Last active
April 10, 2021 11:35
-
-
Save MichaelKoczwara/0919598da74a844f923033ea5d97379c to your computer and use it in GitHub Desktop.
Cobalt Strike servers 192.151.234.160 - 192.151.234.190
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Cobalt Strike Servers: | |
| 192.151.234.160 | |
| 192.151.234.161 | |
| 192.151.234.162 | |
| 192.151.234.163 | |
| 192.151.234.164 | |
| 192.151.234.165 | |
| 192.151.234.166 | |
| 192.151.234.167 | |
| 192.151.234.168 | |
| 192.151.234.169 | |
| 192.151.234.170 | |
| 192.151.234.171 | |
| 192.151.234.172 | |
| 192.151.234.173 | |
| 192.151.234.174 | |
| 192.151.234.175 | |
| 192.151.234.176 | |
| 192.151.234.177 | |
| 192.151.234.178 | |
| 192.151.234.179 | |
| 192.151.234.180 | |
| 192.151.234.181 | |
| 192.151.234.182 | |
| 192.151.234.183 | |
| 192.151.234.184 | |
| 192.151.234.185 | |
| 192.151.234.186 | |
| 192.151.234.187 | |
| 192.151.234.188 | |
| 192.151.234.189 | |
| 192.151.234.190 | |
| ------------------------- | |
| all hosted on CloudRadium L.L.C | |
| ------------------------- | |
| c2 | |
| 103.55.128.118,\/ga.js | |
| ------------------------ | |
| beacons | |
| 192.151.234.190 | |
| {"x86": {"sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "time": 1617302730062.0, "config": {"Max DNS": 255, "Pipe Name": "", "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ga.js", "Method 1": "GET", "DNS Idle": "0.0.0.0", "Polling": 60000, "HTTP Method Path 2": "\/submit.php", "Jitter": 0, "Port": 443, "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Beacon Type": "0 (HTTP)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Header 1": "", "Header 2": ""}}, "x64": {"sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "time": 1617302734292.4, "config": {"Max DNS": 255, "Pipe Name": "", "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ptj", "Method 1": "GET", "DNS Idle": "0.0.0.0", "Polling": 60000, "HTTP Method Path 2": "\/submit.php", "Jitter": 0, "Port": 443, "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Beacon Type": "0 (HTTP)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Header 1": "", "Header 2": ""}}} | |
| 192.151.234.165 | |
| {"x64": {"time": 1617302858872.1, "config": {"HTTP Method Path 2": "\/submit.php", "Jitter": 0, "DNS Sleep": 0, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ptj", "Max DNS": 255, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 1": "", "Method 2": "POST", "Port": 443, "Polling": 60000, "Method 1": "GET", "Header 2": "", "Pipe Name": ""}, "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}, "x86": {"time": 1617302855267.4, "config": {"HTTP Method Path 2": "\/submit.php", "Jitter": 0, "DNS Sleep": 0, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ga.js", "Max DNS": 255, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 1": "", "Method 2": "POST", "Port": 443, "Polling": 60000, "Method 1": "GET", "Header 2": "", "Pipe Name": ""}, "md5": "35d1c3a7654146f572470d929772057e", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}} | |
| 192.151.234.179 | |
| {"x86": {"time": 1617302942306.5, "md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Beacon Type": "0 (HTTP)", "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Header 1": "", "Pipe Name": "", "Method 2": "POST", "Port": 443, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "C2 Server": "103.55.128.118,\/ga.js", "Header 2": "", "Jitter": 0, "Method 1": "GET", "Max DNS": 255, "DNS Sleep": 0, "Polling": 60000, "HTTP Method Path 2": "\/submit.php"}}, "x64": {"time": 1617302946070.2, "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Beacon Type": "0 (HTTP)", "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Header 1": "", "Pipe Name": "", "Method 2": "POST", "Port": 443, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "C2 Server": "103.55.128.118,\/ptj", "Header 2": "", "Jitter": 0, "Method 1": "GET", "Max DNS": 255, "DNS Sleep": 0, "Polling": 60000, "HTTP Method Path 2": "\/submit.php"}}} | |
| 192.151.234.170 | |
| {"x64": {"time": 1617303007813.4, "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "config": {"DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ptj", "Polling": 60000, "Port": 443, "Method 2": "POST", "Pipe Name": "", "Header 2": "", "Header 1": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "HTTP Method Path 2": "\/submit.php", "Max DNS": 255, "Beacon Type": "0 (HTTP)", "Jitter": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "DNS Idle": "0.0.0.0", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 1": "GET"}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8"}, "x86": {"time": 1617303003879.5, "md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "config": {"DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ga.js", "Polling": 60000, "Port": 443, "Method 2": "POST", "Pipe Name": "", "Header 2": "", "Header 1": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "HTTP Method Path 2": "\/submit.php", "Max DNS": 255, "Beacon Type": "0 (HTTP)", "Jitter": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "DNS Idle": "0.0.0.0", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 1": "GET"}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35"}} | |
| 192.151.234.175 | |
| {"x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "time": 1617303228589.3, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716", "config": {"Polling": 60000, "Header 1": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "DNS Idle": "0.0.0.0", "Method 1": "GET", "HTTP Method Path 2": "\/submit.php", "Pipe Name": "", "Jitter": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Max DNS": 255, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Header 2": "", "DNS Sleep": 0, "Method 2": "POST", "Port": 443, "Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ptj"}}, "x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "time": 1617303224767.5, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e", "config": {"Polling": 60000, "Header 1": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "DNS Idle": "0.0.0.0", "Method 1": "GET", "HTTP Method Path 2": "\/submit.php", "Pipe Name": "", "Jitter": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Max DNS": 255, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Header 2": "", "DNS Sleep": 0, "Method 2": "POST", "Port": 443, "Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ga.js"}}} | |
