Skip to content

Instantly share code, notes, and snippets.

@MHaggis

MHaggis/malleable_c2_profiles

Last active January 2, 2024 21:05
Show Gist options
  • Save MHaggis/6c600e524045a6d49c35291a21e10752 to your computer and use it in GitHub Desktop.
Save MHaggis/6c600e524045a6d49c35291a21e10752 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
malleable_c2_profiles
spawnto
https://raw.githubusercontent.com/kphongagsorn/c2-profiles/29fe50eaad655ddd0028fca06a9c7785e3ffaf41/amazon.profile
https://raw.githubusercontent.com/kvcallfield/Cobalt-Strike-C2-profiles/cae44634d57c0d8a099e50f6d4e9b73acaaab9d6/amazon2.profile
https://raw.githubusercontent.com/KevinCooper/24AF-CyberChallenge/67f531777f7912c7129f633f43e06fba79c5f3e2/CobaltStrike/cobalt.profile
https://raw.githubusercontent.com/webcoderz/agressor-scripts-/950064776853cf4dd7403d0f75b5306fe275fcc3/Malleable-C2-Profiles-master/APT/meterpreter.profile
https://raw.githubusercontent.com/hadesangel/Malleable-C2-Profiles/390937aec01e0bcdaf23312277e96e57ac925f7b/APT/meterpreter.profile
https://raw.githubusercontent.com/ianxtianxt/Malleable-C2-Profiles/07fd3b45c4166c9aecdcfa54cddc905c22f6ff85/APT/meterpreter.profile
https://raw.githubusercontent.com/seclib/Malleable-C2-Profiles/390937aec01e0bcdaf23312277e96e57ac925f7b/APT/meterpreter.profile
https://raw.githubusercontent.com/rsmudge/Malleable-C2-Profiles/390937aec01e0bcdaf23312277e96e57ac925f7b/APT/meterpreter.profile
https://raw.githubusercontent.com/mhaskar/MalleableC2-Profiles/4432c64effce56134bbcc10836b4d813c09049ac/windows-updates.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/lee-malleable-skeleton.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/APT/meterpreter.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/APT/meterpreter.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/APT/chches_APT10.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/Crimeware/jasperloader.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/APT/chches_APT10.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Crimeware/jasperloader.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/meterpreter.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/clean_template.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/windows-updates.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/APT/meterpreter.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/chches_APT10.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/jasperloader.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/APT/chches_APT10.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/crimeware/jasperloader.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/crimeware/saefko.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/dddad4550180e92eb33275b5167249a74f9a22e0/Crimeware/saefko.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/APT/chches_APT10.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Crimeware/jasperloader.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/Social/reddit.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/reddit.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/gotomeeting.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/msu_edu.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/office365_calendar.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/windows-updates.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/Misc/mayoclinic.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/9f1182d7f77339e2587ecc5f3e094e05bef5db20/clean_template.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/mayoclinic.profile
https://raw.githubusercontent.com/guidepointsecurity/RedCommander/f8dc14428886247b322552cc9e7eeffd7e4cea2d/files/custom/HTTPS/evasive.profile
https://raw.githubusercontent.com/guidepointsecurity/RedCommander/f8dc14428886247b322552cc9e7eeffd7e4cea2d/files/custom/DNS/evasive.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/reddit.profile
https://raw.githubusercontent.com/rsmudge/Malleable-C2-Profiles/26323784672913923d20c5a638c6ca79459e8529/normal/reference.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/reddit.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/reddit.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/Social/slack.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/Social/stackoverflow.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/stackoverflow.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/gotomeeting.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/msu_edu.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/office365_calendar.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/gotomeeting.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/msu_edu.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/office365_calendar.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/gotomeeting.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/msu_edu.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/office365_calendar.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/youtube_video.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/mayoclinic.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/mayoclinic.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/mayoclinic.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/0ef8cf4556e26f6d4190c56ba697c2159faa5822/crimeware/trick_ryuk.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/crimeware/zloader.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/dddad4550180e92eb33275b5167249a74f9a22e0/Crimeware/trick_ryuk.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/dddad4550180e92eb33275b5167249a74f9a22e0/Crimeware/zloader.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/slack.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/stackoverflow.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/slack.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/stackoverflow.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/dddad4550180e92eb33275b5167249a74f9a22e0/Normal/slack.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/stackoverflow.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/7189deb738d32f073cacb47d27f64443a17d3b42/normal/mscrl.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/youtube_video.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/youtube_video.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Crimeware/covid19_koadic.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/youtube_video.profile
