | AS2856 BT-UK-AS BTnet UK Regional network | GB |
| 2023-08-17 12:22:32 | 154.247.76.104 | QakBot | Offline | AS36947 ALGTEL-AS | DZ |
| 2023-08-17 10:22:41 | 102.156.192.103 | QakBot | Offline | AS37705 TOPNET | TN |
| 2023-08-17 10:22:41 | 86.130.9.139 | QakBot | Offline | AS2856 BT-UK-AS BTnet UK Regional network | GB |
| 2023-08-17 08:22:41 | 117.195.27.157 | QakBot | Offline | AS9829 BSNL-NIB National Internet Backbone | IN |
| 2023-08-17 08:22:37 | 161.142.98.188 | QakBot | Offline | AS9930 TTNET-MY TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Alam Selangor, Malaysia |  MY |
| 2023-08-17 08:22:35 | 86.98.213.216 | QakBot | Offline | AS5384 EMIRATES-INTERNET Emirates Internet | AE |
| 2023-08-17 08:22:34 | 45.243.231.247 | QakBot | Offline | AS24863 LINKdotNET-AS |  EG |
| 2023-08-17 04:22:27 | 37.210.168.96 | QakBot | Offline | AS42298 GCC-MPLS-PEERING GCC MPLS peering |  QA |
| 2023-08-16 22:22:31 | 74.12.146.93 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-16 21:22:20 | 197.83.246.70 | QakBot | Offline | AS10474 OPTINET | ZA |
| 2023-08-16 19:02:18 | 105.184.99.98 | QakBot | Offline | AS37457 Telkom-Internet | ZA |
| 2023-08-16 17:22:14 | 173.206.129.159 | QakBot | Offline | AS6407 PRIMUS-AS6407 | CA |
| 2023-08-16 15:22:23 | 31.53.29.186 | QakBot | Offline | AS2856 BT-UK-AS BTnet UK Regional network | GB |
| 2023-08-16 14:52:13 | 64.237.72.129 | QakBot | Offline | AS5009 EATEL | US |
| 2023-08-16 13:22:31 | 186.73.231.11 | QakBot | Offline | AS11556 Cable & Wireless Panama | PA |
| 2023-08-16 12:12:18 | 66.35.121.181 | QakBot | Offline | AS14955 N-V-C | US |
| 2023-08-16 11:22:25 | 80.180.209.106 | QakBot | Offline | AS3269 ASN-IBSNAZ | IT |
| 2023-08-16 09:22:37 | 190.141.11.17 | QakBot | Offline | AS18809 Cable Onda | PA |
| 2023-08-16 09:22:37 | 141.164.210.209 | QakBot | Offline | AS25019 SAUDINETSTC-AS | SA |
| 2023-08-16 07:22:41 | 121.209.140.5 | QakBot | Offline | AS1221 ASN-TELSTRA Telstra Corporation Ltd |  AU |
| 2023-08-16 07:02:30 | 209.93.207.140 | QakBot | Offline | AS6871 PLUSNET UK Internet Service Provider | GB |
| 2023-08-16 05:22:41 | 161.142.99.126 | QakBot | Offline | AS9930 TTNET-MY TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Alam Selangor, Malaysia | MY |
| 2023-08-16 05:22:41 | 113.53.154.36 | QakBot | Offline | AS23969 TOT-NET TOT Public Company Limited | TH |
| 2023-08-16 03:22:45 | 222.253.247.103 | QakBot | Offline | AS45899 VNPT-AS-VN VNPT Corp |  VN |
| 2023-08-15 19:02:40 | 67.70.22.155 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-15 17:42:38 | 31.53.29.151 | QakBot | Offline | AS2856 BT-UK-AS BTnet UK Regional network | GB |
| 2023-08-15 12:22:38 | 64.229.199.64 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-15 12:22:38 | 91.82.133.181 | QakBot | Offline | AS20845 DIGICABLE |  HU |
| 2023-08-15 10:22:43 | 102.156.6.123 | QakBot | Offline | AS37705 TOPNET | TN |
| 2023-08-15 08:22:44 | 102.156.115.75 | QakBot | Offline | AS37705 TOPNET | TN |
