Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Cobalt Strike/C2
{
"Ip": "42.193.225.116",
"Ports": ["42.193.225.116:22", "42.193.225.116:8888"],
"DefaultBeaconResponses": {
"http://42.193.225.116:8888/": "302/219"
},
"Jarm": "",
"Certificate": "",
"Beacons": null
}
0 {
"Ip": "114.117.213.24",
"Ports": ["114.117.213.24:1234", "114.117.213.24:3000", "114.117.213.24:8089"],
"DefaultBeaconResponses": {
"http://114.117.213.24:3000/": "200/-1"
},
"Jarm": "",
"Certificate": "",
"Beacons": null
}
1 {
"Ip": "175.27.236.117",
"Ports": ["175.27.236.117:22", "175.27.236.117:80"],
"DefaultBeaconResponses": {
"http://175.27.236.117:80/": "200/-1"
},
"Jarm": "00000000000000000000000000000000000000000000000000000000000000",
"Certificate": "",
"Beacons": null
}
2 {
"Ip": "121.5.10.238",
"Ports": ["121.5.10.238:22", "121.5.10.238:50050"],
"DefaultBeaconResponses": {},
"Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
3 {
"Ip": "47.107.78.225",
"Ports": ["47.107.78.225:22", "47.107.78.225:50050"],
"DefaultBeaconResponses": {},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
4 {
"Ip": "123.57.209.41",
"Ports": ["123.57.209.41:22", "123.57.209.41:80", "123.57.209.41:443", "123.57.209.41:8080", "123.57.209.41:50050"],
"DefaultBeaconResponses": {
"http://123.57.209.41:80/": "404/-1",
"http://123.57.209.41:8080/": "302/35"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
5 {
"Ip": "47.118.40.231",
"Ports": ["47.118.40.231:22", "47.118.40.231:50050"],
"DefaultBeaconResponses": {},
"Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53",
"Certificate": "Outlook.live.com",
"Beacons": null
}
6 {
"Ip": "121.5.117.32",
"Ports": ["121.5.117.32:22", "121.5.117.32:50050"],
"DefaultBeaconResponses": {},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
7 {
"Ip": "118.31.188.237",
"Ports": null,
"DefaultBeaconResponses": {},
"Jarm": "",
"Certificate": "",
"Beacons": null
}
8 {
"Ip": "140.143.168.220",
"Ports": ["140.143.168.220:22", "140.143.168.220:8888", "140.143.168.220:50050"],
"DefaultBeaconResponses": {
"http://140.143.168.220:8888/": "302/219"
},
"Jarm": "07d14d16d21d21d00007d14d07d21d3fe87b802002478c27f1c0da514dbf80",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
9 {
"Ip": "81.68.107.151",
"Ports": ["81.68.107.151:22", "81.68.107.151:50050"],
"DefaultBeaconResponses": {},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
10 {
"Ip": "101.201.145.63",
"Ports": ["101.201.145.63:22", "101.201.145.63:80", "101.201.145.63:8090", "101.201.145.63:50050"],
"DefaultBeaconResponses": {
"http://101.201.145.63:80/": "200/-1",
"http://101.201.145.63:8090/": "200/194"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
11 {
"Ip": "47.100.95.224",
"Ports": ["47.100.95.224:22"],
"DefaultBeaconResponses": {},
"Jarm": "",
"Certificate": "",
"Beacons": null
}
12 {
"Ip": "106.14.38.189",
"Ports": ["106.14.38.189:80", "106.14.38.189:22", "106.14.38.189:8888", "106.14.38.189:50050"],
"DefaultBeaconResponses": {
"http://106.14.38.189:80/": "200/917",
"http://106.14.38.189:8888/": "302/219"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
13 {
"Ip": "62.234.99.204",
"Ports": ["62.234.99.204:22", "62.234.99.204:443", "62.234.99.204:80", "62.234.99.204:8080", "62.234.99.204:8888", "62.234.99.204:50050"],
"DefaultBeaconResponses": {
"http://62.234.99.204:443/": "302/138",
"http://62.234.99.204:80/": "200/-1",
"http://62.234.99.204:8080/": "200/-1",
"http://62.234.99.204:8888/": "302/219"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
14 {
"Ip": "139.199.118.78",
"Ports": ["139.199.118.78:22", "139.199.118.78:80", "139.199.118.78:50050"],
"DefaultBeaconResponses": {
"http://139.199.118.78:80/": "404/0"
},
"Jarm": "07d14d16d21d21d00042d41d00041d47e4e0ae17960b2a5b4fd6107fbb0926",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://139.199.118.78:80/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208961,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "139.199.118.78,/g.pixel",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "80",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281819603b6a5d4bdad9bf65d7ce80789268f0c2e2ef806dd7a191cca2b404df93d3a06139da9c9193266b16218c01f405e493e3f0e267319cbb0ec22931da2014d5f719859321a8120ed84790f045af084edad1bc794c01a10706c74a049d1bfbfe558af7bfd90756f6c6c74d887f4636538f6ed3f8483607e8b8128867c6130abff02030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
15 {
"Ip": "42.192.1.130",
"Ports": ["42.192.1.130:80", "42.192.1.130:22", "42.192.1.130:50050"],
"DefaultBeaconResponses": {
"http://42.192.1.130:80/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
16 {
"Ip": "118.31.188.237",
"Ports": null,
"DefaultBeaconResponses": {},
"Jarm": "",
"Certificate": "",
"Beacons": null
}
17 {
"Ip": "139.129.243.114",
"Ports": ["139.129.243.114:80", "139.129.243.114:50050"],
"DefaultBeaconResponses": {
"http://139.129.243.114:80/": "404/0"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
18 {
"Ip": "118.24.9.34",
"Ports": ["118.24.9.34:80", "118.24.9.34:50050"],
"DefaultBeaconResponses": {
"http://118.24.9.34:80/": "404/315"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
19 {
"Ip": "119.23.8.187",
"Ports": ["119.23.8.187:22", "119.23.8.187:50050"],
"DefaultBeaconResponses": {},
"Jarm": "05d13d20d21d20d05c05d13d05d20dd7fc4c7c6ef19b77a4ca0787979cdc13",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
20 {
"Ip": "114.215.182.44",
"Ports": ["114.215.182.44:22", "114.215.182.44:8080", "114.215.182.44:50050"],
"DefaultBeaconResponses": {
"http://114.215.182.44:8080/": "404/0"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
21
2021 / 04 / 30 22: 43: 42 Error reading body: context deadline exceeded(Client.Timeout or context cancellation
while reading body) {
"Ip": "42.193.220.212",
"Ports": ["42.193.220.212:22", "42.193.220.212:80", "42.193.220.212:50050"],
"DefaultBeaconResponses": {
"http://42.193.220.212:80/": "200/14896"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
22 {
"Ip": "121.40.124.244",
"Ports": ["121.40.124.244:22", "121.40.124.244:50050"],
"DefaultBeaconResponses": {},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
23 {
"Ip": "120.26.44.254",
"Ports": ["120.26.44.254:22", "120.26.44.254:80", "120.26.44.254:8888", "120.26.44.254:50050"],
"DefaultBeaconResponses": {
"http://120.26.44.254:80/": "200/-1",
"http://120.26.44.254:8888/": "302/219"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
24
2021 / 04 / 30 22: 43: 47 Error reading body: context deadline exceeded(Client.Timeout or context cancellation
while reading body)
2021 / 04 / 30 22: 43: 48 Error reading body: context deadline exceeded(Client.Timeout or context cancellation
while reading body) {
"Ip": "121.5.152.196",
"Ports": ["121.5.152.196:22", "121.5.152.196:8099", "121.5.152.196:50050"],
"DefaultBeaconResponses": {