https://raw.githubusercontent.com/Libraggbond/CS4.0-Malleable-c2-profile/fc6365924077174b33beb7645ce7ba8c1cb8c430/myhttpsc2.profile
https://raw.githubusercontent.com/threatexpress/malleable-c2/b45e1fce4d7cf46fdd199e1425f9b68b51e81e04/jquery-c2.3.14.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/trevor.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/crimeware/covid19_koadic.profile
https://raw.githubusercontent.com/threatexpress/malleable-c2/b45e1fce4d7cf46fdd199e1425f9b68b51e81e04/jquery-c2.4.0.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Crimeware/covid19_koadic.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/trevor.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/template.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/trevor.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/trevor.profile
https://raw.githubusercontent.com/threatexpress/malleable-c2/c3385e481159a759f79b8acfe11acf240893b830/jquery-c2.4.2.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/template.profile
https://raw.githubusercontent.com/threatexpress/malleable-c2/b45e1fce4d7cf46fdd199e1425f9b68b51e81e04/jquery-c2.3.11.profile
https://raw.githubusercontent.com/bigb0sss/RedTeam-OffensiveSecurity/0a0a17f31698ab15e62249fca99a4bd1346991e3/01-CobaltStrike/malleable_C2_profile/CS4.0_guideline.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/Misc/iheartradio.profile
https://raw.githubusercontent.com/threatexpress/malleable-c2/b45e1fce4d7cf46fdd199e1425f9b68b51e81e04/jquery-c2.3.13.profile
https://raw.githubusercontent.com/threatexpress/malleable-c2/b45e1fce4d7cf46fdd199e1425f9b68b51e81e04/jquery-c2.3.12.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/dddad4550180e92eb33275b5167249a74f9a22e0/Normal/jquery-c2.4.2.profile
https://raw.githubusercontent.com/kphongagsorn/c2-profiles/29fe50eaad655ddd0028fca06a9c7785e3ffaf41/zillow.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/template.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/d4f85a85e047a7e29b2ae3c2b952758d47c3099c/template.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/iheartradio.profile
https://raw.githubusercontent.com/kphongagsorn/c2-profiles/29fe50eaad655ddd0028fca06a9c7785e3ffaf41/duckduckgo-ramen-search-get-only.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/iheartradio.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/dddad4550180e92eb33275b5167249a74f9a22e0/Normal/iheartradio.profile
pipe
https://raw.githubusercontent.com/KevinCooper/24AF-CyberChallenge/67f531777f7912c7129f633f43e06fba79c5f3e2/CobaltStrike/cobalt.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/lee-malleable-skeleton.profile
https://raw.githubusercontent.com/threatexpress/cs2modrewrite/d6516e153dfd2a19cc3fba6c26b948e2b0933708/havex.profile
https://raw.githubusercontent.com/mhaskar/MalleableC2-Profiles/4432c64effce56134bbcc10836b4d813c09049ac/windows-updates.profile
https://raw.githubusercontent.com/Libraggbond/CS4.0-Malleable-c2-profile/fc6365924077174b33beb7645ce7ba8c1cb8c430/myhttpsc2.profile
https://raw.githubusercontent.com/seclib/Malleable-C2-Profiles/390937aec01e0bcdaf23312277e96e57ac925f7b/APT/havex.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/clean_template.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/APT/havex.profile
https://raw.githubusercontent.com/hadesangel/Malleable-C2-Profiles/390937aec01e0bcdaf23312277e96e57ac925f7b/APT/havex.profile
https://raw.githubusercontent.com/webcoderz/agressor-scripts-/950064776853cf4dd7403d0f75b5306fe275fcc3/Malleable-C2-Profiles-master/APT/havex.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/windows-updates.profile
https://raw.githubusercontent.com/ianxtianxt/Malleable-C2-Profiles/07fd3b45c4166c9aecdcfa54cddc905c22f6ff85/APT/havex.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/template.profile
https://raw.githubusercontent.com/rsmudge/Malleable-C2-Profiles/390937aec01e0bcdaf23312277e96e57ac925f7b/APT/havex.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/template.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/APT/havex.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/msu_edu.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/windows-updates.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/havex.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/9f1182d7f77339e2587ecc5f3e094e05bef5db20/clean_template.profile
https://raw.githubusercontent.com/lengjibo/RedTeamTools/134970a01f3c8e525f1ce691ca60b6b122efee3c/windows/Malleable-C2-Profiles/bing.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/msu_edu.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/template.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/APT/havex.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/d4f85a85e047a7e29b2ae3c2b952758d47c3099c/template.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/msu_edu.profile
https://raw.githubusercontent.com/guidepointsecurity/RedCommander/f8dc14428886247b322552cc9e7eeffd7e4cea2d/files/custom/HTTPS/evasive.profile
https://raw.githubusercontent.com/guidepointsecurity/RedCommander/f8dc14428886247b322552cc9e7eeffd7e4cea2d/files/custom/DNS/evasive.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/msu_edu.profile
https://raw.githubusercontent.com/rsmudge/Malleable-C2-Profiles/26323784672913923d20c5a638c6ca79459e8529/normal/reference.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/0ef8cf4556e26f6d4190c56ba697c2159faa5822/crimeware/trick_ryuk.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/crimeware/zloader.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/dddad4550180e92eb33275b5167249a74f9a22e0/Crimeware/trick_ryuk.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/dddad4550180e92eb33275b5167249a74f9a22e0/Crimeware/zloader.profile
https://raw.githubusercontent.com/threatexpress/malleable-c2/b45e1fce4d7cf46fdd199e1425f9b68b51e81e04/jquery-c2.3.11.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Crimeware/covid19_koadic.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/7189deb738d32f073cacb47d27f64443a17d3b42/normal/mscrl.profile
https://raw.githubusercontent.com/threatexpress/malleable-c2/b45e1fce4d7cf46fdd199e1425f9b68b51e81e04/jquery-c2.3.13.profile