| 2023-08-15 04:22:38 | 212.69.141.196 | QakBot | Offline | AS48544 TECNOADSL-AS | IT |
| 2023-08-14 09:32:23 | 197.87.135.228 | QakBot | Offline | AS10474 OPTINET | ZA |
| 2023-08-14 09:22:21 | 175.110.171.98 | QakBot | Offline | AS25019 SAUDINETSTC-AS | SA |
| 2023-08-14 07:52:29 | 178.153.13.38 | QakBot | Offline | AS42298 GCC-MPLS-PEERING GCC MPLS peering | QA |
| 2023-08-14 03:22:40 | 109.156.62.134 | QakBot | Offline | AS2856 BT-UK-AS BTnet UK Regional network | GB |
| 2023-08-13 21:22:39 | 74.12.146.207 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-13 13:42:48 | 200.109.192.34 | QakBot | Offline | AS8048 CANTV Servicios, Venezuela | VE |
| 2023-08-13 11:22:42 | 77.85.160.38 | QakBot | Offline | AS8866 VIVACOM-AS BULGARIA |  BG |
| 2023-08-13 07:02:41 | 197.2.49.178 | QakBot | Offline | AS37705 TOPNET | TN |
| 2023-08-13 01:22:51 | 181.99.46.114 | QakBot | Offline | AS7303 Telecom Argentina S.A. | AR |
| 2023-08-12 17:22:47 | 45.62.75.212 | QakBot | Offline | AS40440 NRTC- | CA |
| 2023-08-12 13:22:42 | 174.95.144.112 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-12 11:22:47 | 113.193.166.34 | QakBot | Offline | AS45528 TIKONAIN-AS Tikona Infinet Ltd. | IN |
| 2023-08-12 11:22:46 | 201.227.16.142 | QakBot | Offline | AS11556 Cable & Wireless Panama | PA |
| 2023-08-12 11:22:45 | 86.222.77.167 | QakBot | Offline | AS3215 France Telecom - Orange |  FR |
| 2023-08-12 04:42:41 | 117.202.205.136 | QakBot | Offline | AS9829 BSNL-NIB National Internet Backbone | IN |
| 2023-08-12 03:22:45 | 74.12.146.207 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-11 19:12:44 | 46.246.232.45 | QakBot | Offline | AS1241 FORTHNET-GR Forthnet |  GR |
| 2023-08-11 15:22:42 | 75.156.126.33 | QakBot | Offline | AS852 TELUS Communications | CA |
| 2023-08-11 15:22:42 | 197.2.159.74 | QakBot | Offline | AS2609 TN-BB-AS Tunisia BackBone AS | TN |
| 2023-08-11 13:22:41 | 66.35.127.81 | QakBot | Offline | AS14955 N-V-C | US |
| 2023-08-11 11:22:44 | 113.193.95.237 | QakBot | Offline | AS45528 TIKONAIN-AS Tikona Infinet Ltd. | IN |
| 2023-08-11 11:22:40 | 31.53.29.199 | QakBot | Offline | AS2856 BT-UK-AS BTnet UK Regional network | GB |
| 2023-08-11 09:22:45 | 197.87.143.210 | QakBot | Offline | AS10474 OPTINET | ZA |
| 2023-08-11 09:22:43 | 200.91.114.90 | QakBot | Offline | AS11830 Instituto Costarricense de Electricidad y Telecom. |  CR |
| 2023-08-11 07:23:10 | 86.96.75.225 | QakBot | Offline | AS5384 EMIRATES-INTERNET Emirates Internet | AE |
| 2023-08-11 07:22:45 | 100.4.182.242 | QakBot | Offline | AS701 UUNET | US |
| 2023-08-11 05:22:45 | 45.65.49.230 | QakBot | Offline | AS134019 AIRWAVESINTERNET-AS AIRWAVES INTERNET PRIVATE LIMITED | IN |
| 2023-08-11 03:22:53 | 39.49.48.18 | QakBot | Offline | AS17557 PKTELECOM-AS-PK Pakistan Telecommunication Company Limited |  PK |
| 2023-08-11 01:22:56 | 77.126.0.168 | QakBot | Offline | AS12400 PARTNER-AS |  IL |
| 2023-08-10 21:22:49 | 201.130.126.159 | QakBot | Offline | AS8151 Uninet S.A. de C.V. | MX |