"http://121.5.152.196:8099/": "404/0"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://121.5.152.196:8099/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208973,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "121.5.152.196,/IE9CompatViewList.xml",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) LBBROWSER",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8099",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281819941a3dc4eba786cc78d93e2c560c47a4ccfea24e085ddf30149e88b951cd1df204fa7b3786bb2fd40ffd624c8d22b81ed0c19eed923d0374a3564284bc89aaae4cbfea9708497c344058dc538593c0ee15ad1f7282ea3c759e7e0fcff290c47fa2bfbc8c50fbe7d527906647090f21cbe77e7e68679c3cae5767269041a760902030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
25
2021 / 04 / 30 22: 43: 52 Error reading body: context deadline exceeded(Client.Timeout or context cancellation
while reading body) {
"Ip": "212.64.69.215",
"Ports": ["212.64.69.215:80", "212.64.69.215:22", "212.64.69.215:8888", "212.64.69.215:50050"],
"DefaultBeaconResponses": {
"http://212.64.69.215:80/": "200/-1",
"http://212.64.69.215:8888/": "404/0"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://212.64.69.215:8888/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208972,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "212.64.69.215,/updates.rss",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP02)",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8888",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281819855f58d5d9bc0c1f64b830d8886f4645de6534573635d50219708853863328a7d4fc6d82112ee0cec168e11a4158a6b38fa2a1d7c588e7ba01735e1793d7b86925bd492881ab56d539551c709edee487e260350d14446960861a99af5ec966cdd9b89946a25fb951dddd4788727836cae6125fab48eb7cfcd72b677f3f78e8702030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
26 {
"Ip": "118.195.162.4",
"Ports": ["118.195.162.4:80", "118.195.162.4:8080", "118.195.162.4:8888", "118.195.162.4:50050"],
"DefaultBeaconResponses": {
"http://118.195.162.4:80/": "200/2307",
"http://118.195.162.4:8080/": "200/0",
"http://118.195.162.4:8888/": "404/0"
},
"Jarm": "05d13d20d21d20d05c05d13d05d20dd7fc4c7c6ef19b77a4ca0787979cdc13",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://118.195.162.4:8888/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208965,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "118.195.162.4,/push",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8888",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d308189028181a70991d69d816a601ffa80976473830f0d3b41276d2790401ddedb18e2d3cab3c315e3222325be42b65adb2878f33f5a03ff5010b23e842a510c1482ad6a42f1e7e5726eb31813e7437640ed7879955f401e172c34d3517241596dd41f8e48d3d1b1c288e6c8752ff65dc27acccba4ba9cd6d0e4de6196cea4da480d3b99d0ed02030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
27 {
"Ip": "120.77.0.33",
"Ports": ["120.77.0.33:22", "120.77.0.33:4443", "120.77.0.33:50050"],
"DefaultBeaconResponses": {
"https://120.77.0.33:4443/": "404/0"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "https://120.77.0.33:4443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208959,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "120.77.0.33,/updates.rss",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "4443",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d308189028181a233044c17d1fe42f5d4a8db339353997094110134480af0f742c3eea2575d541ad2d433e49f6a1c8bcf3d440bb64fb7adc53c019b8becf36f3f205a0d5765f3c521674f87da3fe2a20b516cfdab57f7176ee7ef38d11c74cf985869d3cd182d0543c6a0e9d96805a2d019d5f56caa809903ed05204e933ccde72d356f23ff02030101",
"shouldChunkPosts": "0",
"ssl": "true",
"text_section": "0"
}
}]
}
28 {
"Ip": "121.4.249.122",
"Ports": ["121.4.249.122:22", "121.4.249.122:80", "121.4.249.122:8888", "121.4.249.122:50050"],
"DefaultBeaconResponses": {
"http://121.4.249.122:80/": "200/-1",
"http://121.4.249.122:8888/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://121.4.249.122:8888/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208460,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "121.4.249.122,/visit.js",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
".watermark": "1359593325",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8888",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d308189028181a42f854ae0c3eb4e510b342f20cd1387c117871176279d7486063afc6572e3b95a855cecb0be5289dfe3a216aaa07c9c369c1503a3cfd4763e6f6a92c44934a1c633b2e962c6a488ffaa7b62d1b0d72f2fd63dd3e9446a311b70f7bee4f5df33b69c90ec2327150c8f6ae1e00168bd6252cde9f631f572f87abe570b2bc8bcf902030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
29 {
"Ip": "39.102.55.191",
"Ports": ["39.102.55.191:22", "39.102.55.191:80", "39.102.55.191:443", "39.102.55.191:50050"],
"DefaultBeaconResponses": {
"http://39.102.55.191:80/": "200/2831",
"https://39.102.55.191:443/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "https://39.102.55.191:443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 206427,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "39.102.55.191,/en_US/all.js",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)",
".watermark": "16777216",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "443",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "bRڮ\ufffd\ufffd\ufffd\ufffd|+/{\ufffd\ufffd\ufffd\u000e",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d30818902818181291929ef7e968c234ae372ca91aa9227a549729db4a7cd348044c30fbc30934e49afaedc69e19646f1e2dccc511c59e4ebbe839c27083711d50eed75c666396bfbe579adc632172e91ebc3704d2deb61ef9a6551f2f1777b645fd31b2ea735bbd5b164524d522a0a142526dc05ec84fec34b4a6471196df2ccc33483fbb44302030101",
"shouldChunkPosts": "0",
"ssl": "true",
"text_section": "0"
}
}]
}
30 {
"Ip": "39.102.38.121",
"Ports": ["39.102.38.121:22", "39.102.38.121:4443", "39.102.38.121:50050"],
"DefaultBeaconResponses": {
"https://39.102.38.121:4443/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53",
"Certificate": "Microsoft Windows",
"Beacons": [{
"Uri": "https://39.102.38.121:4443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208960,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\n\u000bAccept: */*\u0010\u0014Host: www.amazon.com\u0007\u0003\u0002\u000esession-token=\u0002\u000cskin=noskin;\u0001,csm-hit=s-24KU11BB82RZSYGJ3BDK|1419899012996\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "39.102.38.121,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
".http-get.verb": "GET",
".http-post.client": "\n\u000bAccept: */*\n\u0016Content-Type: text/xml\n X-Requested-With: XMLHttpRequest\u0010\u0014Host: www.amazon.com\t\nsz=160x600\t\u0011oe=oe=ISO-8859-1;\u0007\u0005\u0002sn\t\u0006s=3717\t\"dc_ref=http%3A%2F%2Fwww.amazon.com\u0007\u0001\u0003\u0004",
".http-post.uri": "/N4215/adj/amzn.us.sr.aps",
".http-post.verb": "POST",
".jitter": "25",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "5000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "4443",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281818b0739cc14aa67f2e41595ad574fd5d7137c4e17492d87ca0ab67e637eb76de09c69dfa8403d607dfb432320c41b64f7e2740b117b98224aebddab541f20359d3deefe3c95811e0ffe3b3f9d9196219d4e7f6e42513b5c96685e85bc5b3ac133faadd4afbccc3fa4098788a4f50136a86ecac030be92b204344f049b1a2502030101",