| 192.151.234.176 | |
| {"x86": {"md5": "35d1c3a7654146f572470d929772057e", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "config": {"DNS Idle": "0.0.0.0", "Method 1": "GET", "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ga.js", "Jitter": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Polling": 60000, "Port": 443, "HTTP Method Path 2": "\/submit.php", "Header 2": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Pipe Name": "", "Method 2": "POST", "Max DNS": 255, "Beacon Type": "0 (HTTP)", "Header 1": ""}, "time": 1617303313068.8}, "x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "config": {"DNS Idle": "0.0.0.0", "Method 1": "GET", "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ptj", "Jitter": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Polling": 60000, "Port": 443, "HTTP Method Path 2": "\/submit.php", "Header 2": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Pipe Name": "", "Method 2": "POST", "Max DNS": 255, "Beacon Type": "0 (HTTP)", "Header 1": ""}, "time": 1617303319830.1}} | |
| 192.151.234.177 | |
| {"x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "config": {"DNS Sleep": 0, "Jitter": 0, "Beacon Type": "0 (HTTP)", "Pipe Name": "", "C2 Server": "103.55.128.118,\/ga.js", "DNS Idle": "0.0.0.0", "Max DNS": 255, "Header 1": "", "Polling": 60000, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Port": 443, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 2": "POST", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Method 1": "GET", "Header 2": "", "HTTP Method Path 2": "\/submit.php"}, "time": 1617303365014.2}, "x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "config": {"DNS Sleep": 0, "Jitter": 0, "Beacon Type": "0 (HTTP)", "Pipe Name": "", "C2 Server": "103.55.128.118,\/ptj", "DNS Idle": "0.0.0.0", "Max DNS": 255, "Header 1": "", "Polling": 60000, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Port": 443, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 2": "POST", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Method 1": "GET", "Header 2": "", "HTTP Method Path 2": "\/submit.php"}, "time": 1617303369105.3}} | |
| 192.151.234.190 | |
| {"x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"HTTP Method Path 2": "\/submit.php", "Jitter": 0, "C2 Server": "103.55.128.118,\/ga.js", "Header 2": "", "Polling": 60000, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Beacon Type": "0 (HTTP)", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Sleep": 0, "Max DNS": 255, "Method 2": "POST", "Method 1": "GET", "DNS Idle": "0.0.0.0", "Port": 443, "Pipe Name": "", "Header 1": ""}, "time": 1617303427571.4, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e"}, "x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"HTTP Method Path 2": "\/submit.php", "Jitter": 0, "C2 Server": "103.55.128.118,\/ptj", "Header 2": "", "Polling": 60000, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Beacon Type": "0 (HTTP)", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Sleep": 0, "Max DNS": 255, "Method 2": "POST", "Method 1": "GET", "DNS Idle": "0.0.0.0", "Port": 443, "Pipe Name": "", "Header 1": ""}, "time": 1617303431444.6, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716"}} | |
| 192.151.234.186 | |
| {"x64": {"time": 1617303483094.7, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Header 1": "", "Pipe Name": "", "Header 2": "", "C2 Server": "103.55.128.118,\/ptj", "Beacon Type": "0 (HTTP)", "Jitter": 0, "DNS Idle": "0.0.0.0", "Max DNS": 255, "Polling": 60000, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 1": "GET", "Port": 443, "DNS Sleep": 0, "HTTP Method Path 2": "\/submit.php", "Method 2": "POST"}, "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}, "x86": {"time": 1617303478061.3, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Header 1": "", "Pipe Name": "", "Header 2": "", "C2 Server": "103.55.128.118,\/ga.js", "Beacon Type": "0 (HTTP)", "Jitter": 0, "DNS Idle": "0.0.0.0", "Max DNS": 255, "Polling": 60000, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 1": "GET", "Port": 443, "DNS Sleep": 0, "HTTP Method Path 2": "\/submit.php", "Method 2": "POST"}, "md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}} | |
| 192.151.234.184 | |
| {"x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "time": 1617303532572.6, "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "C2 Server": "103.55.128.118,\/ptj", "DNS Idle": "0.0.0.0", "Header 1": "", "Method 2": "POST", "Method 1": "GET", "HTTP Method Path 2": "\/submit.php", "DNS Sleep": 0, "Port": 443, "Polling": 60000, "Pipe Name": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Max DNS": 255, "Beacon Type": "0 (HTTP)", "Header 2": "", "Jitter": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe"}}, "x86": {"md5": "35d1c3a7654146f572470d929772057e", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "time": 1617303525696.7, "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "C2 Server": "103.55.128.118,\/ga.js", "DNS Idle": "0.0.0.0", "Header 1": "", "Method 2": "POST", "Method 1": "GET", "HTTP Method Path 2": "\/submit.php", "DNS Sleep": 0, "Port": 443, "Polling": 60000, "Pipe Name": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Max DNS": 255, "Beacon Type": "0 (HTTP)", "Header 2": "", "Jitter": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe"}}} | |
| 192.151.234.183 | |