https://raw.githubusercontent.com/threatexpress/malleable-c2/b45e1fce4d7cf46fdd199e1425f9b68b51e81e04/jquery-c2.3.12.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/crimeware/covid19_koadic.profile
https://raw.githubusercontent.com/threatexpress/malleable-c2/b45e1fce4d7cf46fdd199e1425f9b68b51e81e04/jquery-c2.3.14.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Crimeware/covid19_koadic.profile
https://raw.githubusercontent.com/kphongagsorn/c2-profiles/29fe50eaad655ddd0028fca06a9c7785e3ffaf41/zillow.profile
https://raw.githubusercontent.com/bigb0sss/RedTeam-OffensiveSecurity/0a0a17f31698ab15e62249fca99a4bd1346991e3/01-CobaltStrike/malleable_C2_profile/CS4.0_guideline.profile
https://raw.githubusercontent.com/threatexpress/malleable-c2/b45e1fce4d7cf46fdd199e1425f9b68b51e81e04/jquery-c2.4.0.profile
https://raw.githubusercontent.com/threatexpress/malleable-c2/c3385e481159a759f79b8acfe11acf240893b830/jquery-c2.4.2.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/dddad4550180e92eb33275b5167249a74f9a22e0/Normal/jquery-c2.4.2.profile
post-ex
https://raw.githubusercontent.com/kvcallfield/Cobalt-Strike-C2-profiles/cae44634d57c0d8a099e50f6d4e9b73acaaab9d6/amazon2.profile
https://raw.githubusercontent.com/rsmudge/Malleable-C2-Profiles/26323784672913923d20c5a638c6ca79459e8529/normal/reference.profile
https://raw.githubusercontent.com/kphongagsorn/c2-profiles/29fe50eaad655ddd0028fca06a9c7785e3ffaf41/amazon.profile
https://raw.githubusercontent.com/threatexpress/malleable-c2/c3385e481159a759f79b8acfe11acf240893b830/jquery-c2.4.2.profile
https://raw.githubusercontent.com/mhaskar/MalleableC2-Profiles/4432c64effce56134bbcc10836b4d813c09049ac/windows-updates.profile
https://raw.githubusercontent.com/bigb0sss/RedTeam-OffensiveSecurity/0a0a17f31698ab15e62249fca99a4bd1346991e3/01-CobaltStrike/malleable_C2_profile/CS4.0_guideline.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/windows-updates.profile
https://raw.githubusercontent.com/Libraggbond/CS4.0-Malleable-c2-profile/fc6365924077174b33beb7645ce7ba8c1cb8c430/myhttpsc2.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/clean_template.profile
https://raw.githubusercontent.com/threatexpress/malleable-c2/b45e1fce4d7cf46fdd199e1425f9b68b51e81e04/jquery-c2.4.0.profile
https://raw.githubusercontent.com/kphongagsorn/c2-profiles/29fe50eaad655ddd0028fca06a9c7785e3ffaf41/zillow.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/msu_edu.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/dddad4550180e92eb33275b5167249a74f9a22e0/Normal/jquery-c2.4.2.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/9f1182d7f77339e2587ecc5f3e094e05bef5db20/clean_template.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/windows-updates.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/msu_edu.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/template.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/msu_edu.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/msu_edu.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/0ef8cf4556e26f6d4190c56ba697c2159faa5822/crimeware/trick_ryuk.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/crimeware/zloader.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Crimeware/covid19_koadic.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/dddad4550180e92eb33275b5167249a74f9a22e0/Crimeware/trick_ryuk.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/dddad4550180e92eb33275b5167249a74f9a22e0/Crimeware/zloader.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/7189deb738d32f073cacb47d27f64443a17d3b42/normal/mscrl.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/Crimeware/jasperloader.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Crimeware/jasperloader.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/d4f85a85e047a7e29b2ae3c2b952758d47c3099c/template.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/template.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/crimeware/covid19_koadic.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/jasperloader.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/template.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Crimeware/covid19_koadic.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/crimeware/jasperloader.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/crimeware/saefko.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/reddit.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/Social/reddit.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/dddad4550180e92eb33275b5167249a74f9a22e0/Crimeware/saefko.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Crimeware/jasperloader.profile
https://raw.githubusercontent.com/lengjibo/RedTeamTools/134970a01f3c8e525f1ce691ca60b6b122efee3c/windows/Malleable-C2-Profiles/bing.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/gotomeeting.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/office365_calendar.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/mayoclinic.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/Misc/mayoclinic.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/reddit.profile
https://raw.githubusercontent.com/guidepointsecurity/RedCommander/f8dc14428886247b322552cc9e7eeffd7e4cea2d/files/custom/HTTPS/evasive.profile
https://raw.githubusercontent.com/guidepointsecurity/RedCommander/f8dc14428886247b322552cc9e7eeffd7e4cea2d/files/custom/DNS/evasive.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/reddit.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/gotomeeting.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/office365_calendar.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/stackoverflow.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/Social/slack.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/Social/stackoverflow.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/reddit.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/gotomeeting.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/office365_calendar.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/youtube_video.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/mayoclinic.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/gotomeeting.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/office365_calendar.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/office365_calendar.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/mayoclinic.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/slack.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/stackoverflow.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/slack.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/stackoverflow.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/youtube_video.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/youtube_video.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/dddad4550180e92eb33275b5167249a74f9a22e0/Normal/slack.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/stackoverflow.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/youtube_video.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/trevor.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/trevor.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/trevor.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/trevor.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/Misc/iheartradio.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/iheartradio.profile