"shouldChunkPosts": "0",
"ssl": "true",
"text_section": "0"
}
}]
}
31 {
"Ip": "106.14.247.149",
"Ports": ["106.14.247.149:1234", "106.14.247.149:22", "106.14.247.149:50050"],
"DefaultBeaconResponses": {
"http://106.14.247.149:1234/": "404/0"
},
"Jarm": "07d14d16d21d21d00042d41d00041d47e4e0ae17960b2a5b4fd6107fbb0926",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://106.14.247.149:1234/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208990,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "106.14.247.149,/visit.js",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "1234",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281819352527b27bf73fcc92457cf8cb1894ebd1104da185d18dceb28f159d74958d0ae657a3eba6e49c44484682d30a0381298e1ab921d608b3fda43077ab46e268a1160a62d2821b7f0bba5d96c4ea08581b2bb617bf80e5389f454cef53460b5e32bbf045b5d978631f1e0aa29305fc0b4e02e786c1f888d83997c0dceb043bf02030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
32 {
"Ip": "218.244.154.94",
"Ports": ["218.244.154.94:22", "218.244.154.94:80", "218.244.154.94:50050"],
"DefaultBeaconResponses": {
"http://218.244.154.94:80/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://218.244.154.94:80/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208986,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "218.244.154.94,/ga.js",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "80",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281818c31cc9dc6cb716fefa48ea93b1d3073f903540ca503322a230b4377b6a09a99cb460a3626ef0816adc8ace3368d64b2288e375d0323fb5f2b281d7427501c6deaee911120b46ab768de291580c40e847518e507dfaab241be560aeb23d249aa4e86e97dd51a13df5d65c13f767cac9dadafb46e8473fe738cd173dd407f517702030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
33 {
"Ip": "121.196.63.110",
"Ports": ["121.196.63.110:443", "121.196.63.110:80", "121.196.63.110:22", "121.196.63.110:50050"],
"DefaultBeaconResponses": {
"http://121.196.63.110:80/": "307/43",
"https://121.196.63.110:443/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Outlook.live.com",
"Beacons": [{
"Uri": "https://121.196.63.110:443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 210003,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "121.196.63.110,/cx",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUS)",
".watermark": "0",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "443",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d308189028181a738cde75f1fbb1c18646c377e03016b162b12ba72bdf7dc36b4cd2e4e9bae12205a95c26170bf908105ad7fa4bbccfa798632261bed9870f975f20794e1fe499523d71f08a56cae0315bfde3d6c8a16386b03b7a6551aa1336d50325a35db27d78ad8fd13b6a73b9fb7c3fb4d7a088e323f07618656ecd83595fa5f82361302030101",
"shouldChunkPosts": "0",
"ssl": "true",
"text_section": "0"
}
}]
}
34 {
"Ip": "121.40.52.156",
"Ports": ["121.40.52.156:80", "121.40.52.156:8080", "121.40.52.156:50050"],
"DefaultBeaconResponses": {
"http://121.40.52.156:80/": "200/2307",
"https://121.40.52.156:8080/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
35 {
"Ip": "49.235.198.76",
"Ports": ["49.235.198.76:80", "49.235.198.76:22", "49.235.198.76:8443", "49.235.198.76:8099", "49.235.198.76:50050"],
"DefaultBeaconResponses": {
"http://49.235.198.76:80/": "200/-1",
"http://49.235.198.76:8099/": "404/0",
"http://49.235.198.76:8443/": "404/0"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://49.235.198.76:8443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208975,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "106.75.162.166,/dot.gif",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP02)",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8443",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d308189028181a0e06736bee6b9911102876dc2ed9f19a1a9425f1f45f95f9bd2f5df1738c8f6e01fa7ab8204c0160960e5865436db8591823508d9fb9b99467a1da2246d1c9398acdc74cac51b4f94d13d2880ab9145ebd14e4a23dc3d27b5ca3b80972bcecd03e022987a9bcb6887583060ca5008a6c730d011a3da0dbee328be378832e85902030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}, {
"Uri": "http://49.235.198.76:8099/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208958,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "49.235.198.76,/__utm.gif",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8099",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d308189028181a0e06736bee6b9911102876dc2ed9f19a1a9425f1f45f95f9bd2f5df1738c8f6e01fa7ab8204c0160960e5865436db8591823508d9fb9b99467a1da2246d1c9398acdc74cac51b4f94d13d2880ab9145ebd14e4a23dc3d27b5ca3b80972bcecd03e022987a9bcb6887583060ca5008a6c730d011a3da0dbee328be378832e85902030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
36 {
"Ip": "120.92.139.155",
"Ports": ["120.92.139.155:80", "120.92.139.155:443", "120.92.139.155:22", "120.92.139.155:50050"],
"DefaultBeaconResponses": {
"http://120.92.139.155:80/": "404/0",
"https://120.92.139.155:443/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://120.92.139.155:80/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208465,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "120.92.139.155,/en_US/all.js",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)",
".watermark": "1359593325",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "80",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d308189028181981da74db5c4bbc2342370f4096ac1d17989f8af272d8269c4031f6bf42c1631a476b6e85f6ec0262ec7cae20857091cb74d09615e0151a5266a81a423bb03d82cf74d2ec2e71f9dace4272f2b6b8123aacedd57628883fef6a2481a29262cecd8e22609c0b13e79593cb2056fd687c2269ad6c36d05eb04c208abd7e8f7cc5702030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}, {
"Uri": "https://120.92.139.155:443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208464,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "120.92.139.155,/match",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)",
".watermark": "1359593325",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "443",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d308189028181981da74db5c4bbc2342370f4096ac1d17989f8af272d8269c4031f6bf42c1631a476b6e85f6ec0262ec7cae20857091cb74d09615e0151a5266a81a423bb03d82cf74d2ec2e71f9dace4272f2b6b8123aacedd57628883fef6a2481a29262cecd8e22609c0b13e79593cb2056fd687c2269ad6c36d05eb04c208abd7e8f7cc5702030101",
"shouldChunkPosts": "0",
"ssl": "true",
"text_section": "0"
}
}]
}
37 {
"Ip": "106.52.181.247",
"Ports": ["106.52.181.247:22", "106.52.181.247:443", "106.52.181.247:80", "106.52.181.247:8080", "106.52.181.247:50050"],
"DefaultBeaconResponses": {
"http://106.52.181.247:80/": "404/0",
"http://106.52.181.247:8080/": "404/0",
"https://106.52.181.247:443/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "https://106.52.181.247:443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208450,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "106.52.181.247,/match",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)",