| {"x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Polling": 60000, "Pipe Name": "", "Method 1": "GET", "Jitter": 0, "HTTP Method Path 2": "\/submit.php", "DNS Idle": "0.0.0.0", "DNS Sleep": 0, "Header 2": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Port": 443, "Method 2": "POST", "C2 Server": "103.55.128.118,\/ptj", "Max DNS": 255, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 1": "", "Beacon Type": "0 (HTTP)"}, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "time": 1617303590528.7, "md5": "1b53f921f14712f2fbda5ce11aa12716"}, "x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Polling": 60000, "Pipe Name": "", "Method 1": "GET", "Jitter": 0, "HTTP Method Path 2": "\/submit.php", "DNS Idle": "0.0.0.0", "DNS Sleep": 0, "Header 2": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Port": 443, "Method 2": "POST", "C2 Server": "103.55.128.118,\/ga.js", "Max DNS": 255, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 1": "", "Beacon Type": "0 (HTTP)"}, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "time": 1617303587026.3, "md5": "35d1c3a7654146f572470d929772057e"}} | |
| 192.151.234.170 | |
| {"x64": {"sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "config": {"Beacon Type": "0 (HTTP)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Max DNS": 255, "Method 2": "POST", "Jitter": 0, "Port": 443, "C2 Server": "103.55.128.118,\/ptj", "Method 1": "GET", "HTTP Method Path 2": "\/submit.php", "Header 2": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Pipe Name": "", "Polling": 60000, "DNS Idle": "0.0.0.0", "Header 1": ""}, "md5": "1b53f921f14712f2fbda5ce11aa12716", "time": 1617303675965.9, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8"}, "x86": {"sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "config": {"Beacon Type": "0 (HTTP)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Max DNS": 255, "Method 2": "POST", "Jitter": 0, "Port": 443, "C2 Server": "103.55.128.118,\/ga.js", "Method 1": "GET", "HTTP Method Path 2": "\/submit.php", "Header 2": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Pipe Name": "", "Polling": 60000, "DNS Idle": "0.0.0.0", "Header 1": ""}, "md5": "35d1c3a7654146f572470d929772057e", "time": 1617303672563.2, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35"}} | |
| 192.151.234.171 | |
| {"x64": {"config": {"C2 Server": "103.55.128.118,\/ptj", "Method 2": "POST", "Beacon Type": "0 (HTTP)", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Max DNS": 255, "HTTP Method Path 2": "\/submit.php", "Polling": 60000, "Port": 443, "Header 2": "", "Method 1": "GET", "DNS Sleep": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Pipe Name": "", "DNS Idle": "0.0.0.0", "Header 1": "", "Jitter": 0}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "time": 1617303728737.3}, "x86": {"config": {"C2 Server": "103.55.128.118,\/ga.js", "Method 2": "POST", "Beacon Type": "0 (HTTP)", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Max DNS": 255, "HTTP Method Path 2": "\/submit.php", "Polling": 60000, "Port": 443, "Header 2": "", "Method 1": "GET", "DNS Sleep": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Pipe Name": "", "DNS Idle": "0.0.0.0", "Header 1": "", "Jitter": 0}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "time": 1617303725175.9}} | |
| 192.151.234.177 | |
| {"x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "time": 1617303832330.1, "config": {"User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "103.55.128.118,\/ga.js", "Header 1": "", "DNS Sleep": 0, "DNS Idle": "0.0.0.0", "Pipe Name": "", "Header 2": "", "Method 1": "GET", "Max DNS": 255, "HTTP Method Path 2": "\/submit.php", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Jitter": 0, "Port": 443, "Polling": 60000, "Beacon Type": "0 (HTTP)"}}, "x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "time": 1617303835870.1, "config": {"User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "103.55.128.118,\/ptj", "Header 1": "", "DNS Sleep": 0, "DNS Idle": "0.0.0.0", "Pipe Name": "", "Header 2": "", "Method 1": "GET", "Max DNS": 255, "HTTP Method Path 2": "\/submit.php", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Jitter": 0, "Port": 443, "Polling": 60000, "Beacon Type": "0 (HTTP)"}}} | |
| 192.151.234.167 | |
| {"x86": {"sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "config": {"Pipe Name": "", "Method 1": "GET", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Polling": 60000, "Beacon Type": "0 (HTTP)", "Jitter": 0, "Max DNS": 255, "C2 Server": "103.55.128.118,\/ga.js", "DNS Idle": "0.0.0.0", "Header 1": "", "Method 2": "POST", "DNS Sleep": 0, "Port": 443, "HTTP Method Path 2": "\/submit.php", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Header 2": ""}, "md5": "35d1c3a7654146f572470d929772057e", "time": 1617303891127.3, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35"}, "x64": {"sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "config": {"Pipe Name": "", "Method 1": "GET", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Polling": 60000, "Beacon Type": "0 (HTTP)", "Jitter": 0, "Max DNS": 255, "C2 Server": "103.55.128.118,\/ptj", "DNS Idle": "0.0.0.0", "Header 1": "", "Method 2": "POST", "DNS Sleep": 0, "Port": 443, "HTTP Method Path 2": "\/submit.php", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Header 2": ""}, "md5": "1b53f921f14712f2fbda5ce11aa12716", "time": 1617303898856.3, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8"}} | |
| 192.151.234.178 | |
| {"x64": {"config": {"Method 1": "GET", "DNS Idle": "0.0.0.0", "Jitter": 0, "C2 Server": "103.55.128.118,\/ptj", "Polling": 60000, "DNS Sleep": 0, "Header 1": "", "Max DNS": 255, "HTTP Method Path 2": "\/submit.php", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Port": 443, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Method 2": "POST", "Pipe Name": "", "Header 2": "", "Beacon Type": "0 (HTTP)"}, "md5": "1b53f921f14712f2fbda5ce11aa12716", "time": 1617303966907.1, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8"}, "x86": {"config": {"Method 1": "GET", "DNS Idle": "0.0.0.0", "Jitter": 0, "C2 Server": "103.55.128.118,\/ga.js", "Polling": 60000, "DNS Sleep": 0, "Header 1": "", "Max DNS": 255, "HTTP Method Path 2": "\/submit.php", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Port": 443, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Method 2": "POST", "Pipe Name": "", "Header 2": "", "Beacon Type": "0 (HTTP)"}, "md5": "35d1c3a7654146f572470d929772057e", "time": 1617303963088.8, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35"}} | |