https://raw.githubusercontent.com/kphongagsorn/c2-profiles/29fe50eaad655ddd0028fca06a9c7785e3ffaf41/duckduckgo-ramen-search-get-only.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/iheartradio.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/dddad4550180e92eb33275b5167249a74f9a22e0/Normal/iheartradio.profile
https://raw.githubusercontent.com/threatexpress/malleable-c2/b45e1fce4d7cf46fdd199e1425f9b68b51e81e04/jquery-c2.3.14.profile
any spawnto_x64
https://raw.githubusercontent.com/FortyNorthSecurity/C2concealer/97b807b0af0bc9c5bbea55e62b1b8cfead3caaf6/C2concealer/components/postex.py
https://raw.githubusercontent.com/Sifter-Ex/cPlug/bbe96a9283c4edeadfd7e1c336338282e3316e26/CSv3/C2concealer/C2concealer/components/postex.py
https://raw.githubusercontent.com/MythicAgents/Apollo/0fa7e11b81d2783ffffeea4fd51e5ab237e92e27/Payload_Type/Apollo/agent_code/Apollo/CommandModules/SpawnTo.cs
https://raw.githubusercontent.com/MythicAgents/Apollo/7660439cbc8d4f18af2b564a5b7a0ac4f8f3765a/documentation-payload/Apollo/commands/spawnto_x64.md
https://raw.githubusercontent.com/kphongagsorn/c2-profiles/29fe50eaad655ddd0028fca06a9c7785e3ffaf41/amazon.profile
https://raw.githubusercontent.com/MythicAgents/Apollo/0fa7e11b81d2783ffffeea4fd51e5ab237e92e27/Payload_Type/Apollo/agent_code/Apollo/Evasion/EvasionManager.cs
https://raw.githubusercontent.com/MythicAgents/Apollo/9ca995fd0a9b7ba155bd58ce5668007443ea28a5/Payload_Type/Apollo/mythic/agent_functions/spawnto_x64.py
https://raw.githubusercontent.com/TheRipperJhon/CAPE/2bc977577a8fcc81a46046fe5bf9248ed3ac0c28/modules/processing/parsers/malwareconfig/CobaltStrike.py
https://raw.githubusercontent.com/nsquar3/malware_analysis/e7f3070f490bfae7dd80288e609197e7a8a41845/NTripLOL/CobaltStrikeBeacon_config.txt
https://raw.githubusercontent.com/Seccion7/dep-CAPEv2/51fc4ef85c74303060fd0394578fbbf79ac4bfa3/modules/processing/parsers/CAPE/CobaltStrike.py
https://raw.githubusercontent.com/binref/refinery/1920187f2b29309240f6c4a822748a42df92bc8c/test/units/pattern/test_carve_json.py
https://raw.githubusercontent.com/MythicAgents/Apollo/b3c12b6df6fab28321ddfb39d7de770c95341ecd/Payload_Type/Apollo/agent_code/Apollo/Tasks/Task.cs
https://raw.githubusercontent.com/kvcallfield/Cobalt-Strike-C2-profiles/cae44634d57c0d8a099e50f6d4e9b73acaaab9d6/amazon2.profile
https://raw.githubusercontent.com/MythicAgents/Apollo/7660439cbc8d4f18af2b564a5b7a0ac4f8f3765a/documentation-payload/Apollo/opsec.md
https://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/4b9b81e822c5b03a8733153727ed3e3238cf4201/2019-06-23-cobalt-strike-beacon-notes.vk.txt
https://raw.githubusercontent.com/MythicAgents/Apollo/7660439cbc8d4f18af2b564a5b7a0ac4f8f3765a/documentation-payload/Apollo/commands/_index.md
https://raw.githubusercontent.com/webcoderz/agressor-scripts-/950064776853cf4dd7403d0f75b5306fe275fcc3/Malleable-C2-Profiles-master/Malleable-C2-Randomizer-master/malleable-c2-randomizer.py
https://raw.githubusercontent.com/bluscreenofjeff/Malleable-C2-Randomizer/eec7300949ae70b3dcf4d95a29bddb6a88be1651/malleable-c2-randomizer.py
https://raw.githubusercontent.com/AmnestyTech/investigations/215c9c8077edc9ac30d20f0fe6b42adb14f7384b/2020-09-25_finfisher/scripts/cobaltstrike/cobaltstrike_config.py
https://raw.githubusercontent.com/KevinCooper/24AF-CyberChallenge/67f531777f7912c7129f633f43e06fba79c5f3e2/CobaltStrike/cobalt.profile
https://raw.githubusercontent.com/webcoderz/agressor-scripts-/950064776853cf4dd7403d0f75b5306fe275fcc3/Malleable-C2-Profiles-master/APT/meterpreter.profile
https://raw.githubusercontent.com/f1h0/CobStrike/4dccc4759cc9666140baf0d08fedce38147ebcc5/src/main/java/beacon/BeaconPayload.java
https://raw.githubusercontent.com/hadesangel/Malleable-C2-Profiles/390937aec01e0bcdaf23312277e96e57ac925f7b/APT/meterpreter.profile
https://raw.githubusercontent.com/ianxtianxt/Malleable-C2-Profiles/07fd3b45c4166c9aecdcfa54cddc905c22f6ff85/APT/meterpreter.profile
https://raw.githubusercontent.com/seclib/Malleable-C2-Profiles/390937aec01e0bcdaf23312277e96e57ac925f7b/APT/meterpreter.profile
https://raw.githubusercontent.com/f1h0/CobStrike/4dccc4759cc9666140baf0d08fedce38147ebcc5/src/main/java/c2profile/Lint.java
https://raw.githubusercontent.com/m0xbf/cs4-clone/4dccc4759cc9666140baf0d08fedce38147ebcc5/src/main/java/beacon/BeaconPayload.java
https://raw.githubusercontent.com/rsmudge/Malleable-C2-Profiles/390937aec01e0bcdaf23312277e96e57ac925f7b/APT/meterpreter.profile
https://raw.githubusercontent.com/mez-0/malleable-requests/ab2fbd2e311bee4bbbf76adb2586abb8f23c37b9/README.md
https://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/4b9b81e822c5b03a8733153727ed3e3238cf4201/2020-05-12-shadowdev-cobaltstrike-trickbot-cfg.vk.raw
https://raw.githubusercontent.com/m0xbf/cs4-clone/4dccc4759cc9666140baf0d08fedce38147ebcc5/src/main/java/c2profile/Lint.java
https://raw.githubusercontent.com/f1h0/CobStrike/4dccc4759cc9666140baf0d08fedce38147ebcc5/src/main/java/beacon/setup/SSHAgent.java
https://raw.githubusercontent.com/sysopfb/open_mal_analysis_notes/daa85b917ae55f2b827e81498d802cdc6dfa9956/f8c94e76f4d756924bf929b32f85158bc81911ce4a606af67e37460405e0ad3f.md
https://raw.githubusercontent.com/Te-k/analyst-scripts/40fe46359b56cfc171c7fdae452796ab7195ac27/threats/cobaltstrike_config.py
https://raw.githubusercontent.com/mhaskar/MalleableC2-Profiles/4432c64effce56134bbcc10836b4d813c09049ac/windows-updates.profile
https://raw.githubusercontent.com/m0xbf/cs4-clone/4dccc4759cc9666140baf0d08fedce38147ebcc5/src/main/java/beacon/setup/SSHAgent.java