".watermark": "1359593325",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "443",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d30818902818185a43bfb07802692a61de6590a62f0d64f44f9394252f0ff0de802d3b6f4dbe6e4d813e68c3435d867ee665baf48b6292a4a9d634b0316f24b74a39050e819f465f5a995699b55d701e80dd8969c9afd34a838ff04b99c1bdd17511286dd087c2051358523e8f390435a471d36c0f9f7fd6992b7d0dd058c46afe15b3a36f3ef02030101",
"shouldChunkPosts": "0",
"ssl": "true",
"text_section": "0"
}
}, {
"Uri": "http://106.52.181.247:8080/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208446,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "106.52.181.247,/cx",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
".watermark": "1359593325",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8080",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d30818902818185a43bfb07802692a61de6590a62f0d64f44f9394252f0ff0de802d3b6f4dbe6e4d813e68c3435d867ee665baf48b6292a4a9d634b0316f24b74a39050e819f465f5a995699b55d701e80dd8969c9afd34a838ff04b99c1bdd17511286dd087c2051358523e8f390435a471d36c0f9f7fd6992b7d0dd058c46afe15b3a36f3ef02030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
38 {
"Ip": "81.71.25.190",
"Ports": ["81.71.25.190:22", "81.71.25.190:8443", "81.71.25.190:8080", "81.71.25.190:8081", "81.71.25.190:8082", "81.71.25.190:50050", "81.71.25.190:9443"],
"DefaultBeaconResponses": {
"http://81.71.25.190:8080/": "404/0",
"http://81.71.25.190:8081/": "404/0",
"http://81.71.25.190:8082/": "404/0",
"http://81.71.25.190:8443/": "404/0",
"https://81.71.25.190:9443/": "404/0"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://81.71.25.190:8443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208466,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\r\u0002\t__cfduid=\u0006\u0006Cookie",
".http-get.server.output": "\u0004\u0001\u0005\ufffd\u0002T\u0002\u000f[\r\u000f",
".http-get.uri": "81.71.25.190,/jquery-3.3.1.min.js",
".http-get.verb": "GET",
".http-post.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\u000f\r\u0005\u0008__cfduid\u0007\u0001\u000f\r\u0004",
".http-post.uri": "/jquery-3.3.2.min.js",
".http-post.verb": "POST",
".jitter": "37",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "1",
".user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
".watermark": "16777216",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8443",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281818d4227034fc251b7f8d0515bb5b2576145d02bba1bf38391e1c64a8081d55d6c4593b0b640dcc015abae85801ca9dc51adeae2b30be75deb410808d377f550364256303ef19cb989980b3e99f57b023ad327a686d7c9d2ac5ed4bfc5a2d327aec0bbd5410362a6b4fd3161035662bb1609b4498da42b27a306faac53c00288fb02030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}, {
"Uri": "http://81.71.25.190:8081/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208484,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\r\u0002\t__cfduid=\u0006\u0006Cookie",
".http-get.server.output": "\u0004\u0001\u0005\ufffd\u0002T\u0002\u000f[\r\u000f",
".http-get.uri": "81.71.25.190,/jquery-3.3.1.min.js",
".http-get.verb": "GET",
".http-post.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\u000f\r\u0005\u0008__cfduid\u0007\u0001\u000f\r\u0004",
".http-post.uri": "/jquery-3.3.2.min.js",
".http-post.verb": "POST",
".jitter": "37",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "1",
".user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
".watermark": "16777216",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8081",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281818d4227034fc251b7f8d0515bb5b2576145d02bba1bf38391e1c64a8081d55d6c4593b0b640dcc015abae85801ca9dc51adeae2b30be75deb410808d377f550364256303ef19cb989980b3e99f57b023ad327a686d7c9d2ac5ed4bfc5a2d327aec0bbd5410362a6b4fd3161035662bb1609b4498da42b27a306faac53c00288fb02030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}, {
"Uri": "http://81.71.25.190:8082/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208469,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\r\u0002\t__cfduid=\u0006\u0006Cookie",
".http-get.server.output": "\u0004\u0001\u0005\ufffd\u0002T\u0002\u000f[\r\u000f",
".http-get.uri": "81.71.25.190,/jquery-3.3.1.min.js",
".http-get.verb": "GET",
".http-post.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\u000f\r\u0005\u0008__cfduid\u0007\u0001\u000f\r\u0004",
".http-post.uri": "/jquery-3.3.2.min.js",
".http-post.verb": "POST",
".jitter": "37",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "1",
".user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
".watermark": "16777216",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8082",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281818d4227034fc251b7f8d0515bb5b2576145d02bba1bf38391e1c64a8081d55d6c4593b0b640dcc015abae85801ca9dc51adeae2b30be75deb410808d377f550364256303ef19cb989980b3e99f57b023ad327a686d7c9d2ac5ed4bfc5a2d327aec0bbd5410362a6b4fd3161035662bb1609b4498da42b27a306faac53c00288fb02030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}, {
"Uri": "https://81.71.25.190:9443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208460,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\r\u0002\t__cfduid=\u0006\u0006Cookie",
".http-get.server.output": "\u0004\u0001\u0005\ufffd\u0002T\u0002\u000f[\r\u000f",
".http-get.uri": "81.71.25.190,/jquery-3.3.1.min.js",
".http-get.verb": "GET",
".http-post.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\u000f\r\u0005\u0008__cfduid\u0007\u0001\u000f\r\u0004",
".http-post.uri": "/jquery-3.3.2.min.js",
".http-post.verb": "POST",
".jitter": "37",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "1",
".user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
".watermark": "16777216",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "9443",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281818d4227034fc251b7f8d0515bb5b2576145d02bba1bf38391e1c64a8081d55d6c4593b0b640dcc015abae85801ca9dc51adeae2b30be75deb410808d377f550364256303ef19cb989980b3e99f57b023ad327a686d7c9d2ac5ed4bfc5a2d327aec0bbd5410362a6b4fd3161035662bb1609b4498da42b27a306faac53c00288fb02030101",
"shouldChunkPosts": "0",
"ssl": "true",
"text_section": "0"
}
}]
}
39
Time: 1 m8 .717329036 s {
"Ip": "42.193.225.116",
"Ports": ["42.193.225.116:22", "42.193.225.116:8888"],
"DefaultBeaconResponses": {
"http://42.193.225.116:8888/": "302/219"
},
"Jarm": "",
"Certificate": "",
"Beacons": null
}
0 {
"Ip": "114.117.213.24",
"Ports": ["114.117.213.24:1234", "114.117.213.24:3000", "114.117.213.24:8089"],
"DefaultBeaconResponses": {
"http://114.117.213.24:3000/": "200/-1"
},
"Jarm": "",
"Certificate": "",
"Beacons": null
}
1 {
"Ip": "175.27.236.117",
"Ports": ["175.27.236.117:22", "175.27.236.117:80"],
"DefaultBeaconResponses": {
"http://175.27.236.117:80/": "200/-1"
},
"Jarm": "00000000000000000000000000000000000000000000000000000000000000",