| 2023-08-10 20:22:48 | 41.62.161.46 | QakBot | Offline | AS37705 TOPNET | TN |
| 2023-08-10 19:22:46 | 74.12.146.117 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-10 17:22:45 | 70.51.134.178 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-10 17:22:45 | 81.129.53.106 | QakBot | Offline | AS2856 BT-UK-AS BTnet UK Regional network | GB |
| 2023-08-10 15:22:39 | 151.65.75.108 | QakBot | Offline | AS1267 ASN-WINDTRE IUNET | IT |
| 2023-08-10 13:22:44 | 102.157.165.228 | QakBot | Offline | AS37705 TOPNET | TN |
| 2023-08-10 13:22:42 | 212.70.98.97 | QakBot | Offline | AS48728 VODAFONEQATAR | QA |
| 2023-08-10 13:22:42 | 72.4.96.234 | QakBot | Offline | AS22136 NYCT | US |
| 2023-08-10 13:22:42 | 142.117.161.238 | QakBot | Offline | AS577 BACOM | CA |
| 2023-08-09 14:22:38 | 109.153.10.32 | QakBot | Offline | AS2856 BT-UK-AS BTnet UK Regional network | GB |
| 2023-08-09 10:22:44 | 103.248.119.85 | QakBot | Offline | AS133275 GIGANTIC-AS Gigantic Infotel Pvt Ltd | IN |
| 2023-08-09 04:22:46 | 217.165.26.12 | QakBot | Offline | AS5384 EMIRATES-INTERNET Emirates Internet | AE |
| 2023-08-09 02:22:46 | 197.89.10.82 | QakBot | Offline | AS10474 OPTINET | ZA |
| 2023-08-09 02:22:46 | 161.142.107.120 | QakBot | Offline | AS9930 TTNET-MY TIME dotCom Berhad No. 14, Jalan Majistret U126 Hicom Glenmarie Industrial Park 40150 Shah Alam Selangor, Malaysia | MY |
| 2023-08-08 12:23:10 | 105.186.128.2 | QakBot | Offline | AS37457 Telkom-Internet | ZA |
| 2023-08-08 12:22:55 | 39.49.244.206 | QakBot | Offline | AS17557 PKTELECOM-AS-PK Pakistan Telecommunication Company Limited | PK |
| 2023-08-08 10:22:54 | 80.76.163.185 | QakBot | Offline | AS48728 VODAFONEQATAR | QA |
| 2023-08-08 10:22:53 | 89.32.159.148 | QakBot | Offline | AS48544 TECNOADSL-AS | IT |
Weitere Infos zu QakBot z.B. hier:
https://malpedia.caad.fkie.fraunhofer.de/details/win.qakbot
Ob die Behörden bei QakBot erfolgreicher im Ergebnis sein werden, als im Januar 2021 bei Emotet, bleibt abzuwarten!?
Emotet ist knapp 10 Monate nach der behördlichen Abschaltung, im November 2021 wieder zum Leben erwacht…
Ich fürchte auch, das muss man erstmal abwarten, zumal von Verhaftungen keine Rede war…
So siehts mal aus! Der oder die Betreiber (welche frei rumlaufen!) haben doch in den 16 Jahren des Betriebs garantiert für solche GAUs vorgesorgt.
Das es nun 700.000 Bots waren, ist doch nur eine offizielle Zahl durch Analysen. Ob der Betreiber nicht vielleicht noch 300.000 Bots mehr in einer Art Backup-Network, mit anderen Verbindungsdaten usw. angelegt hatte in der Vergangenheit, weiß doch kein Schwein!
Der Owner hat schließlich auch laufende Verpflichtungen mit den ganzen Malware / Ransomware Gruppen, bei denen es um horende Geldsummen geht!
So oder ähnlich muß es ja auch bei Emotet damals abgelaufen sein beim Relaunch. Das Netzwerk hat schließlich nicht wieder bei Null den Restart gemacht, sondern mit tausenden frischen Bots 