https://raw.githubusercontent.com/hattmo/c2profilejs/c279a522a65a34c866419e07917858ff056f0c09/src/client/formDescription/profileDesc.ts
https://raw.githubusercontent.com/MythicAgents/Apollo/15b0bf56c7343b0a9c5dced74bfc1bfc6f0dd2e0/Payload_Type/Apollo/mythic/agent_functions/spawn.py
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/lee-malleable-skeleton.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/APT/meterpreter.profile
https://raw.githubusercontent.com/Te-k/cobaltstrike/b5fb9c8919ce5e59b4d0f0b962a72e759295bd0c/lib.py
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/APT/meterpreter.profile
https://raw.githubusercontent.com/f1h0/CobStrike/4dccc4759cc9666140baf0d08fedce38147ebcc5/src/main/java/c2profile/Loader.java
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/APT/chches_APT10.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/Crimeware/jasperloader.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/APT/chches_APT10.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Crimeware/jasperloader.profile
https://raw.githubusercontent.com/R-Vision/rvision-hackathon-2021-q1/09c0d7d468a3fc6ec3af9c8dc8384335c5119d05/converted/2020/Targeted%20Attack%20Leverages%20India-China%20Border%20Dispute.pdf.txt
https://raw.githubusercontent.com/ctxis/CAPE/0d830d3cdc241901a9ec1e2a6bfc59eb2f202551/modules/processing/parsers/malwareconfig/CobaltStrikeBeacon.py
https://raw.githubusercontent.com/m0xbf/cs4-clone/4dccc4759cc9666140baf0d08fedce38147ebcc5/src/main/java/c2profile/Loader.java
https://raw.githubusercontent.com/Apr4h/CobaltStrikeConfigParser/d82b4e3369f7b41fbd0b67ee1170332a9d6f4a82/Beacon.cs
https://raw.githubusercontent.com/MythicAgents/Apollo/4a67230f370c7da83756cb28149363169dc7211e/README.md
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/meterpreter.profile
https://raw.githubusercontent.com/sysopfb/malware_decoders/638fde09e60301a078923052d2537b0c33e32ca4/cs_beacon/proper_beacon_decoder.py
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/windows-updates.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/clean_template.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/APT/meterpreter.profile
https://raw.githubusercontent.com/Apr4h/CobaltStrikeScan/6730a4d61d0d686a0e1e4736768f3210995d4803/CobaltStrikeConfigParser/Beacon.cs
https://raw.githubusercontent.com/JPCERTCC/MalConfScan/00a0b82e6eeec1ca2c741e604a9fc5a633ffe4c8/utils/cobaltstrikescan.py
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/chches_APT10.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/jasperloader.profile
https://raw.githubusercontent.com/korney3/ARES_RVision_Hack/8a4630baa809885bad15a39e0f60a0e0831bbc3e/data/raw/2020/Targeted%20Attack%20Leverages%20India-China%20Border%20Dispute.pdf.txt
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/APT/chches_APT10.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/crimeware/jasperloader.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/crimeware/saefko.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/dddad4550180e92eb33275b5167249a74f9a22e0/Crimeware/saefko.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/APT/chches_APT10.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Crimeware/jasperloader.profile
https://raw.githubusercontent.com/ION28/BLUESPAWN/be2f0354f02a8d13abd8de357cbb89b3b6bc604c/BLUESPAWN-win-client/src/util/processes/ParseCobalt.cpp
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/Social/reddit.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/reddit.profile
https://raw.githubusercontent.com/JPCERTCC/aa-tools/404eceb256447e51c476a61e461c5cf386d50d16/cobaltstrikescan.py
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/gotomeeting.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/msu_edu.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/office365_calendar.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/windows-updates.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/Misc/mayoclinic.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/9f1182d7f77339e2587ecc5f3e094e05bef5db20/clean_template.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/mayoclinic.profile
https://raw.githubusercontent.com/guidepointsecurity/RedCommander/f8dc14428886247b322552cc9e7eeffd7e4cea2d/files/custom/HTTPS/evasive.profile
https://raw.githubusercontent.com/guidepointsecurity/RedCommander/f8dc14428886247b322552cc9e7eeffd7e4cea2d/files/custom/DNS/evasive.profile
https://raw.githubusercontent.com/Spacial/awesome-csirt/69449dd9181e490a04bd24bb9d4179d2681aabe9/scripts/grab_beacon_config.nse
https://raw.githubusercontent.com/rsmudge/Malleable-C2-Profiles/26323784672913923d20c5a638c6ca79459e8529/normal/reference.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/reddit.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/reddit.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/reddit.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/Social/slack.profile
https://raw.githubusercontent.com/yeyintminthuhtut/Malleable-C2-Profiles-Collection/b1dc3b83c018dcbf6b823f9027c928d07949a063/Social/stackoverflow.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/stackoverflow.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/gotomeeting.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/msu_edu.profile
https://raw.githubusercontent.com/lee-c3x/malleable/3fd552e4373c639968f70978f327012873bd38cd/office365_calendar.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/gotomeeting.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/msu_edu.profile
https://raw.githubusercontent.com/xx0hcd/Malleable-C2-Profiles/1b110729860fd7e6f37aa3e6d04e24e6539f16de/normal/office365_calendar.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/gotomeeting.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/msu_edu.profile
https://raw.githubusercontent.com/BC-SECURITY/Malleable-C2-Profiles/6a749f0ef99211db3812065f2b24ae023f5bd3dc/Normal/office365_calendar.profile
https://raw.githubusercontent.com/federico33385/Malleable-C2-Profiles/7b97eb61dc014193c4abbc4853914d268aebe72c/Normal/youtube_video.profile
https://raw.githubusercontent.com/aleenzz/Cobalt_Strike_wiki/a47e592bdd6562cb74cc3308e6801593901c97aa/3-%E7%AC%AC%E4%BA%8C%E8%8A%82%5BMalleable%20C2%20%E8%AF%AD%E6%B3%95%E8%A7%A3%E6%9E%90%E4%B8%8E%E6%96%87%E6%A1%A3%5D.md
@MHaggis
Copy link
Author