"Certificate": "",
"Beacons": null
}
2 {
"Ip": "121.5.10.238",
"Ports": ["121.5.10.238:22", "121.5.10.238:50050"],
"DefaultBeaconResponses": {},
"Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
3 {
"Ip": "47.107.78.225",
"Ports": ["47.107.78.225:22", "47.107.78.225:50050"],
"DefaultBeaconResponses": {},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
4 {
"Ip": "123.57.209.41",
"Ports": ["123.57.209.41:22", "123.57.209.41:80", "123.57.209.41:443", "123.57.209.41:8080", "123.57.209.41:50050"],
"DefaultBeaconResponses": {
"http://123.57.209.41:80/": "404/-1",
"http://123.57.209.41:8080/": "302/35"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
5 {
"Ip": "47.118.40.231",
"Ports": ["47.118.40.231:22", "47.118.40.231:50050"],
"DefaultBeaconResponses": {},
"Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53",
"Certificate": "Outlook.live.com",
"Beacons": null
}
6 {
"Ip": "121.5.117.32",
"Ports": ["121.5.117.32:22", "121.5.117.32:50050"],
"DefaultBeaconResponses": {},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
7 {
"Ip": "118.31.188.237",
"Ports": null,
"DefaultBeaconResponses": {},
"Jarm": "",
"Certificate": "",
"Beacons": null
}
8 {
"Ip": "140.143.168.220",
"Ports": ["140.143.168.220:22", "140.143.168.220:8888", "140.143.168.220:50050"],
"DefaultBeaconResponses": {
"http://140.143.168.220:8888/": "302/219"
},
"Jarm": "07d14d16d21d21d00007d14d07d21d3fe87b802002478c27f1c0da514dbf80",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
9 {
"Ip": "81.68.107.151",
"Ports": ["81.68.107.151:22", "81.68.107.151:50050"],
"DefaultBeaconResponses": {},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
10 {
"Ip": "101.201.145.63",
"Ports": ["101.201.145.63:22", "101.201.145.63:80", "101.201.145.63:8090", "101.201.145.63:50050"],
"DefaultBeaconResponses": {
"http://101.201.145.63:80/": "200/-1",
"http://101.201.145.63:8090/": "200/194"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
11 {
"Ip": "47.100.95.224",
"Ports": ["47.100.95.224:22"],
"DefaultBeaconResponses": {},
"Jarm": "",
"Certificate": "",
"Beacons": null
}
12 {
"Ip": "106.14.38.189",
"Ports": ["106.14.38.189:80", "106.14.38.189:22", "106.14.38.189:8888", "106.14.38.189:50050"],
"DefaultBeaconResponses": {
"http://106.14.38.189:80/": "200/917",
"http://106.14.38.189:8888/": "302/219"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
13 {
"Ip": "62.234.99.204",
"Ports": ["62.234.99.204:22", "62.234.99.204:443", "62.234.99.204:80", "62.234.99.204:8080", "62.234.99.204:8888", "62.234.99.204:50050"],
"DefaultBeaconResponses": {
"http://62.234.99.204:443/": "302/138",
"http://62.234.99.204:80/": "200/-1",
"http://62.234.99.204:8080/": "200/-1",
"http://62.234.99.204:8888/": "302/219"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
14 {
"Ip": "139.199.118.78",
"Ports": ["139.199.118.78:22", "139.199.118.78:80", "139.199.118.78:50050"],
"DefaultBeaconResponses": {
"http://139.199.118.78:80/": "404/0"
},
"Jarm": "07d14d16d21d21d00042d41d00041d47e4e0ae17960b2a5b4fd6107fbb0926",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://139.199.118.78:80/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208961,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "139.199.118.78,/g.pixel",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "80",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281819603b6a5d4bdad9bf65d7ce80789268f0c2e2ef806dd7a191cca2b404df93d3a06139da9c9193266b16218c01f405e493e3f0e267319cbb0ec22931da2014d5f719859321a8120ed84790f045af084edad1bc794c01a10706c74a049d1bfbfe558af7bfd90756f6c6c74d887f4636538f6ed3f8483607e8b8128867c6130abff02030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
15 {
"Ip": "42.192.1.130",
"Ports": ["42.192.1.130:80", "42.192.1.130:22", "42.192.1.130:50050"],
"DefaultBeaconResponses": {
"http://42.192.1.130:80/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
16 {
"Ip": "118.31.188.237",
"Ports": null,
"DefaultBeaconResponses": {},
"Jarm": "",
"Certificate": "",
"Beacons": null
}
17 {
"Ip": "139.129.243.114",
"Ports": ["139.129.243.114:80", "139.129.243.114:50050"],
"DefaultBeaconResponses": {
"http://139.129.243.114:80/": "404/0"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
18 {
"Ip": "118.24.9.34",
"Ports": ["118.24.9.34:80", "118.24.9.34:50050"],
"DefaultBeaconResponses": {
"http://118.24.9.34:80/": "404/315"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
19 {
"Ip": "119.23.8.187",
"Ports": ["119.23.8.187:22", "119.23.8.187:50050"],
"DefaultBeaconResponses": {},
"Jarm": "05d13d20d21d20d05c05d13d05d20dd7fc4c7c6ef19b77a4ca0787979cdc13",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
20 {
"Ip": "114.215.182.44",
"Ports": ["114.215.182.44:22", "114.215.182.44:8080", "114.215.182.44:50050"],
"DefaultBeaconResponses": {
"http://114.215.182.44:8080/": "404/0"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
21
2021 / 04 / 30 22: 43: 42 Error reading body: context deadline exceeded(Client.Timeout or context cancellation
while reading body) {
"Ip": "42.193.220.212",
"Ports": ["42.193.220.212:22", "42.193.220.212:80", "42.193.220.212:50050"],
"DefaultBeaconResponses": {
"http://42.193.220.212:80/": "200/14896"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
22 {
"Ip": "121.40.124.244",
"Ports": ["121.40.124.244:22", "121.40.124.244:50050"],
"DefaultBeaconResponses": {},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
23 {
"Ip": "120.26.44.254",
"Ports": ["120.26.44.254:22", "120.26.44.254:80", "120.26.44.254:8888", "120.26.44.254:50050"],
"DefaultBeaconResponses": {
"http://120.26.44.254:80/": "200/-1",
"http://120.26.44.254:8888/": "302/219"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
24
2021 / 04 / 30 22: 43: 47 Error reading body: context deadline exceeded(Client.Timeout or context cancellation
while reading body)
2021 / 04 / 30 22: 43: 48 Error reading body: context deadline exceeded(Client.Timeout or context cancellation
while reading body) {
"Ip": "121.5.152.196",
"Ports": ["121.5.152.196:22", "121.5.152.196:8099", "121.5.152.196:50050"],
"DefaultBeaconResponses": {
"http://121.5.152.196:8099/": "404/0"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://121.5.152.196:8099/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208973,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "121.5.152.196,/IE9CompatViewList.xml",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) LBBROWSER",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8099",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281819941a3dc4eba786cc78d93e2c560c47a4ccfea24e085ddf30149e88b951cd1df204fa7b3786bb2fd40ffd624c8d22b81ed0c19eed923d0374a3564284bc89aaae4cbfea9708497c344058dc538593c0ee15ad1f7282ea3c759e7e0fcff290c47fa2bfbc8c50fbe7d527906647090f21cbe77e7e68679c3cae5767269041a760902030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
25
2021 / 04 / 30 22: 43: 52 Error reading body: context deadline exceeded(Client.Timeout or context cancellation