| 192.151.234.179 | |
| {"x86": {"time": 1617304021056.4, "config": {"Header 1": "", "DNS Sleep": 0, "DNS Idle": "0.0.0.0", "Port": 443, "Header 2": "", "Polling": 60000, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Pipe Name": "", "Method 2": "POST", "Method 1": "GET", "C2 Server": "103.55.128.118,\/ga.js", "Max DNS": 255, "Beacon Type": "0 (HTTP)", "HTTP Method Path 2": "\/submit.php", "Jitter": 0}, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35"}, "x64": {"time": 1617304024486.1, "config": {"Header 1": "", "DNS Sleep": 0, "DNS Idle": "0.0.0.0", "Port": 443, "Header 2": "", "Polling": 60000, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Pipe Name": "", "Method 2": "POST", "Method 1": "GET", "C2 Server": "103.55.128.118,\/ptj", "Max DNS": 255, "Beacon Type": "0 (HTTP)", "HTTP Method Path 2": "\/submit.php", "Jitter": 0}, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8"}} | |
| 192.151.234.173 | |
| {"x86": {"time": 1617304093834.2, "config": {"Jitter": 0, "Method 2": "POST", "Beacon Type": "0 (HTTP)", "Header 1": "", "Polling": 60000, "Max DNS": 255, "Pipe Name": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Port": 443, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "103.55.128.118,\/ga.js", "Method 1": "GET", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "DNS Sleep": 0, "Header 2": "", "HTTP Method Path 2": "\/submit.php", "DNS Idle": "0.0.0.0"}, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "md5": "35d1c3a7654146f572470d929772057e"}, "x64": {"time": 1617304097538.6, "config": {"Jitter": 0, "Method 2": "POST", "Beacon Type": "0 (HTTP)", "Header 1": "", "Polling": 60000, "Max DNS": 255, "Pipe Name": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Port": 443, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "103.55.128.118,\/ptj", "Method 1": "GET", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "DNS Sleep": 0, "Header 2": "", "HTTP Method Path 2": "\/submit.php", "DNS Idle": "0.0.0.0"}, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "md5": "1b53f921f14712f2fbda5ce11aa12716"}} | |
| 192.151.234.172 | |
| {"x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Port": 443, "Header 1": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Pipe Name": "", "Polling": 60000, "HTTP Method Path 2": "\/submit.php", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 2": "POST", "Method 1": "GET", "DNS Sleep": 0, "Header 2": "", "C2 Server": "103.55.128.118,\/ptj", "Jitter": 0, "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Beacon Type": "0 (HTTP)", "Max DNS": 255}, "time": 1617304175750.1}, "x86": {"md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Port": 443, "Header 1": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Pipe Name": "", "Polling": 60000, "HTTP Method Path 2": "\/submit.php", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 2": "POST", "Method 1": "GET", "DNS Sleep": 0, "Header 2": "", "C2 Server": "103.55.128.118,\/ga.js", "Jitter": 0, "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Beacon Type": "0 (HTTP)", "Max DNS": 255}, "time": 1617304171421.1}} | |
| 192.151.234.175 | |
| {"x64": {"time": 1617304223621.3, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Jitter": 0, "Header 2": "", "Max DNS": 255, "DNS Idle": "0.0.0.0", "Beacon Type": "0 (HTTP)", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "C2 Server": "103.55.128.118,\/ptj", "Port": 443, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Method 1": "GET", "Header 1": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Sleep": 0, "Pipe Name": "", "Polling": 60000}, "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}, "x86": {"time": 1617304219825.4, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Jitter": 0, "Header 2": "", "Max DNS": 255, "DNS Idle": "0.0.0.0", "Beacon Type": "0 (HTTP)", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "C2 Server": "103.55.128.118,\/ga.js", "Port": 443, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Method 1": "GET", "Header 1": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Sleep": 0, "Pipe Name": "", "Polling": 60000}, "md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}} | |
| 192.151.234.174 | |
| {"x86": {"md5": "35d1c3a7654146f572470d929772057e", "time": 1617304268393.3, "config": {"DNS Idle": "0.0.0.0", "Method 1": "GET", "Max DNS": 255, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Jitter": 0, "Beacon Type": "0 (HTTP)", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "DNS Sleep": 0, "Header 1": "", "C2 Server": "103.55.128.118,\/ga.js", "Polling": 60000, "Method 2": "POST", "Pipe Name": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 2": "", "Port": 443, "HTTP Method Path 2": "\/submit.php"}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}, "x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "time": 1617304272864.2, "config": {"DNS Idle": "0.0.0.0", "Method 1": "GET", "Max DNS": 255, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Jitter": 0, "Beacon Type": "0 (HTTP)", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "DNS Sleep": 0, "Header 1": "", "C2 Server": "103.55.128.118,\/ptj", "Polling": 60000, "Method 2": "POST", "Pipe Name": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 2": "", "Port": 443, "HTTP Method Path 2": "\/submit.php"}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}} | |
| 192.151.234.189 | |
| {"x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Polling": 60000, "Header 2": "", "Header 1": "", "DNS Sleep": 0, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "C2 Server": "103.55.128.118,\/ptj", "Method 1": "GET", "Jitter": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Max DNS": 255, "DNS Idle": "0.0.0.0", "Pipe Name": "", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "Beacon Type": "0 (HTTP)", "Port": 443}, "time": 1617304343431.8, "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}, "x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Polling": 60000, "Header 2": "", "Header 1": "", "DNS Sleep": 0, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "C2 Server": "103.55.128.118,\/ga.js", "Method 1": "GET", "Jitter": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Max DNS": 255, "DNS Idle": "0.0.0.0", "Pipe Name": "", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "Beacon Type": "0 (HTTP)", "Port": 443}, "time": 1617304339755.9, "md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}} | |
| 192.151.234.190 | |
| {"x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "time": 1617304402655.6, "config": {"DNS Sleep": 0, "DNS Idle": "0.0.0.0", "Method 1": "GET", "Max DNS": 255, "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 2": "", "Jitter": 0, "Beacon Type": "0 (HTTP)", "HTTP Method Path 2": "\/submit.php", "Header 1": "", "C2 Server": "103.55.128.118,\/ptj", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Pipe Name": "", "Port": 443, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Polling": 60000}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}, "x86": {"md5": "35d1c3a7654146f572470d929772057e", "time": 1617304398731.5, "config": {"DNS Sleep": 0, "DNS Idle": "0.0.0.0", "Method 1": "GET", "Max DNS": 255, "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 2": "", "Jitter": 0, "Beacon Type": "0 (HTTP)", "HTTP Method Path 2": "\/submit.php", "Header 1": "", "C2 Server": "103.55.128.118,\/ga.js", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Pipe Name": "", "Port": 443, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Polling": 60000}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}} | |
| 192.151.234.176 | |
| {"x86": {"sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Sleep": 0, "Jitter": 0, "Polling": 60000, "HTTP Method Path 2": "\/submit.php", "Method 1": "GET", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Method 2": "POST", "Port": 443, "Pipe Name": "", "DNS Idle": "0.0.0.0", "Header 1": "", "Header 2": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "103.55.128.118,\/ga.js", "Beacon Type": "0 (HTTP)", "Max DNS": 255}, "time": 1617304472264.7}, "x64": {"sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Sleep": 0, "Jitter": 0, "Polling": 60000, "HTTP Method Path 2": "\/submit.php", "Method 1": "GET", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Method 2": "POST", "Port": 443, "Pipe Name": "", "DNS Idle": "0.0.0.0", "Header 1": "", "Header 2": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "103.55.128.118,\/ptj", "Beacon Type": "0 (HTTP)", "Max DNS": 255}, "time": 1617304476770.9}} | |
| 192.151.234.186 | |
| {"x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Port": 443, "DNS Idle": "0.0.0.0", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Max DNS": 255, "Jitter": 0, "Polling": 60000, "HTTP Method Path 2": "\/submit.php", "Pipe Name": "", "Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ga.js", "Header 2": "", "DNS Sleep": 0, "Method 2": "POST", "Method 1": "GET", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Header 1": ""}, "md5": "35d1c3a7654146f572470d929772057e", "time": 1617304535838.7}, "x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Port": 443, "DNS Idle": "0.0.0.0", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Max DNS": 255, "Jitter": 0, "Polling": 60000, "HTTP Method Path 2": "\/submit.php", "Pipe Name": "", "Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ptj", "Header 2": "", "DNS Sleep": 0, "Method 2": "POST", "Method 1": "GET", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Header 1": ""}, "md5": "1b53f921f14712f2fbda5ce11aa12716", "time": 1617304539811.0}} | |
| 192.151.234.163 | |
| {"x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e", "config": {"Beacon Type": "0 (HTTP)", "Pipe Name": "", "C2 Server": "103.55.128.118,\/ga.js", "DNS Idle": "0.0.0.0", "Header 2": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Max DNS": 255, "DNS Sleep": 0, "HTTP Method Path 2": "\/submit.php", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Port": 443, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Polling": 60000, "Method 2": "POST", "Header 1": "", "Jitter": 0, "Method 1": "GET"}, "time": 1617304626482.9}, "x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716", "config": {"Beacon Type": "0 (HTTP)", "Pipe Name": "", "C2 Server": "103.55.128.118,\/ptj", "DNS Idle": "0.0.0.0", "Header 2": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Max DNS": 255, "DNS Sleep": 0, "HTTP Method Path 2": "\/submit.php", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Port": 443, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Polling": 60000, "Method 2": "POST", "Header 1": "", "Jitter": 0, "Method 1": "GET"}, "time": 1617304630278.4}} | |
| 192.151.234.181 | |
| {"x86": {"md5": "35d1c3a7654146f572470d929772057e", "config": {"Header 1": "", "HTTP Method Path 2": "\/submit.php", "Method 1": "GET", "DNS Idle": "0.0.0.0", "Pipe Name": "", "C2 Server": "103.55.128.118,\/ga.js", "Polling": 60000, "Header 2": "", "DNS Sleep": 0, "Port": 443, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Method 2": "POST", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Max DNS": 255, "Jitter": 0, "Beacon Type": "0 (HTTP)"}, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "time": 1617305366970.3}, "x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "config": {"Header 1": "", "HTTP Method Path 2": "\/submit.php", "Method 1": "GET", "DNS Idle": "0.0.0.0", "Pipe Name": "", "C2 Server": "103.55.128.118,\/ptj", "Polling": 60000, "Header 2": "", "DNS Sleep": 0, "Port": 443, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Method 2": "POST", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Max DNS": 255, "Jitter": 0, "Beacon Type": "0 (HTTP)"}, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "time": 1617305370479.3}} | |
| 192.151.234.170 | |
| {"x64": {"config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "C2 Server": "103.55.128.118,\/ptj", "Jitter": 0, "DNS Sleep": 0, "Port": 443, "Max DNS": 255, "Header 1": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Method 2": "POST", "Header 2": "", "Polling": 60000, "Pipe Name": "", "Method 1": "GET", "Beacon Type": "0 (HTTP)"}, "md5": "1b53f921f14712f2fbda5ce11aa12716", "time": 1617304854499.4, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8"}, "x86": {"config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "C2 Server": "103.55.128.118,\/ga.js", "Jitter": 0, "DNS Sleep": 0, "Port": 443, "Max DNS": 255, "Header 1": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Method 2": "POST", "Header 2": "", "Polling": 60000, "Pipe Name": "", "Method 1": "GET", "Beacon Type": "0 (HTTP)"}, "md5": "35d1c3a7654146f572470d929772057e", "time": 1617304850833.9, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35"}} | |
| 192.151.234.184 | |
| {"x86": {"sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "md5": "35d1c3a7654146f572470d929772057e", "config": {"User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Method 2": "POST", "Method 1": "GET", "Max DNS": 255, "C2 Server": "103.55.128.118,\/ga.js", "Beacon Type": "0 (HTTP)", "Jitter": 0, "DNS Idle": "0.0.0.0", "DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Polling": 60000, "Pipe Name": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Header 1": "", "Port": 443, "Header 2": ""}, "time": 1617304887675.0}, "x64": {"sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "md5": "1b53f921f14712f2fbda5ce11aa12716", "config": {"User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Method 2": "POST", "Method 1": "GET", "Max DNS": 255, "C2 Server": "103.55.128.118,\/ptj", "Beacon Type": "0 (HTTP)", "Jitter": 0, "DNS Idle": "0.0.0.0", "DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Polling": 60000, "Pipe Name": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Header 1": "", "Port": 443, "Header 2": ""}, "time": 1617304891082.7}} | |
| 192.151.234.182 | |
| {"x86": {"time": 1617304944321.9, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "config": {"Beacon Type": "0 (HTTP)", "DNS Idle": "0.0.0.0", "Method 1": "GET", "Pipe Name": "", "HTTP Method Path 2": "\/submit.php", "Header 1": "", "C2 Server": "103.55.128.118,\/ga.js", "Polling": 60000, "Jitter": 0, "Max DNS": 255, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Port": 443, "Header 2": "", "DNS Sleep": 0, "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe"}}, "x64": {"time": 1617304948088.9, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "config": {"Beacon Type": "0 (HTTP)", "DNS Idle": "0.0.0.0", "Method 1": "GET", "Pipe Name": "", "HTTP Method Path 2": "\/submit.php", "Header 1": "", "C2 Server": "103.55.128.118,\/ptj", "Polling": 60000, "Jitter": 0, "Max DNS": 255, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Port": 443, "Header 2": "", "DNS Sleep": 0, "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe"}}} | |
| 192.151.234.183 | |
| {"x86": {"md5": "35d1c3a7654146f572470d929772057e", "time": 1617304988807.1, "config": {"Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 2": "", "Polling": 60000, "C2 Server": "103.55.128.118,\/ga.js", "DNS Idle": "0.0.0.0", "HTTP Method Path 2": "\/submit.php", "DNS Sleep": 0, "Port": 443, "Max DNS": 255, "Method 1": "GET", "Beacon Type": "0 (HTTP)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Pipe Name": "", "Jitter": 0, "Header 1": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Method 2": "POST"}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}, "x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "time": 1617304992172.6, "config": {"Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 2": "", "Polling": 60000, "C2 Server": "103.55.128.118,\/ptj", "DNS Idle": "0.0.0.0", "HTTP Method Path 2": "\/submit.php", "DNS Sleep": 0, "Port": 443, "Max DNS": 255, "Method 1": "GET", "Beacon Type": "0 (HTTP)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Pipe Name": "", "Jitter": 0, "Header 1": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Method 2": "POST"}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}} | |
| 192.151.234.180 | |
| {"x86": {"time": 1617305069228.3, "config": {"Max DNS": 255, "Header 2": "", "Method 1": "GET", "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ga.js", "DNS Idle": "0.0.0.0", "Jitter": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Header 1": "", "Port": 443, "Beacon Type": "0 (HTTP)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Pipe Name": "", "HTTP Method Path 2": "\/submit.php", "Polling": 60000, "Method 2": "POST"}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}, "x64": {"time": 1617305072727.5, "config": {"Max DNS": 255, "Header 2": "", "Method 1": "GET", "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ptj", "DNS Idle": "0.0.0.0", "Jitter": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Header 1": "", "Port": 443, "Beacon Type": "0 (HTTP)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Pipe Name": "", "HTTP Method Path 2": "\/submit.php", "Polling": 60000, "Method 2": "POST"}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}} | |
| 192.151.234.162 | |
| {"x86": {"config": {"C2 Server": "103.55.128.118,\/ga.js", "Header 2": "", "Beacon Type": "0 (HTTP)", "Polling": 60000, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 1": "", "DNS Sleep": 0, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Method 1": "GET", "Port": 443, "Jitter": 0, "Pipe Name": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 2": "POST", "DNS Idle": "0.0.0.0", "HTTP Method Path 2": "\/submit.php", "Max DNS": 255}, "md5": "35d1c3a7654146f572470d929772057e", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "time": 1617306595972.6, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}, "x64": {"config": {"C2 Server": "103.55.128.118,\/ptj", "Header 2": "", "Beacon Type": "0 (HTTP)", "Polling": 60000, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 1": "", "DNS Sleep": 0, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Method 1": "GET", "Port": 443, "Jitter": 0, "Pipe Name": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 2": "POST", "DNS Idle": "0.0.0.0", "HTTP Method Path 2": "\/submit.php", "Max DNS": 255}, "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "time": 1617306600001.8, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}} | |
| 192.151.234.160 | |
| {"x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "time": 1617306687300.0, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "config": {"Port": 443, "Polling": 60000, "Header 2": "", "Jitter": 0, "Max DNS": 255, "Header 1": "", "Method 1": "GET", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "0 (HTTP)", "Pipe Name": "", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ptj"}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8"}, "x86": {"md5": "35d1c3a7654146f572470d929772057e", "time": 1617306683643.7, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "config": {"Port": 443, "Polling": 60000, "Header 2": "", "Jitter": 0, "Max DNS": 255, "Header 1": "", "Method 1": "GET", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "0 (HTTP)", "Pipe Name": "", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ga.js"}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35"}} | |
| 192.151.234.161 | |
| {"x64": {"sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "time": 1617306928465.4, "config": {"Method 1": "GET", "Polling": 60000, "Method 2": "POST", "Beacon Type": "0 (HTTP)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "Max DNS": 255, "DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Port": 443, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "C2 Server": "103.55.128.118,\/ptj", "Header 2": "", "Jitter": 0, "Header 1": "", "Pipe Name": ""}, "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8"}, "x86": {"sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "time": 1617306924981.6, "config": {"Method 1": "GET", "Polling": 60000, "Method 2": "POST", "Beacon Type": "0 (HTTP)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "Max DNS": 255, "DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Port": 443, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "C2 Server": "103.55.128.118,\/ga.js", "Header 2": "", "Jitter": 0, "Header 1": "", "Pipe Name": ""}, "md5": "35d1c3a7654146f572470d929772057e", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35"}} | |
| 192.151.234.163 | |
| {"x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "md5": "35d1c3a7654146f572470d929772057e", "config": {"DNS Idle": "0.0.0.0", "Polling": 60000, "C2 Server": "103.55.128.118,\/ga.js", "Port": 443, "Max DNS": 255, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Sleep": 0, "Jitter": 0, "Header 1": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Beacon Type": "0 (HTTP)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Method 2": "POST", "Method 1": "GET", "Pipe Name": "", "Header 2": ""}, "time": 1617307030407.3, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}, "x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "md5": "1b53f921f14712f2fbda5ce11aa12716", "config": {"DNS Idle": "0.0.0.0", "Polling": 60000, "C2 Server": "103.55.128.118,\/ptj", "Port": 443, "Max DNS": 255, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Sleep": 0, "Jitter": 0, "Header 1": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Beacon Type": "0 (HTTP)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Method 2": "POST", "Method 1": "GET", "Pipe Name": "", "Header 2": ""}, "time": 1617307033893.8, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}} | |
| 192.151.234.164 | |
| {"x86": {"sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "config": {"Method 1": "GET", "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Pipe Name": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Port": 443, "HTTP Method Path 2": "\/submit.php", "Header 1": "", "Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ga.js", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Max DNS": 255, "Jitter": 0, "DNS Sleep": 0, "Method 2": "POST", "Header 2": "", "Polling": 60000}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "time": 1617307136538.3, "md5": "35d1c3a7654146f572470d929772057e"}, "x64": {"sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "config": {"Method 1": "GET", "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Pipe Name": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Port": 443, "HTTP Method Path 2": "\/submit.php", "Header 1": "", "Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ptj", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Max DNS": 255, "Jitter": 0, "DNS Sleep": 0, "Method 2": "POST", "Header 2": "", "Polling": 60000}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "time": 1617307140054.4, "md5": "1b53f921f14712f2fbda5ce11aa12716"}} | |
| 192.151.234.181 | |
| {"x86": {"time": 1617307234222.7, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"C2 Server": "103.55.128.118,\/ga.js", "Max DNS": 255, "HTTP Method Path 2": "\/submit.php", "Header 1": "", "Port": 443, "Method 2": "POST", "DNS Idle": "0.0.0.0", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 1": "GET", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Header 2": "", "Pipe Name": "", "DNS Sleep": 0, "Polling": 60000, "Jitter": 0, "Beacon Type": "0 (HTTP)"}, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e"}, "x64": {"time": 1617307238165.9, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"C2 Server": "103.55.128.118,\/ptj", "Max DNS": 255, "HTTP Method Path 2": "\/submit.php", "Header 1": "", "Port": 443, "Method 2": "POST", "DNS Idle": "0.0.0.0", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 1": "GET", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Header 2": "", "Pipe Name": "", "DNS Sleep": 0, "Polling": 60000, "Jitter": 0, "Beacon Type": "0 (HTTP)"}, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716"}} | |
| 192.151.234.188 | |