MHaggis commented Feb 8, 2021

Spawnto:

 amazon.profile:175:    #set spawnto_x86 "%windir%\\syswow64\\gpresult.exe"; 
amazon.profile:176:    #set spawnto_x64 "%windir%\\sysnative\\gpresult.exe";
amazon.profile:178:    #set spawnto_x86 "%windir%\\syswow64\\svchost.exe -k netsvcs";
amazon.profile:179:    #set spawnto_x64 "%windir%\\sysnative\\svchost.exe -k netsvcs";
amazon.profile:181:    set spawnto_x86 "%windir%\\syswow64\\FlashPlayerApp.exe";
amazon.profile:182:    set spawnto_x64 "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe";
amazon.profile:184:    #set spawnto_x86 "C:\\Program Files (x86)\\Microsoft Office\\Office16\\excelcnv.exe";
amazon.profile:185:    #set spawnto_x64 "C:\\Program Files\\Mozilla Firefox\\firefox.exe";
amazon2.profile:85:    set spawnto_x86 "%windir%\\syswow64\\svchost.exe -k netsvcs";
amazon2.profile:86:    set spawnto_x64 "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe";
chches_APT10.profile:133:set spawnto_x86 "%windir%\\syswow64\\reg.exe";
chches_APT10.profile:134:set spawnto_x64 "%windir%\\sysnative\\reg.exe";
clean_template.profile:352:    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
clean_template.profile:353:    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
cobalt.profile:117:##    spawnto_x86: 	%windir%\syswow64\rundll32.exe
cobalt.profile:118:##    spawnto_x64: 	%windir%\sysnative\rundll32.exe
cobalt.profile:130:set spawnto_x86 "%windir%\\syswow64\\svchost.exe -k netsvcs";
cobalt.profile:131:set spawnto_x64 "%windir%\\sysnative\\svchost.exe -k netsvcs";
covid19_koadic.profile:353:    set spawnto_x86 "%windir%\\syswow64\\rundll32.exe";
covid19_koadic.profile:354:    set spawnto_x64 "%windir%\\sysnative\\rundll32.exe";
CS4.0_guideline.profile:311:	set spawnto_x86 "%windir%\\syswow64\\<mfpmp>.exe";              # Do not 
specify %windir%\system32 or c:\windows\system32 directly
CS4.0_guideline.profile:312:	set spawnto_x64 "%windir%\\sysnative\\<mfpmp>.exe";             # Do not 
specify %windir%\system32 or c:\windows\system32 directly
duckduckgo-ramen-search-get-only.profile:13:set spawnto_x86 "%windir%\\syswow64\\gpresult.exe";
duckduckgo-ramen-search-get-only.profile:14:set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
evasive.profile:176:	set spawnto_x86 "%windir%\\syswow64\\WUAUCLT.exe";
evasive.profile:177:	set spawnto_x64 "%windir%\\sysnative\\WUAUCLT.exe";
gotomeeting.profile:174:    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
gotomeeting.profile:175:    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
iheartradio.profile:212:    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
iheartradio.profile:213:    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
jasperloader.profile:143:    set spawnto_x86 "%windir%\\syswow64\\wscript.exe";
jasperloader.profile:144:    set spawnto_x64 "%windir%\\sysnative\\wscript.exe";
jquery-c2.3.11.profile:116:##    spawnto_x86: 	%windir%\syswow64\rundll32.exe
jquery-c2.3.11.profile:117:##    spawnto_x64: 	%windir%\sysnative\rundll32.exe
jquery-c2.3.11.profile:129:set spawnto_x86 "%windir%\\syswow64\\svchost.exe -k netsvcs";
jquery-c2.3.11.profile:130:set spawnto_x64 "%windir%\\sysnative\\svchost.exe -k netsvcs";
jquery-c2.3.12.profile:116:##    spawnto_x86: 	%windir%\syswow64\rundll32.exe
jquery-c2.3.12.profile:117:##    spawnto_x64: 	%windir%\sysnative\rundll32.exe
jquery-c2.3.12.profile:129:set spawnto_x86 "%windir%\\syswow64\\svchost.exe -k netsvcs";
jquery-c2.3.12.profile:130:set spawnto_x64 "%windir%\\sysnative\\svchost.exe -k netsvcs";
jquery-c2.3.13.profile:133:##    spawnto_x86: 	%windir%\syswow64\rundll32.exe
jquery-c2.3.13.profile:134:##    spawnto_x64: 	%windir%\sysnative\rundll32.exe
jquery-c2.3.13.profile:147:set spawnto_x86 "%windir%\\syswow64\\svchost.exe -k netsvcs";
jquery-c2.3.13.profile:148:set spawnto_x64 "%windir%\\sysnative\\svchost.exe -k netsvcs";
jquery-c2.3.14.profile:131:##    spawnto_x86: 	%windir%\syswow64\rundll32.exe
jquery-c2.3.14.profile:132:##    spawnto_x64: 	%windir%\sysnative\rundll32.exe
jquery-c2.3.14.profile:146:##      - set spawnto_x86 "%windir%\\syswow64\\svchost.exe -k netsvcs";
jquery-c2.3.14.profile:147:##      - set spawnto_x64 "%windir%\\sysnative\\svchost.exe -k netsvcs";
jquery-c2.3.14.profile:152:    set spawnto_x86 "%windir%\\syswow64\\dllhost.exe";
jquery-c2.3.14.profile:153:    set spawnto_x64 "%windir%\\sysnative\\dllhost.exe";
jquery-c2.4.0.profile:117:##    spawnto_x86: 	%windir%\\syswow64\\rundll32.exe
jquery-c2.4.0.profile:118:##    spawnto_x64: 	%windir%\\sysnative\\rundll32.exe
jquery-c2.4.0.profile:135:##      - set spawnto_x86 "%windir%\\syswow64\\svchost.exe -k netsvcs";
jquery-c2.4.0.profile:136:##      - set spawnto_x64 "%windir%\\sysnative\\svchost.exe -k netsvcs";
jquery-c2.4.0.profile:144:    set spawnto_x86 "%windir%\\syswow64\\dllhost.exe";
jquery-c2.4.0.profile:146:    set spawnto_x64 "%windir%\\sysnative\\dllhost.exe";
jquery-c2.4.2.profile:257:##    spawnto_x86       %windir%\\syswow64\\rundll32.exe
jquery-c2.4.2.profile:258:##    spawnto_x64       %windir%\\sysnative\\rundll32.exe
jquery-c2.4.2.profile:278:##      - set spawnto_x86 "%windir%\\syswow64\\svchost.exe -k netsvcs";
jquery-c2.4.2.profile:279:##      - set spawnto_x64 "%windir%\\sysnative\\svchost.exe -k netsvcs";
jquery-c2.4.2.profile:287:    set spawnto_x86 "%windir%\\syswow64\\dllhost.exe";
jquery-c2.4.2.profile:289:    set spawnto_x64 "%windir%\\sysnative\\dllhost.exe";
lee-malleable-skeleton.profile:16:set spawnto_x86 "%windir%\\syswow64\\calc.exe";
lee-malleable-skeleton.profile:17:set spawnto_x64 "%windir%\\sysnative\\notepad.exe";
mayoclinic.profile:148:    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
mayoclinic.profile:149:    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
meterpreter.profile:13:set spawnto_x86 "%windir%\\syswow64\\notepad.exe";
meterpreter.profile:14:set spawnto_x64 "%windir%\\sysnative\\notepad.exe";
mscrl.profile:344:    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
mscrl.profile:345:    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
msu_edu.profile:293:    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
msu_edu.profile:294:    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
myhttpsc2.profile:501:    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
myhttpsc2.profile:502:    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
office365_calendar.profile:158:    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
office365_calendar.profile:159:    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
reddit.profile:149:    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
reddit.profile:150:    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
reference.profile:308:    set spawnto_x86 "%windir%\\syswow64\\WerFault.exe";
reference.profile:309:    set spawnto_x64 "%windir%\\sysnative\\WerFault.exe";
saefko.profile:134:    set spawnto_x86 "%windir%\\syswow64\\wscript.exe";
saefko.profile:135:    set spawnto_x64 "%windir%\\sysnative\\wscript.exe";
slack.profile:211:    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
slack.profile:212:    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
stackoverflow.profile:196:    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
stackoverflow.profile:197:    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
template.profile:519:    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
template.profile:520:    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
trevor.profile:165:    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
trevor.profile:166:    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
trick_ryuk.profile:368:    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
trick_ryuk.profile:369:    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
windows-updates.profile:72:    set spawnto_x86 "%windir%\\syswow64\\wusa.exe";
windows-updates.profile:75:    set spawnto_x64 "%windir%\\sysnative\\wusa.exe";
youtube_video.profile:177:    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
youtube_video.profile:178:    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
zillow.profile:172:	set spawnto_x86 "%windir%\\syswow64\\gpresult.exe";
zillow.profile:173:	set spawnto_x64 "%windir%\\sysnative\\gpresult.exe";
zloader.profile:355:    set spawnto_x86 "%windir%\\syswow64\\explorer.exe";
zloader.profile:356:    set spawnto_x64 "%windir%\\sysnative\\explorer.exe";

@MHaggis
Copy link
Author

MHaggis commented Feb 8, 2021

Pipes:

 bing.profile:68:set pipename "win_svc";            
bing.profile:69:set pipename_stager "win_svc";     
clean_template.profile:24:set pipename "ntsvcs##";
clean_template.profile:25:set pipename_stager "scerpc##";
clean_template.profile:34:set ssh_pipename "SearchTextHarvester##";
clean_template.profile:363:    set pipename "DserNamePipe##";
cobalt.profile:139:##    pipename: msagent_##
cobalt.profile:140:##    pipename_stager: status_##
cobalt.profile:142:##    - Do not use an existing namedpipe, Beacon doesn't check for conflict!
cobalt.profile:145:#set pipename        "wkssvc_##";
cobalt.profile:146:#set pipename_stager "spoolss_##";
cobalt.profile:147:set pipename         "mojo.5688.8052.183894939787088877##"; # Common Chrome named pipe
cobalt.profile:148:set pipename_stager  "mojo.5688.8052.35780273329370473##"; # Common Chrome named pipe
covid19_koadic.profile:27:set pipename "ntsvcs";
covid19_koadic.profile:28:set pipename_stager "scerpc";
CS4.0_guideline.profile:36:set pipename "<win_svc+8546>";            # Name of pipe to use for SMB beacon's peer-to-peer 
communication
CS4.0_guideline.profile:37:set pipename_stager "<win_svc+8546>";     # Name of pipe to use for SMB beacon's named pipe 
stager
evasive.profile:19:set pipename "fullduplex_##";
evasive.profile:20:set pipename_stager "rpc_##";
havex.profile:21:set pipename "mypipe-f##";
havex.profile:22:set pipename_stager "mypipe-h##";
jquery-c2.3.11.profile:138:##    pipename: msagent_##
jquery-c2.3.11.profile:139:##    pipename_stager: status_##
jquery-c2.3.11.profile:141:##    - Do not use an existing namedpipe, Beacon doesn't check for conflict!
jquery-c2.3.11.profile:144:#set pipename        "wkssvc_##";
jquery-c2.3.11.profile:145:#set pipename_stager "spoolss_##";
jquery-c2.3.11.profile:146:set pipename         "mojo.5688.8052.183894939787088877##"; # Common Chrome named pipe
jquery-c2.3.11.profile:147:set pipename_stager  "mojo.5688.8052.35780273329370473##"; # Common Chrome named pipe
jquery-c2.3.12.profile:138:##    pipename: msagent_##
jquery-c2.3.12.profile:139:##    pipename_stager: status_##
jquery-c2.3.12.profile:141:##    - Do not use an existing namedpipe, Beacon doesn't check for conflict!
jquery-c2.3.12.profile:144:#set pipename        "wkssvc_##";
jquery-c2.3.12.profile:145:#set pipename_stager "spoolss_##";
jquery-c2.3.12.profile:146:set pipename         "mojo.5688.8052.183894939787088877##"; # Common Chrome named pipe
jquery-c2.3.12.profile:147:set pipename_stager  "mojo.5688.8052.35780273329370473##"; # Common Chrome named pipe
jquery-c2.3.13.profile:171:##    pipename: msagent_##
jquery-c2.3.13.profile:172:##    pipename_stager: status_##
jquery-c2.3.13.profile:174:##    - Do not use an existing namedpipe, Beacon doesn't check for conflict!
jquery-c2.3.13.profile:177:#set pipename        "wkssvc_##";
jquery-c2.3.13.profile:178:#set pipename_stager "spoolss_##";
jquery-c2.3.13.profile:179:set pipename         "mojo.5688.8052.183894939787088877##"; # Common Chrome named pipe
jquery-c2.3.13.profile:180:set pipename_stager  "mojo.5688.8052.35780273329370473##"; # Common Chrome named pipe
jquery-c2.3.14.profile:177:##    pipename: msagent_##
jquery-c2.3.14.profile:178:##    pipename_stager: status_##
jquery-c2.3.14.profile:180:##    - Do not use an existing namedpipe, Beacon doesn't check for conflict!
jquery-c2.3.14.profile:183:#set pipename        "wkssvc_##";
jquery-c2.3.14.profile:184:#set pipename_stager "spoolss_##";
jquery-c2.3.14.profile:185:set pipename         "mojo.5688.8052.183894939787088877##"; # Common Chrome named pipe
jquery-c2.3.14.profile:186:set pipename_stager  "mojo.5688.8052.35780273329370473##"; # Common Chrome named pipe
jquery-c2.4.0.profile:177:##    pipename: msagent_##
jquery-c2.4.0.profile:178:##    pipename_stager: status_##
jquery-c2.4.0.profile:180:##    - Do not use an existing namedpipe, Beacon doesn't check for conflict!
jquery-c2.4.0.profile:183:set pipename         "mojo.5688.8052.183894939787088877##"; # Common Chrome named pipe
jquery-c2.4.0.profile:184:set pipename_stager  "mojo.5688.8052.35780273329370473##"; # Common Chrome named pipe
jquery-c2.4.2.profile:154:##    pipename: msagent_##
jquery-c2.4.2.profile:155:##    pipename_stager: status_##
jquery-c2.4.2.profile:158:##    - Do not use an existing namedpipe, Beacon doesn't check for conflict!
jquery-c2.4.2.profile:161:set pipename         "mojo.5688.8052.183894939787088877##"; # Common Chrome named pipe
jquery-c2.4.2.profile:162:set pipename_stager  "mojo.5688.8052.35780273329370473##"; # Common Chrome named pipe
jquery-c2.4.2.profile:197:set ssh_pipename      "wkssvc##";
jquery-c2.4.2.profile:260:##    pipename          postex_####, windows\\pipe_##           CS 4.2 - Change the named pipe 
names used, by post-ex DLLs, to send output back to Beacon. This option accepts a comma-separated list of pipenames. Cobalt 
Strike will select a random pipe name from this option when it sets up a post-exploitation job. Each # in the pipename is 
replaced with a valid hex character as well.
jquery-c2.4.2.profile:296:    # Modify our post-ex pipe names
jquery-c2.4.2.profile:297:    set pipename "Winsock2\\CatalogChangeListener-###-0,";
lee-malleable-skeleton.profile:19:set pipename "demoagent_11";
lee-malleable-skeleton.profile:20:set pipename_stager "demoagent_22";
meterpreter.profile:39:	stringw "pipe";
meterpreter.profile:41:	stringw "pipe";
meterpreter.profile:42:	stringw "\\\\%s\\pipe\\%s";
mscrl.profile:23:set pipename "ntsvcs##";
mscrl.profile:24:set pipename_stager "scerpc##";
mscrl.profile:32:set ssh_pipename "SearchTextHarvester##";
mscrl.profile:354:    set pipename "DserNamePipe##, PGMessagePipe##, MsFteWds##";
msu_edu.profile:23:set pipename "ntsvcs";
msu_edu.profile:24:set pipename_stager "scerpc";
myhttpsc2.profile:28:#use different strings for pipename and pipename_stager.
myhttpsc2.profile:29:set pipename "ntsvcs";
myhttpsc2.profile:30:set pipename_stager "scerpc";
reference.profile:19:set pipename "msagent_###"; #Default name of pipe to use for SMB Beacon’s peer-to-peer communication. 
Each # is replaced witha random hex value.
reference.profile:20:set pipename_stager "status_##";
reference.profile:25:set ssh_pipename "postex_ssh_####";
reference.profile:312:    # change our post-ex output named pipe names...
reference.profile:313:    set pipename "msrpc_####, win\\msrpc_##";
template.profile:28:#use different strings for pipename and pipename_stager.
template.profile:29:set pipename "ntsvcs##";
template.profile:30:set pipename_stager "scerpc##";
template.profile:39:set ssh_pipename "SearchTextHarvester##";
template.profile:530:    set pipename "DserNamePipe##";
trick_ryuk.profile:26:set pipename "ntsvcs##";
trick_ryuk.profile:27:set pipename_stager "scerpc##";
trick_ryuk.profile:34:set ssh_pipename "SearchTextHarvester##";
trick_ryuk.profile:379:    set pipename "DserNamePipe##";
windows-updates.profile:90:set pipename         "windows.update.manager##";
windows-updates.profile:91:set pipename_stager  "windows.update.manager###";
zillow.profile:18:# SMB pipe settings
zillow.profile:19:set pipename	"f4c3##";
zillow.profile:20:set pipename_stager	"f53f##";
zloader.profile:26:set pipename "ntsvcs";
zloader.profile:27:set pipename_stager "scerpc";