while reading body) {
"Ip": "212.64.69.215",
"Ports": ["212.64.69.215:80", "212.64.69.215:22", "212.64.69.215:8888", "212.64.69.215:50050"],
"DefaultBeaconResponses": {
"http://212.64.69.215:80/": "200/-1",
"http://212.64.69.215:8888/": "404/0"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://212.64.69.215:8888/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208972,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "212.64.69.215,/updates.rss",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP02)",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8888",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281819855f58d5d9bc0c1f64b830d8886f4645de6534573635d50219708853863328a7d4fc6d82112ee0cec168e11a4158a6b38fa2a1d7c588e7ba01735e1793d7b86925bd492881ab56d539551c709edee487e260350d14446960861a99af5ec966cdd9b89946a25fb951dddd4788727836cae6125fab48eb7cfcd72b677f3f78e8702030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
26 {
"Ip": "118.195.162.4",
"Ports": ["118.195.162.4:80", "118.195.162.4:8080", "118.195.162.4:8888", "118.195.162.4:50050"],
"DefaultBeaconResponses": {
"http://118.195.162.4:80/": "200/2307",
"http://118.195.162.4:8080/": "200/0",
"http://118.195.162.4:8888/": "404/0"
},
"Jarm": "05d13d20d21d20d05c05d13d05d20dd7fc4c7c6ef19b77a4ca0787979cdc13",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://118.195.162.4:8888/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208965,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "118.195.162.4,/push",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8888",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d308189028181a70991d69d816a601ffa80976473830f0d3b41276d2790401ddedb18e2d3cab3c315e3222325be42b65adb2878f33f5a03ff5010b23e842a510c1482ad6a42f1e7e5726eb31813e7437640ed7879955f401e172c34d3517241596dd41f8e48d3d1b1c288e6c8752ff65dc27acccba4ba9cd6d0e4de6196cea4da480d3b99d0ed02030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
27 {
"Ip": "120.77.0.33",
"Ports": ["120.77.0.33:22", "120.77.0.33:4443", "120.77.0.33:50050"],
"DefaultBeaconResponses": {
"https://120.77.0.33:4443/": "404/0"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "https://120.77.0.33:4443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208959,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "120.77.0.33,/updates.rss",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "4443",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d308189028181a233044c17d1fe42f5d4a8db339353997094110134480af0f742c3eea2575d541ad2d433e49f6a1c8bcf3d440bb64fb7adc53c019b8becf36f3f205a0d5765f3c521674f87da3fe2a20b516cfdab57f7176ee7ef38d11c74cf985869d3cd182d0543c6a0e9d96805a2d019d5f56caa809903ed05204e933ccde72d356f23ff02030101",
"shouldChunkPosts": "0",
"ssl": "true",
"text_section": "0"
}
}]
}
28 {
"Ip": "121.4.249.122",
"Ports": ["121.4.249.122:22", "121.4.249.122:80", "121.4.249.122:8888", "121.4.249.122:50050"],
"DefaultBeaconResponses": {
"http://121.4.249.122:80/": "200/-1",
"http://121.4.249.122:8888/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://121.4.249.122:8888/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208460,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "121.4.249.122,/visit.js",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
".watermark": "1359593325",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8888",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d308189028181a42f854ae0c3eb4e510b342f20cd1387c117871176279d7486063afc6572e3b95a855cecb0be5289dfe3a216aaa07c9c369c1503a3cfd4763e6f6a92c44934a1c633b2e962c6a488ffaa7b62d1b0d72f2fd63dd3e9446a311b70f7bee4f5df33b69c90ec2327150c8f6ae1e00168bd6252cde9f631f572f87abe570b2bc8bcf902030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
29 {
"Ip": "39.102.55.191",
"Ports": ["39.102.55.191:22", "39.102.55.191:80", "39.102.55.191:443", "39.102.55.191:50050"],
"DefaultBeaconResponses": {
"http://39.102.55.191:80/": "200/2831",
"https://39.102.55.191:443/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "https://39.102.55.191:443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 206427,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "39.102.55.191,/en_US/all.js",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)",
".watermark": "16777216",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "443",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "bRڮ\ufffd\ufffd\ufffd\ufffd|+/{\ufffd\ufffd\ufffd\u000e",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d30818902818181291929ef7e968c234ae372ca91aa9227a549729db4a7cd348044c30fbc30934e49afaedc69e19646f1e2dccc511c59e4ebbe839c27083711d50eed75c666396bfbe579adc632172e91ebc3704d2deb61ef9a6551f2f1777b645fd31b2ea735bbd5b164524d522a0a142526dc05ec84fec34b4a6471196df2ccc33483fbb44302030101",
"shouldChunkPosts": "0",
"ssl": "true",
"text_section": "0"
}
}]
}
30 {
"Ip": "39.102.38.121",
"Ports": ["39.102.38.121:22", "39.102.38.121:4443", "39.102.38.121:50050"],
"DefaultBeaconResponses": {
"https://39.102.38.121:4443/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53",
"Certificate": "Microsoft Windows",
"Beacons": [{
"Uri": "https://39.102.38.121:4443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208960,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\n\u000bAccept: */*\u0010\u0014Host: www.amazon.com\u0007\u0003\u0002\u000esession-token=\u0002\u000cskin=noskin;\u0001,csm-hit=s-24KU11BB82RZSYGJ3BDK|1419899012996\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "39.102.38.121,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
".http-get.verb": "GET",
".http-post.client": "\n\u000bAccept: */*\n\u0016Content-Type: text/xml\n X-Requested-With: XMLHttpRequest\u0010\u0014Host: www.amazon.com\t\nsz=160x600\t\u0011oe=oe=ISO-8859-1;\u0007\u0005\u0002sn\t\u0006s=3717\t\"dc_ref=http%3A%2F%2Fwww.amazon.com\u0007\u0001\u0003\u0004",
".http-post.uri": "/N4215/adj/amzn.us.sr.aps",
".http-post.verb": "POST",
".jitter": "25",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "5000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "4443",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281818b0739cc14aa67f2e41595ad574fd5d7137c4e17492d87ca0ab67e637eb76de09c69dfa8403d607dfb432320c41b64f7e2740b117b98224aebddab541f20359d3deefe3c95811e0ffe3b3f9d9196219d4e7f6e42513b5c96685e85bc5b3ac133faadd4afbccc3fa4098788a4f50136a86ecac030be92b204344f049b1a2502030101",
"shouldChunkPosts": "0",
"ssl": "true",
"text_section": "0"
}
}]
}
31 {
"Ip": "106.14.247.149",
"Ports": ["106.14.247.149:1234", "106.14.247.149:22", "106.14.247.149:50050"],
"DefaultBeaconResponses": {
"http://106.14.247.149:1234/": "404/0"
},