| {"x86": {"time": 1617307332674.4, "md5": "35d1c3a7654146f572470d929772057e", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Jitter": 0, "Method 1": "GET", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "Header 2": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Port": 443, "C2 Server": "103.55.128.118,\/ga.js", "Max DNS": 255, "Polling": 60000, "Header 1": "", "DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "0 (HTTP)", "DNS Idle": "0.0.0.0", "Pipe Name": ""}, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}, "x64": {"time": 1617307341050.7, "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Jitter": 0, "Method 1": "GET", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "Header 2": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Port": 443, "C2 Server": "103.55.128.118,\/ptj", "Max DNS": 255, "Polling": 60000, "Header 1": "", "DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "0 (HTTP)", "DNS Idle": "0.0.0.0", "Pipe Name": ""}, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}} | |
| 192.151.234.166 | |
| {"x64": {"config": {"Max DNS": 255, "Beacon Type": "0 (HTTP)", "DNS Idle": "0.0.0.0", "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ptj", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Jitter": 0, "Method 2": "POST", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Pipe Name": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Header 2": "", "Polling": 60000, "Port": 443, "Method 1": "GET", "HTTP Method Path 2": "\/submit.php", "Header 1": ""}, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "time": 1617307605233.3}, "x86": {"config": {"Max DNS": 255, "Beacon Type": "0 (HTTP)", "DNS Idle": "0.0.0.0", "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ga.js", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Jitter": 0, "Method 2": "POST", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Pipe Name": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Header 2": "", "Polling": 60000, "Port": 443, "Method 1": "GET", "HTTP Method Path 2": "\/submit.php", "Header 1": ""}, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "time": 1617307601912.5}} | |
| 192.151.234.168 | |
| {"x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "DNS Idle": "0.0.0.0", "Beacon Type": "0 (HTTP)", "Jitter": 0, "Port": 443, "Polling": 60000, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Header 2": "", "Max DNS": 255, "DNS Sleep": 0, "Header 1": "", "Method 1": "GET", "C2 Server": "103.55.128.118,\/ptj", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Method 2": "POST", "Pipe Name": ""}, "time": 1617307691244.2}, "x86": {"md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "DNS Idle": "0.0.0.0", "Beacon Type": "0 (HTTP)", "Jitter": 0, "Port": 443, "Polling": 60000, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Header 2": "", "Max DNS": 255, "DNS Sleep": 0, "Header 1": "", "Method 1": "GET", "C2 Server": "103.55.128.118,\/ga.js", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Method 2": "POST", "Pipe Name": ""}, "time": 1617307687527.5}} | |
| 192.151.234.185 | |
| {"x64": {"time": 1617307820351.4, "config": {"Jitter": 0, "Header 2": "", "HTTP Method Path 2": "\/submit.php", "DNS Sleep": 0, "Polling": 60000, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 1": "GET", "Pipe Name": "", "Method 2": "POST", "Header 1": "", "Max DNS": 255, "Beacon Type": "0 (HTTP)", "DNS Idle": "0.0.0.0", "C2 Server": "103.55.128.118,\/ptj", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Port": 443}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}, "x86": {"time": 1617307816379.7, "config": {"Jitter": 0, "Header 2": "", "HTTP Method Path 2": "\/submit.php", "DNS Sleep": 0, "Polling": 60000, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 1": "GET", "Pipe Name": "", "Method 2": "POST", "Header 1": "", "Max DNS": 255, "Beacon Type": "0 (HTTP)", "DNS Idle": "0.0.0.0", "C2 Server": "103.55.128.118,\/ga.js", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Port": 443}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}} | |
| 192.151.234.187 | |
| {"x86": {"time": 1617307896120.9, "md5": "35d1c3a7654146f572470d929772057e", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Max DNS": 255, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "0 (HTTP)", "Port": 443, "HTTP Method Path 2": "\/submit.php", "C2 Server": "103.55.128.118,\/ga.js", "Method 2": "POST", "DNS Idle": "0.0.0.0", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Jitter": 0, "Header 2": "", "Method 1": "GET", "Header 1": "", "Polling": 60000, "Pipe Name": "", "DNS Sleep": 0}, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}, "x64": {"time": 1617307899629.7, "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Max DNS": 255, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "0 (HTTP)", "Port": 443, "HTTP Method Path 2": "\/submit.php", "C2 Server": "103.55.128.118,\/ptj", "Method 2": "POST", "DNS Idle": "0.0.0.0", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Jitter": 0, "Header 2": "", "Method 1": "GET", "Header 1": "", "Polling": 60000, "Pipe Name": "", "DNS Sleep": 0}, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}} | |
| 192.151.234.169 | |
| {"x64": {"time": 1617308158034.7, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716", "config": {"C2 Server": "103.55.128.118,\/ptj", "Port": 443, "Polling": 60000, "Beacon Type": "0 (HTTP)", "Header 2": "", "Header 1": "", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 1": "GET", "DNS Idle": "0.0.0.0", "Max DNS": 255, "Jitter": 0, "Pipe Name": ""}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8"}, "x86": {"time": 1617308154485.9, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e", "config": {"C2 Server": "103.55.128.118,\/ga.js", "Port": 443, "Polling": 60000, "Beacon Type": "0 (HTTP)", "Header 2": "", "Header 1": "", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 1": "GET", "DNS Idle": "0.0.0.0", "Max DNS": 255, "Jitter": 0, "Pipe Name": ""}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35"}} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment