Trusted Design

The return of Qbot

概要

Qbot, also known as Qakbot, is a network-aware worm with backdoor capabilities, primarily designed as a credential harvester. It is an old threat and was well-described by Symantec back in 2009.1 The company later released a whitepaper which described Qbot version 910 in great detail.2 In December 2015, several researchers reported that websites hosting the Rig Exploit Kit were serving an updated version of Qbot.3 4 5 Then in January 2016, over 500 devices at a large public organisation were infected with Qbot: the worm was back, and it was both more and less effective. While all versions of Microsoft Windows the worm touched in the attack were compromised, a number of Windows XP machines crashed and failed to restart: despite its renewed potency, the programmers behind Qbot hadn’t built their bot to be compatible with older versions of Windows.

Created: 2026-02-23

Indicators

• FileHash-MD5 - a5b3b4daf133972ac9cba63929aebc5b -
• domain - ohpjbauaztbcqjwbxyepjg.info -
• domain - tybsrwyftchsd.biz -
• FileHash-MD5 - 7f263899bdce57f67d09fb7a980867e7 -
• FileHash-MD5 - 4edf3e7885878af7fb8c1bc37b9f8a74 -
• domain - ttzioiyzupuntyceqbwqr.org -
• domain - shehtaamozvljiemrijsgzff.com -
• domain - hyfotrom.biz -
• domain - lzxrbgvcpdefafmtkmypd.org -
• FileHash-MD5 - a8a9becf391314a92452b86cd2b9e69f -
• domain - izfrynscrek.net -
• domain - akurktsicohzxrfoynqaixspe.org -
• hostname - rss.dimadimapress.com -
• domain - jfgsifrptbirusgs.net -
• domain - aifrbgvit.org -
• domain - nknpagmexfmpivpfkej.org -
• domain - rdnzplgrz.net -
• FileHash-MD5 - b725adc8f99196000ff7aa7382803cba -
• domain - vcavovfkbnxdi.org -
• domain - aecfdpuspicop.biz -
• domain - rhjbkrqiekhdxlgzrzdzw.net -
• domain - aoznszhhyhktgb.com -
• domain - yliolxjywjpmtpxwkcsc.biz -
• domain - riiqynnpolhrrqtjq.com -
• domain - hihybiipewmutcpqjsnnn.org -
• domain - qotavczeb.info -
• domain - czkwuxvndxrjsprm.org -
• FileHash-MD5 - b3b496c1ba36201b63b63e02724bb193 -
• FileHash-MD5 - f29211b19cf7c2ddfd66868ec8080ed2 -
• domain - vvdpprlurgnja.biz -
• domain - yrkinsiwejn.biz -
• domain - oxpsuqkej.org -
• domain - jhsjqyopeiivfjonxfd.com -
• domain - tnqnpjthcwhhit.biz -
• domain - jyemfaceteeg.info -
• domain - hyfpcoogiuxackrjlvqfoa.org -
• domain - bwzxubzdgaq.biz -
• domain - gfapuxkfzsddekagqyvtibckx.org -
• domain - usobtaaxtdkpzqqvkahae.com -
• domain - bbostybfmaa.org -
• domain - hvjhbdtxslkr.net -
• domain - zlczwkjposmtcawsga.org -
• domain - ohnzjsjoyxmkfpafaouujked.biz -
• domain - nkwnfcvlqvouqyspcpfxdbmkv.org -
• domain - bryhitenwzmdtakavoofanp.org -
• domain - oeisvpck.com -
• domain - drufxhimmwwnfhegujbutyw.com -
• domain - gjcybzvmvir.com -
• FileHash-MD5 - 1dfc0905de2dc77f69a97376f1c02f63 -
• domain - dkdjezurex.org -
• FileHash-MD5 - abe1d97ab4ae7d59074d4ee826635c0f -
• domain - brpnkctjvgdmnbwtv.biz -
• domain - bogtdrfdeqabyyxdg.net -
• domain - fgmbdteifejszcmn.org -
• FileHash-MD5 - 5a7aae53de8783aad77c80e6650a7198 -
• domain - qfdjjouamlbqtfyewaxci.org -
• domain - pgnioogwlucnv.com -
• domain - vzdrlswljtpgsmvddeehav.org -
• domain - uitutnmieyxfk.org -
• hostname - stat.nickspizzade.com -
• domain - gfsbfuaogfwrcvstpnvuskqjh.net -
• domain - jekawtzb.net -
• domain - reckchfhtndingqrynjdgpbjy.net -
• domain - hbjzvgyej.org -
• domain - nyqvjyehgmyzwsutaoeqrzdff.net -
• domain - yqwjvhxgaiszygziq.org -
• domain - fbptaqbegdpqfkqeniulcz.com -
• domain - pptyqmktluqnpameptwtzno.org -
• domain - jdqmdauuzavhvzmchymtn.com -
• domain - xykrgjnhkhjgpkdi.net -
• FileHash-MD5 - c72f0f0b6fb25b67e007427078442bdc -
• domain - pqmqomkgjnfdng.org -
• domain - oabtwabgoyatl.info -
• domain - jaxmksttqwcfycm.org -
• domain - htibkjlyhffmhnetwvaia.net -
• domain - bdbprqhsomsonztxios.net -
• domain - ejnkyujcazyyrehecjmox.net -
• domain - wybmdazfdaapjtabgbamyuq.biz -
• domain - kzdmlrtrdfmuvyczjeoysnnr.com -
• domain - dtvsxudgnort.biz -
• domain - dslmkpgjvuisnqa.com -
• FileHash-MD5 - 56e3a96bc8695327087c9e00d97e31c8 -
• domain - osnyjaaliqdpegehd.com -
• domain - vpsbrubhqlrpqfnadsvc.net -
• domain - lssteedshlf.org -
• domain - bzkgskajhmcwrbk.net -
• domain - dejyjcwo.info -
• domain - coxrwiuxkcausxnlbgjmakxrw.net -
• domain - zwdhqcthdwlugocbiqn.info -
• domain - uzjwupjsjfpcezlchdsmzodkm.org -
• domain - vxozgiucpq.com -
• domain - ljiececesruwqsiaafspjb.biz -
• domain - uisfhfwqrcsqcvo.org -
• domain - zvwidimzmcbsrdbrtk.org -
• FileHash-MD5 - 06ec0af8411d864211baff8afb117f72 -
• domain - gkvimqrvoscnuvggw.net -
• domain - ohjnxkcqhyzcqxoxyrqsvmovb.org -
• domain - kvwyoivqwydfdlpzd.org -
• domain - pzmftmgqnxaqgrznm.net -
• domain - jghgaukpemdsitwrbkm.org -
• domain - nwqsckeoatb.biz -
• domain - vyffojtfi.net -
• domain - mzvmmsedkr.biz -
• domain - xkwczygvqosxx.com -
• FileHash-MD5 - 2d2fa093dd4fb26a8d14f1906552d238 -
• domain - hhwkqccfvmbxvgsrfodzblfk.org -
• domain - kyimozmtezqaghxaqbykf.net -
• domain - awtptzoblgkkdmfb.biz -
• domain - fobccpaug.org -
• domain - onpzjbvxnbvuhrjbjb.info -
• domain - dfnchvkjlzlkdaygzdakqhn.info -
• domain - walmgvyongcjrfpjjlwiweyiv.biz -
• domain - rkdxaovlaoltxnorwhtqo.com -
• domain - frcblvtmpuygvxzdjsdw.net -
• FileHash-MD5 - 828642e97f90d2aecc348428190885fd -
• domain - gdfqutzvshhgzheqksxj.biz -
• domain - felruzatqofkxlzkrskrbcilq.org -
• domain - gvyxwaslgliazuilhtyl.com -
• domain - dpsjwmwzuwnicaq.biz -
• domain - uvaphhxjmijvuvobqfezgnc.com -
• domain - yuhjomyygtrbcr.info -

類似Pulses

• The Return of Qbot (score: 0.92)
• ISC 2015-12-30: Actor using Rig EK to deliver Qbot - update (score: 0.65)
• Qakbot - A capable banking trojan (score: 0.63)
• Threat Spotlight: The Return of Qakbot Malware (score: 0.60)
• MTA 2015-12-31: ACTOR USING RIG EK TO DELIVER QBOT (score: 0.58)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る