"Jarm": "07d14d16d21d21d00042d41d00041d47e4e0ae17960b2a5b4fd6107fbb0926",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://106.14.247.149:1234/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208990,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "106.14.247.149,/visit.js",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "1234",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281819352527b27bf73fcc92457cf8cb1894ebd1104da185d18dceb28f159d74958d0ae657a3eba6e49c44484682d30a0381298e1ab921d608b3fda43077ab46e268a1160a62d2821b7f0bba5d96c4ea08581b2bb617bf80e5389f454cef53460b5e32bbf045b5d978631f1e0aa29305fc0b4e02e786c1f888d83997c0dceb043bf02030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
32 {
"Ip": "218.244.154.94",
"Ports": ["218.244.154.94:22", "218.244.154.94:80", "218.244.154.94:50050"],
"DefaultBeaconResponses": {
"http://218.244.154.94:80/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://218.244.154.94:80/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208986,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "218.244.154.94,/ga.js",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "80",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281818c31cc9dc6cb716fefa48ea93b1d3073f903540ca503322a230b4377b6a09a99cb460a3626ef0816adc8ace3368d64b2288e375d0323fb5f2b281d7427501c6deaee911120b46ab768de291580c40e847518e507dfaab241be560aeb23d249aa4e86e97dd51a13df5d65c13f767cac9dadafb46e8473fe738cd173dd407f517702030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
33 {
"Ip": "121.196.63.110",
"Ports": ["121.196.63.110:443", "121.196.63.110:80", "121.196.63.110:22", "121.196.63.110:50050"],
"DefaultBeaconResponses": {
"http://121.196.63.110:80/": "307/43",
"https://121.196.63.110:443/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Outlook.live.com",
"Beacons": [{
"Uri": "https://121.196.63.110:443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 210003,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "121.196.63.110,/cx",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUS)",
".watermark": "0",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "443",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d308189028181a738cde75f1fbb1c18646c377e03016b162b12ba72bdf7dc36b4cd2e4e9bae12205a95c26170bf908105ad7fa4bbccfa798632261bed9870f975f20794e1fe499523d71f08a56cae0315bfde3d6c8a16386b03b7a6551aa1336d50325a35db27d78ad8fd13b6a73b9fb7c3fb4d7a088e323f07618656ecd83595fa5f82361302030101",
"shouldChunkPosts": "0",
"ssl": "true",
"text_section": "0"
}
}]
}
34 {
"Ip": "121.40.52.156",
"Ports": ["121.40.52.156:80", "121.40.52.156:8080", "121.40.52.156:50050"],
"DefaultBeaconResponses": {
"http://121.40.52.156:80/": "200/2307",
"https://121.40.52.156:8080/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": null
}
35 {
"Ip": "49.235.198.76",
"Ports": ["49.235.198.76:80", "49.235.198.76:22", "49.235.198.76:8443", "49.235.198.76:8099", "49.235.198.76:50050"],
"DefaultBeaconResponses": {
"http://49.235.198.76:80/": "200/-1",
"http://49.235.198.76:8099/": "404/0",
"http://49.235.198.76:8443/": "404/0"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://49.235.198.76:8443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208975,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "106.75.162.166,/dot.gif",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP02)",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8443",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d308189028181a0e06736bee6b9911102876dc2ed9f19a1a9425f1f45f95f9bd2f5df1738c8f6e01fa7ab8204c0160960e5865436db8591823508d9fb9b99467a1da2246d1c9398acdc74cac51b4f94d13d2880ab9145ebd14e4a23dc3d27b5ca3b80972bcecd03e022987a9bcb6887583060ca5008a6c730d011a3da0dbee328be378832e85902030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}, {
"Uri": "http://49.235.198.76:8099/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208958,
"BeaconConfig": {
".cryptoscheme": "0",
".dns_idle": "0",
".dns_sleep ": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "49.235.198.76,/__utm.gif",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".maxdns": "255",
".pipename": "",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)",
".watermark": "305419896",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8099",
"process-inject-allocation-method": "0",
"process-inject-execute": "\u0001\u0002\u0003\u0004",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n",
"process-inject-transform-x64": "",
"process-inject-transform-x86": "",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d308189028181a0e06736bee6b9911102876dc2ed9f19a1a9425f1f45f95f9bd2f5df1738c8f6e01fa7ab8204c0160960e5865436db8591823508d9fb9b99467a1da2246d1c9398acdc74cac51b4f94d13d2880ab9145ebd14e4a23dc3d27b5ca3b80972bcecd03e022987a9bcb6887583060ca5008a6c730d011a3da0dbee328be378832e85902030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
36 {
"Ip": "120.92.139.155",
"Ports": ["120.92.139.155:80", "120.92.139.155:443", "120.92.139.155:22", "120.92.139.155:50050"],
"DefaultBeaconResponses": {
"http://120.92.139.155:80/": "404/0",
"https://120.92.139.155:443/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://120.92.139.155:80/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208465,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "120.92.139.155,/en_US/all.js",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)",
".watermark": "1359593325",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "80",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d308189028181981da74db5c4bbc2342370f4096ac1d17989f8af272d8269c4031f6bf42c1631a476b6e85f6ec0262ec7cae20857091cb74d09615e0151a5266a81a423bb03d82cf74d2ec2e71f9dace4272f2b6b8123aacedd57628883fef6a2481a29262cecd8e22609c0b13e79593cb2056fd687c2269ad6c36d05eb04c208abd7e8f7cc5702030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}, {
"Uri": "https://120.92.139.155:443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208464,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "120.92.139.155,/match",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)",
".watermark": "1359593325",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "443",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d308189028181981da74db5c4bbc2342370f4096ac1d17989f8af272d8269c4031f6bf42c1631a476b6e85f6ec0262ec7cae20857091cb74d09615e0151a5266a81a423bb03d82cf74d2ec2e71f9dace4272f2b6b8123aacedd57628883fef6a2481a29262cecd8e22609c0b13e79593cb2056fd687c2269ad6c36d05eb04c208abd7e8f7cc5702030101",
"shouldChunkPosts": "0",
"ssl": "true",
"text_section": "0"
}
}]
}
37 {
"Ip": "106.52.181.247",
"Ports": ["106.52.181.247:22", "106.52.181.247:443", "106.52.181.247:80", "106.52.181.247:8080", "106.52.181.247:50050"],
"DefaultBeaconResponses": {
"http://106.52.181.247:80/": "404/0",
"http://106.52.181.247:8080/": "404/0",
"https://106.52.181.247:443/": "404/0"
},
"Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "https://106.52.181.247:443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208450,
"BeaconConfig": {
"": "\u0004", ".cryptoscheme": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "106.52.181.247,/match",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)",
".watermark": "1359593325",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "443",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d30818902818185a43bfb07802692a61de6590a62f0d64f44f9394252f0ff0de802d3b6f4dbe6e4d813e68c3435d867ee665baf48b6292a4a9d634b0316f24b74a39050e819f465f5a995699b55d701e80dd8969c9afd34a838ff04b99c1bdd17511286dd087c2051358523e8f390435a471d36c0f9f7fd6992b7d0dd058c46afe15b3a36f3ef02030101",
"shouldChunkPosts": "0",
"ssl": "true",
"text_section": "0"
}
}, {
"Uri": "http://106.52.181.247:8080/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208446,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\u0007\u0003\u0006\u0006Cookie",
".http-get.server.output": "\u0004",
".http-get.uri": "106.52.181.247,/cx",
".http-get.verb": "GET",
".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004",
".http-post.uri": "/submit.php",
".http-post.verb": "POST",
".jitter": "0",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "0",
".user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
".watermark": "1359593325",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8080",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d30818902818185a43bfb07802692a61de6590a62f0d64f44f9394252f0ff0de802d3b6f4dbe6e4d813e68c3435d867ee665baf48b6292a4a9d634b0316f24b74a39050e819f465f5a995699b55d701e80dd8969c9afd34a838ff04b99c1bdd17511286dd087c2051358523e8f390435a471d36c0f9f7fd6992b7d0dd058c46afe15b3a36f3ef02030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}]
}
38 {
"Ip": "81.71.25.190",
"Ports": ["81.71.25.190:22", "81.71.25.190:8443", "81.71.25.190:8080", "81.71.25.190:8081", "81.71.25.190:8082", "81.71.25.190:50050", "81.71.25.190:9443"],
"DefaultBeaconResponses": {
"http://81.71.25.190:8080/": "404/0",
"http://81.71.25.190:8081/": "404/0",
"http://81.71.25.190:8082/": "404/0",
"http://81.71.25.190:8443/": "404/0",
"https://81.71.25.190:9443/": "404/0"
},
"Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175",
"Certificate": "Major Cobalt Strike",
"Beacons": [{
"Uri": "http://81.71.25.190:8443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208466,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\r\u0002\t__cfduid=\u0006\u0006Cookie",
".http-get.server.output": "\u0004\u0001\u0005\ufffd\u0002T\u0002\u000f[\r\u000f",
".http-get.uri": "81.71.25.190,/jquery-3.3.1.min.js",
".http-get.verb": "GET",
".http-post.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\u000f\r\u0005\u0008__cfduid\u0007\u0001\u000f\r\u0004",
".http-post.uri": "/jquery-3.3.2.min.js",
".http-post.verb": "POST",
".jitter": "37",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "1",
".user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
".watermark": "16777216",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8443",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281818d4227034fc251b7f8d0515bb5b2576145d02bba1bf38391e1c64a8081d55d6c4593b0b640dcc015abae85801ca9dc51adeae2b30be75deb410808d377f550364256303ef19cb989980b3e99f57b023ad327a686d7c9d2ac5ed4bfc5a2d327aec0bbd5410362a6b4fd3161035662bb1609b4498da42b27a306faac53c00288fb02030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}, {
"Uri": "http://81.71.25.190:8081/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208484,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\r\u0002\t__cfduid=\u0006\u0006Cookie",
".http-get.server.output": "\u0004\u0001\u0005\ufffd\u0002T\u0002\u000f[\r\u000f",
".http-get.uri": "81.71.25.190,/jquery-3.3.1.min.js",
".http-get.verb": "GET",
".http-post.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\u000f\r\u0005\u0008__cfduid\u0007\u0001\u000f\r\u0004",
".http-post.uri": "/jquery-3.3.2.min.js",
".http-post.verb": "POST",
".jitter": "37",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "1",
".user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
".watermark": "16777216",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8081",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281818d4227034fc251b7f8d0515bb5b2576145d02bba1bf38391e1c64a8081d55d6c4593b0b640dcc015abae85801ca9dc51adeae2b30be75deb410808d377f550364256303ef19cb989980b3e99f57b023ad327a686d7c9d2ac5ed4bfc5a2d327aec0bbd5410362a6b4fd3161035662bb1609b4498da42b27a306faac53c00288fb02030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}, {
"Uri": "http://81.71.25.190:8082/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208469,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\r\u0002\t__cfduid=\u0006\u0006Cookie",
".http-get.server.output": "\u0004\u0001\u0005\ufffd\u0002T\u0002\u000f[\r\u000f",
".http-get.uri": "81.71.25.190,/jquery-3.3.1.min.js",
".http-get.verb": "GET",
".http-post.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\u000f\r\u0005\u0008__cfduid\u0007\u0001\u000f\r\u0004",
".http-post.uri": "/jquery-3.3.2.min.js",
".http-post.verb": "POST",
".jitter": "37",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "1",
".user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
".watermark": "16777216",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "8082",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281818d4227034fc251b7f8d0515bb5b2576145d02bba1bf38391e1c64a8081d55d6c4593b0b640dcc015abae85801ca9dc51adeae2b30be75deb410808d377f550364256303ef19cb989980b3e99f57b023ad327a686d7c9d2ac5ed4bfc5a2d327aec0bbd5410362a6b4fd3161035662bb1609b4498da42b27a306faac53c00288fb02030101",
"shouldChunkPosts": "0",
"ssl": "false",
"text_section": "0"
}
}, {
"Uri": "https://81.71.25.190:9443/aaa9",
"Body": "",
"StatusCode": 200,
"ContentLength": 208460,
"BeaconConfig": {
"": "\u0004",
".cryptoscheme": "0",
".http-get.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\r\u0002\t__cfduid=\u0006\u0006Cookie",
".http-get.server.output": "\u0004\u0001\u0005\ufffd\u0002T\u0002\u000f[\r\u000f",
".http-get.uri": "81.71.25.190,/jquery-3.3.1.min.js",
".http-get.verb": "GET",
".http-post.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\u000f\r\u0005\u0008__cfduid\u0007\u0001\u000f\r\u0004",
".http-post.uri": "/jquery-3.3.2.min.js",
".http-post.verb": "POST",
".jitter": "37",
".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
".proxy_type": "2",
".sleeptime": "60000",
".spawto": "",
".stage.cleanup": "1",
".user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
".watermark": "16777216",
"CFGCaution": "0",
"cookieBeacon": "1",
"dns": "false",
"funk": "0",
"host_header": "",
"killdate": "0",
"port": "9443",
"process-inject-min_alloc": "0",
"process-inject-start-rwx": "64",
"process-inject-use-rwx": "64",
"publickey": "30819f300d06092a864886f70d0101010503818d3081890281818d4227034fc251b7f8d0515bb5b2576145d02bba1bf38391e1c64a8081d55d6c4593b0b640dcc015abae85801ca9dc51adeae2b30be75deb410808d377f550364256303ef19cb989980b3e99f57b023ad327a686d7c9d2ac5ed4bfc5a2d327aec0bbd5410362a6b4fd3161035662bb1609b4498da42b27a306faac53c00288fb02030101",
"shouldChunkPosts": "0",
"ssl": "true",
"text_section": "0"
}
}]
}
39
Time: 1 m8 .717329036 s
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment