IOCs_Adicionais_BlackBasta
Atualizado em
16/05/2024 11h08
IOCs_Adicionais_BlackBasta.txt — 3 KB
Conteúdo do arquivo
SHA-256 Black Basta's ransomware binary Hash Detection name 01fafd51bb42f032b08b1c30130b963843fea0493500e871d6a6a87e555c7bac Ransom.Win32.BLACKBASTA.YXCEP c9df12fbfcae3ac0894c1234e376945bc8268acdc20de72c8dd16bf1fab6bb70 Ransom.Win32.BLACKBASTA.YACEJ 94428d7620fff816cb3f65595978c6abb812589861c38052d30fa3c566e32256 Ransom.Win32.BLACKBASTA.YACEDT 1cad451cedeb9967c790c1671cd2e3482de87e3e802953f28e426642894ceb7b Ransom.Win32.BLACKBASTA.YACEDT 81a6c44682b981172cd85ee4a150ac49f838a65c3a0ed822cb07a1c19dab4af5 Ransom.Win32.BLACKBASTA.YACEDT 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90 Ransom.Win32.BLACKBASTA.YXCD2 7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a Ransom.Win32.BLACKBASTA.YXCD2 5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa Ransom.Win32.BLACKBASTA.THDBGBB ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e Ransom.Win32.BLACKBASTA.THDBIBB 96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be Ransom.Linux.BLACKBASTA.YXCFT 0d6c3de5aebbbe85939d7588150edf7b7bdc712fceb6a83d79e65b6f79bfc2ef Ransom.Linux.BLACKBASTA.YXCFJ 22c1bac3755f1d3234b44b6db3864b30c34710f997db61ba46d134c6f7f4e1ff Ransom.Win64.BLACKBASTA.YACFUT 308a54f1a0cc165036d78aa618d6d4d7409eee50f536b6882550e2a7f209667c Ransom.Win32.BLACKBASTA.YXCFU ------ Black Basta's tools Hash Detection name 8882186bace198be59147bcabae6643d2a7a490ad08298a4428a8e64e24907ad Trojan.Win32.BLACKBASTA.YXCEJ 0e2b951ae07183c44416ff6fa8d7b8924348701efa75dd3cb14c708537471d27 Trojan.Win32.BLACKBASTA.YXCEJ 0d3af630c03350935a902d0cce4dc64c5cfff8012b2ffc2f4ce5040fdec524ed Trojan.Win32.BLACKBASTA.YXCEJ df35b45ed34eaca32cda6089acbfe638d2d1a3593d74019b6717afed90dbd5f8 Trojan.Win32.BLACKBASTA.YXCEJ 3fe73707c2042fefe56d0f277a3c91b5c943393cf42c2a4c683867d6866116fc Trojan.Win32.BLACKBASTA.YXCEJ 72a48f8592d89eb53a18821a54fd791298fcc0b3fc6bf9397fd71498527e7c0e Trojan.X97M.QAKBOT.YXCFH c7eb0facf612dbf76f5e3fe665fe0c4bfed48d94edc872952a065139720e3166 TrojanSpy.Win32.QAKBOT.YXCEEZ ffa7f0e7a2bb0edf4b7785b99aa39c96d1fe891eb6f89a65d76a57ff04ef17ab TrojanSpy.Win32.QAKBOT.YACEJT 2083e4c80ade0ac39365365d55b243dbac2a1b5c3a700aad383c110db073f2d9 TrojanSpy.Win32.QAKBOT.YACEJT 1e7174f3d815c12562c5c1978af6abbf2d81df16a8724d2a1cf596065f3f15a2 TrojanSpy.Win32.QAKBOT.YACEJT 2d906ed670b24ebc3f6c54e7be5a32096058388886737b1541d793ff5d134ccb TrojanSpy.Win32.QAKBOT.YACEJT 72fde47d3895b134784b19d664897b36ea6b9b8e19a602a0aaff5183c4ec7d24 TrojanSpy.Win32.QAKBOT.YACEJT 2e890fd02c3e0d85d69c698853494c1bab381c38d5272baa2a3c2bc0387684c1 TrojanSpy.Win32.QAKBOT.YACEJT 580ce8b7f5a373d5d7fbfbfef5204d18b8f9407b0c2cbf3bcae808f4d642076a Backdoor.Win32.COROXY.YACEKT 130af6a91aa9ecbf70456a0bee87f947bf4ddc2d2775459e3feac563007e1aed Trojan.Win64.QUAKNIGHTMARE.YACEJT c4683097a2615252eeddab06c54872efb14c2ee2da8997b1c73844e582081a79 PUA.Win32.Netcat.B ac49c114ef137cc198786ad8daefa9cfcc01f0c0a827b0e2b927a7edd0fca8b0 HackTool.BAT.RDPEnable.A 580ce8b7f5a373d5d7fbfbfef5204d18b8f9407b0c2cbf3bcae808f4d642076a Backdoor.Win32.COROXY.YACEKT ------ URLs 24.178.196.44:2222 Qakbot C&C 37.186.54.185:995 Qakbot C&C 39.44.144.182:995 Qakbot C&C 45.63.1.88:443 Qakbot C&C 46.176.222.241:995 Qakbot C&C 47.23.89.126:995 Qakbot C&C 72.12.115.15:22 Qakbot C&C 72.76.94.52:443 Qakbot C&C 72.252.157.37:995 Qakbot C&C 72.252.157.212:990 Qakbot C&C 73.67.152.122:2222 Qakbot C&C 75.99.168.46:61201 Qakbot C&C 103.246.242.230:443 Qakbot C&C 113.89.5.177:995 Qakbot C&C 148.0.57.82:443 Qakbot C&C 167.86.165.191:443 Qakbot C&C 173.174.216.185:443 Qakbot C&C 180.129.20.53:995 Qakbot C&C 190.252.242.214:443 Qakbot C&C 217.128.122.16:2222 Qakbot C&C 172.105.88.234:4001 Coroxy C&C 23.106.160.188 Cobeacon C&C