@MHaggis
Copy link
Author

MHaggis commented Feb 8, 2021

Compile time:

 amazon.profile:108:    set compile_time   "25 Oct 2019 13:10:50";
chches_APT10.profile:139:	set compile_time   "23 Nov 2016 19:31:37";
clean_template.profile:272:    set compile_time    "25 Oct 2016 01:57:23";
covid19_koadic.profile:274:    set compile_time    "04 Mar 2020 17:56:00";
CS4.0_guideline.profile:223:    set compile_time "<02 April 2020 02:35:00>";    # The build time in Beacon's PE header
evasive.profile:137:	set compile_time "31 Jan 2020 21:37:17";
gotomeeting.profile:189:	set compile_time   "25 Oct 2016 01:57:23";
havex.profile:28:	set compile_time   "30 Dec 2013 07:53:48";
iheartradio.profile:227:    set compile_time   "25 Oct 2016 01:57:23";
jasperloader.profile:157:    set compile_time    "15 Apr 2015 01:24:00";
jquery-c2.3.11.profile:225:##    compile_time	    14 July 2009 8:14:00	The build time in Beacon's PE header
jquery-c2.3.11.profile:250:	set compile_time   "11 Nov 2016 04:08:32";
jquery-c2.3.12.profile:225:##    compile_time	    14 July 2009 8:14:00	The build time in Beacon's PE header
jquery-c2.3.12.profile:252:	set compile_time   "11 Nov 2016 04:08:32";
jquery-c2.3.13.profile:260:##    compile_time	    14 July 2009 8:14:00	The build time in Beacon's PE header
jquery-c2.3.13.profile:287:	set compile_time   "11 Nov 2016 04:08:32";
jquery-c2.3.14.profile:266:##    compile_time	    14 July 2009 8:14:00	The build time in Beacon's PE header
jquery-c2.3.14.profile:293:	set compile_time   "11 Nov 2016 04:08:32";
jquery-c2.4.0.profile:266:##    compile_time	    14 July 2009 8:14:00	The build time in Beacon's PE header
jquery-c2.4.0.profile:295:	set compile_time   "11 Nov 2016 04:08:32";
jquery-c2.4.2.profile:311:##    compile_time      14 July 2009 8:14:00    The build time in Beacon's PE header
jquery-c2.4.2.profile:352:    set compile_time   "11 Nov 2016 04:08:32";
lee-malleable-skeleton.profile:29:	set compile_time "10 November 2010 10:10:10";
mayoclinic.profile:163:    set compile_time   "25 Oct 2016 01:57:23"; 
meterpreter.profile:26:	set compile_time "08 May 2017 23:13:38";
mscrl.profile:263:    set compile_time    "17 Oct 2020 04:32:14";
msu_edu.profile:229:    set compile_time    "23 Nov 2018 02:25:37";
myhttpsc2.profile:405:    set compile_time   "25 Oct 2016 01:57:23";
office365_calendar.profile:173:    set compile_time   "25 Oct 2016 01:57:23";
reddit.profile:164:	set compile_time   "25 Oct 2016 01:57:23";
reference.profile:270:    set compile_time "14 Jul 2018 8:14:00";
saefko.profile:148:    set compile_time    "12 Feb 2019 14:33:03";
slack.profile:226:	set compile_time   "25 Oct 2016 01:57:23";
stackoverflow.profile:211:	set compile_time   "25 Oct 2016 01:57:23";
template.profile:412:    set compile_time   "25 Oct 2016 01:57:23";
trevor.profile:180:    set compile_time   "25 Oct 2016 01:57:23";
trick_ryuk.profile:277:    set compile_time    "16 Apr 2020 17:56:00";
windows-updates.profile:35:  	set compile_time   "26 Oct 2080 00:55:44";
youtube_video.profile:192:    set compile_time   "25 Oct 2016 01:57:23";
zloader.profile:280:    set compile_time    "16 Apr 2020 17:56:00";

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment