Created
May 3, 2021 16:47
-
-
Save MichaelKoczwara/7a6a1d366db0e43d024524cff7b31759 to your computer and use it in GitHub Desktop.
Cobalt Strike/C2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Ip": "42.193.225.116", | |
| "Ports": ["42.193.225.116:22", "42.193.225.116:8888"], | |
| "DefaultBeaconResponses": { | |
| "http://42.193.225.116:8888/": "302/219" | |
| }, | |
| "Jarm": "", | |
| "Certificate": "", | |
| "Beacons": null | |
| } | |
| 0 { | |
| "Ip": "114.117.213.24", | |
| "Ports": ["114.117.213.24:1234", "114.117.213.24:3000", "114.117.213.24:8089"], | |
| "DefaultBeaconResponses": { | |
| "http://114.117.213.24:3000/": "200/-1" | |
| }, | |
| "Jarm": "", | |
| "Certificate": "", | |
| "Beacons": null | |
| } | |
| 1 { | |
| "Ip": "175.27.236.117", | |
| "Ports": ["175.27.236.117:22", "175.27.236.117:80"], | |
| "DefaultBeaconResponses": { | |
| "http://175.27.236.117:80/": "200/-1" | |
| }, | |
| "Jarm": "00000000000000000000000000000000000000000000000000000000000000", | |
| "Certificate": "", | |
| "Beacons": null | |
| } | |
| 2 { | |
| "Ip": "121.5.10.238", | |
| "Ports": ["121.5.10.238:22", "121.5.10.238:50050"], | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 3 { | |
| "Ip": "47.107.78.225", | |
| "Ports": ["47.107.78.225:22", "47.107.78.225:50050"], | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 4 { | |
| "Ip": "123.57.209.41", | |
| "Ports": ["123.57.209.41:22", "123.57.209.41:80", "123.57.209.41:443", "123.57.209.41:8080", "123.57.209.41:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://123.57.209.41:80/": "404/-1", | |
| "http://123.57.209.41:8080/": "302/35" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 5 { | |
| "Ip": "47.118.40.231", | |
| "Ports": ["47.118.40.231:22", "47.118.40.231:50050"], | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53", | |
| "Certificate": "Outlook.live.com", | |
| "Beacons": null | |
| } | |
| 6 { | |
| "Ip": "121.5.117.32", | |
| "Ports": ["121.5.117.32:22", "121.5.117.32:50050"], | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 7 { | |
| "Ip": "118.31.188.237", | |
| "Ports": null, | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "", | |
| "Certificate": "", | |
| "Beacons": null | |
| } | |
| 8 { | |
| "Ip": "140.143.168.220", | |
| "Ports": ["140.143.168.220:22", "140.143.168.220:8888", "140.143.168.220:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://140.143.168.220:8888/": "302/219" | |
| }, | |
| "Jarm": "07d14d16d21d21d00007d14d07d21d3fe87b802002478c27f1c0da514dbf80", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 9 { | |
| "Ip": "81.68.107.151", | |
| "Ports": ["81.68.107.151:22", "81.68.107.151:50050"], | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 10 { | |
| "Ip": "101.201.145.63", | |
| "Ports": ["101.201.145.63:22", "101.201.145.63:80", "101.201.145.63:8090", "101.201.145.63:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://101.201.145.63:80/": "200/-1", | |
| "http://101.201.145.63:8090/": "200/194" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 11 { | |
| "Ip": "47.100.95.224", | |
| "Ports": ["47.100.95.224:22"], | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "", | |
| "Certificate": "", | |
| "Beacons": null | |
| } | |
| 12 { | |
| "Ip": "106.14.38.189", | |
| "Ports": ["106.14.38.189:80", "106.14.38.189:22", "106.14.38.189:8888", "106.14.38.189:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://106.14.38.189:80/": "200/917", | |
| "http://106.14.38.189:8888/": "302/219" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 13 { | |
| "Ip": "62.234.99.204", | |
| "Ports": ["62.234.99.204:22", "62.234.99.204:443", "62.234.99.204:80", "62.234.99.204:8080", "62.234.99.204:8888", "62.234.99.204:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://62.234.99.204:443/": "302/138", | |
| "http://62.234.99.204:80/": "200/-1", | |
| "http://62.234.99.204:8080/": "200/-1", | |
| "http://62.234.99.204:8888/": "302/219" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 14 { | |
| "Ip": "139.199.118.78", | |
| "Ports": ["139.199.118.78:22", "139.199.118.78:80", "139.199.118.78:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://139.199.118.78:80/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d00042d41d00041d47e4e0ae17960b2a5b4fd6107fbb0926", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://139.199.118.78:80/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208961, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "139.199.118.78,/g.pixel", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "80", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281819603b6a5d4bdad9bf65d7ce80789268f0c2e2ef806dd7a191cca2b404df93d3a06139da9c9193266b16218c01f405e493e3f0e267319cbb0ec22931da2014d5f719859321a8120ed84790f045af084edad1bc794c01a10706c74a049d1bfbfe558af7bfd90756f6c6c74d887f4636538f6ed3f8483607e8b8128867c6130abff02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 15 { | |
| "Ip": "42.192.1.130", | |
| "Ports": ["42.192.1.130:80", "42.192.1.130:22", "42.192.1.130:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://42.192.1.130:80/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 16 { | |
| "Ip": "118.31.188.237", | |
| "Ports": null, | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "", | |
| "Certificate": "", | |
| "Beacons": null | |
| } | |
| 17 { | |
| "Ip": "139.129.243.114", | |
| "Ports": ["139.129.243.114:80", "139.129.243.114:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://139.129.243.114:80/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 18 { | |
| "Ip": "118.24.9.34", | |
| "Ports": ["118.24.9.34:80", "118.24.9.34:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://118.24.9.34:80/": "404/315" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 19 { | |
| "Ip": "119.23.8.187", | |
| "Ports": ["119.23.8.187:22", "119.23.8.187:50050"], | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "05d13d20d21d20d05c05d13d05d20dd7fc4c7c6ef19b77a4ca0787979cdc13", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 20 { | |
| "Ip": "114.215.182.44", | |
| "Ports": ["114.215.182.44:22", "114.215.182.44:8080", "114.215.182.44:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://114.215.182.44:8080/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 21 | |
| 2021 / 04 / 30 22: 43: 42 Error reading body: context deadline exceeded(Client.Timeout or context cancellation | |
| while reading body) { | |
| "Ip": "42.193.220.212", | |
| "Ports": ["42.193.220.212:22", "42.193.220.212:80", "42.193.220.212:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://42.193.220.212:80/": "200/14896" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 22 { | |
| "Ip": "121.40.124.244", | |
| "Ports": ["121.40.124.244:22", "121.40.124.244:50050"], | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 23 { | |
| "Ip": "120.26.44.254", | |
| "Ports": ["120.26.44.254:22", "120.26.44.254:80", "120.26.44.254:8888", "120.26.44.254:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://120.26.44.254:80/": "200/-1", | |
| "http://120.26.44.254:8888/": "302/219" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 24 | |
| 2021 / 04 / 30 22: 43: 47 Error reading body: context deadline exceeded(Client.Timeout or context cancellation | |
| while reading body) | |
| 2021 / 04 / 30 22: 43: 48 Error reading body: context deadline exceeded(Client.Timeout or context cancellation | |
| while reading body) { | |
| "Ip": "121.5.152.196", | |
| "Ports": ["121.5.152.196:22", "121.5.152.196:8099", "121.5.152.196:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://121.5.152.196:8099/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://121.5.152.196:8099/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208973, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "121.5.152.196,/IE9CompatViewList.xml", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) LBBROWSER", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8099", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281819941a3dc4eba786cc78d93e2c560c47a4ccfea24e085ddf30149e88b951cd1df204fa7b3786bb2fd40ffd624c8d22b81ed0c19eed923d0374a3564284bc89aaae4cbfea9708497c344058dc538593c0ee15ad1f7282ea3c759e7e0fcff290c47fa2bfbc8c50fbe7d527906647090f21cbe77e7e68679c3cae5767269041a760902030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 25 | |
| 2021 / 04 / 30 22: 43: 52 Error reading body: context deadline exceeded(Client.Timeout or context cancellation | |
| while reading body) { | |
| "Ip": "212.64.69.215", | |
| "Ports": ["212.64.69.215:80", "212.64.69.215:22", "212.64.69.215:8888", "212.64.69.215:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://212.64.69.215:80/": "200/-1", | |
| "http://212.64.69.215:8888/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://212.64.69.215:8888/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208972, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "212.64.69.215,/updates.rss", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP02)", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8888", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281819855f58d5d9bc0c1f64b830d8886f4645de6534573635d50219708853863328a7d4fc6d82112ee0cec168e11a4158a6b38fa2a1d7c588e7ba01735e1793d7b86925bd492881ab56d539551c709edee487e260350d14446960861a99af5ec966cdd9b89946a25fb951dddd4788727836cae6125fab48eb7cfcd72b677f3f78e8702030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 26 { | |
| "Ip": "118.195.162.4", | |
| "Ports": ["118.195.162.4:80", "118.195.162.4:8080", "118.195.162.4:8888", "118.195.162.4:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://118.195.162.4:80/": "200/2307", | |
| "http://118.195.162.4:8080/": "200/0", | |
| "http://118.195.162.4:8888/": "404/0" | |
| }, | |
| "Jarm": "05d13d20d21d20d05c05d13d05d20dd7fc4c7c6ef19b77a4ca0787979cdc13", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://118.195.162.4:8888/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208965, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "118.195.162.4,/push", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8888", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d308189028181a70991d69d816a601ffa80976473830f0d3b41276d2790401ddedb18e2d3cab3c315e3222325be42b65adb2878f33f5a03ff5010b23e842a510c1482ad6a42f1e7e5726eb31813e7437640ed7879955f401e172c34d3517241596dd41f8e48d3d1b1c288e6c8752ff65dc27acccba4ba9cd6d0e4de6196cea4da480d3b99d0ed02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 27 { | |
| "Ip": "120.77.0.33", | |
| "Ports": ["120.77.0.33:22", "120.77.0.33:4443", "120.77.0.33:50050"], | |
| "DefaultBeaconResponses": { | |
| "https://120.77.0.33:4443/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "https://120.77.0.33:4443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208959, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "120.77.0.33,/updates.rss", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "4443", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d308189028181a233044c17d1fe42f5d4a8db339353997094110134480af0f742c3eea2575d541ad2d433e49f6a1c8bcf3d440bb64fb7adc53c019b8becf36f3f205a0d5765f3c521674f87da3fe2a20b516cfdab57f7176ee7ef38d11c74cf985869d3cd182d0543c6a0e9d96805a2d019d5f56caa809903ed05204e933ccde72d356f23ff02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "true", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 28 { | |
| "Ip": "121.4.249.122", | |
| "Ports": ["121.4.249.122:22", "121.4.249.122:80", "121.4.249.122:8888", "121.4.249.122:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://121.4.249.122:80/": "200/-1", | |
| "http://121.4.249.122:8888/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://121.4.249.122:8888/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208460, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "121.4.249.122,/visit.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)", | |
| ".watermark": "1359593325", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8888", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d308189028181a42f854ae0c3eb4e510b342f20cd1387c117871176279d7486063afc6572e3b95a855cecb0be5289dfe3a216aaa07c9c369c1503a3cfd4763e6f6a92c44934a1c633b2e962c6a488ffaa7b62d1b0d72f2fd63dd3e9446a311b70f7bee4f5df33b69c90ec2327150c8f6ae1e00168bd6252cde9f631f572f87abe570b2bc8bcf902030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 29 { | |
| "Ip": "39.102.55.191", | |
| "Ports": ["39.102.55.191:22", "39.102.55.191:80", "39.102.55.191:443", "39.102.55.191:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://39.102.55.191:80/": "200/2831", | |
| "https://39.102.55.191:443/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "https://39.102.55.191:443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 206427, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "39.102.55.191,/en_US/all.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)", | |
| ".watermark": "16777216", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "443", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "bRڮ\ufffd\ufffd\ufffd\ufffd|+/{\ufffd\ufffd\ufffd\u000e", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d30818902818181291929ef7e968c234ae372ca91aa9227a549729db4a7cd348044c30fbc30934e49afaedc69e19646f1e2dccc511c59e4ebbe839c27083711d50eed75c666396bfbe579adc632172e91ebc3704d2deb61ef9a6551f2f1777b645fd31b2ea735bbd5b164524d522a0a142526dc05ec84fec34b4a6471196df2ccc33483fbb44302030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "true", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 30 { | |
| "Ip": "39.102.38.121", | |
| "Ports": ["39.102.38.121:22", "39.102.38.121:4443", "39.102.38.121:50050"], | |
| "DefaultBeaconResponses": { | |
| "https://39.102.38.121:4443/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53", | |
| "Certificate": "Microsoft Windows", | |
| "Beacons": [{ | |
| "Uri": "https://39.102.38.121:4443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208960, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\n\u000bAccept: */*\u0010\u0014Host: www.amazon.com\u0007\u0003\u0002\u000esession-token=\u0002\u000cskin=noskin;\u0001,csm-hit=s-24KU11BB82RZSYGJ3BDK|1419899012996\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "39.102.38.121,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u000bAccept: */*\n\u0016Content-Type: text/xml\n X-Requested-With: XMLHttpRequest\u0010\u0014Host: www.amazon.com\t\nsz=160x600\t\u0011oe=oe=ISO-8859-1;\u0007\u0005\u0002sn\t\u0006s=3717\t\"dc_ref=http%3A%2F%2Fwww.amazon.com\u0007\u0001\u0003\u0004", | |
| ".http-post.uri": "/N4215/adj/amzn.us.sr.aps", | |
| ".http-post.verb": "POST", | |
| ".jitter": "25", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "5000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "4443", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281818b0739cc14aa67f2e41595ad574fd5d7137c4e17492d87ca0ab67e637eb76de09c69dfa8403d607dfb432320c41b64f7e2740b117b98224aebddab541f20359d3deefe3c95811e0ffe3b3f9d9196219d4e7f6e42513b5c96685e85bc5b3ac133faadd4afbccc3fa4098788a4f50136a86ecac030be92b204344f049b1a2502030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "true", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 31 { | |
| "Ip": "106.14.247.149", | |
| "Ports": ["106.14.247.149:1234", "106.14.247.149:22", "106.14.247.149:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://106.14.247.149:1234/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d00042d41d00041d47e4e0ae17960b2a5b4fd6107fbb0926", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://106.14.247.149:1234/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208990, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "106.14.247.149,/visit.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "1234", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281819352527b27bf73fcc92457cf8cb1894ebd1104da185d18dceb28f159d74958d0ae657a3eba6e49c44484682d30a0381298e1ab921d608b3fda43077ab46e268a1160a62d2821b7f0bba5d96c4ea08581b2bb617bf80e5389f454cef53460b5e32bbf045b5d978631f1e0aa29305fc0b4e02e786c1f888d83997c0dceb043bf02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 32 { | |
| "Ip": "218.244.154.94", | |
| "Ports": ["218.244.154.94:22", "218.244.154.94:80", "218.244.154.94:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://218.244.154.94:80/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://218.244.154.94:80/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208986, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "218.244.154.94,/ga.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "80", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281818c31cc9dc6cb716fefa48ea93b1d3073f903540ca503322a230b4377b6a09a99cb460a3626ef0816adc8ace3368d64b2288e375d0323fb5f2b281d7427501c6deaee911120b46ab768de291580c40e847518e507dfaab241be560aeb23d249aa4e86e97dd51a13df5d65c13f767cac9dadafb46e8473fe738cd173dd407f517702030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 33 { | |
| "Ip": "121.196.63.110", | |
| "Ports": ["121.196.63.110:443", "121.196.63.110:80", "121.196.63.110:22", "121.196.63.110:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://121.196.63.110:80/": "307/43", | |
| "https://121.196.63.110:443/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Outlook.live.com", | |
| "Beacons": [{ | |
| "Uri": "https://121.196.63.110:443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 210003, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "121.196.63.110,/cx", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUS)", | |
| ".watermark": "0", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "443", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d308189028181a738cde75f1fbb1c18646c377e03016b162b12ba72bdf7dc36b4cd2e4e9bae12205a95c26170bf908105ad7fa4bbccfa798632261bed9870f975f20794e1fe499523d71f08a56cae0315bfde3d6c8a16386b03b7a6551aa1336d50325a35db27d78ad8fd13b6a73b9fb7c3fb4d7a088e323f07618656ecd83595fa5f82361302030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "true", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 34 { | |
| "Ip": "121.40.52.156", | |
| "Ports": ["121.40.52.156:80", "121.40.52.156:8080", "121.40.52.156:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://121.40.52.156:80/": "200/2307", | |
| "https://121.40.52.156:8080/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 35 { | |
| "Ip": "49.235.198.76", | |
| "Ports": ["49.235.198.76:80", "49.235.198.76:22", "49.235.198.76:8443", "49.235.198.76:8099", "49.235.198.76:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://49.235.198.76:80/": "200/-1", | |
| "http://49.235.198.76:8099/": "404/0", | |
| "http://49.235.198.76:8443/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://49.235.198.76:8443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208975, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "106.75.162.166,/dot.gif", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP02)", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8443", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d308189028181a0e06736bee6b9911102876dc2ed9f19a1a9425f1f45f95f9bd2f5df1738c8f6e01fa7ab8204c0160960e5865436db8591823508d9fb9b99467a1da2246d1c9398acdc74cac51b4f94d13d2880ab9145ebd14e4a23dc3d27b5ca3b80972bcecd03e022987a9bcb6887583060ca5008a6c730d011a3da0dbee328be378832e85902030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }, { | |
| "Uri": "http://49.235.198.76:8099/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208958, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "49.235.198.76,/__utm.gif", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8099", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d308189028181a0e06736bee6b9911102876dc2ed9f19a1a9425f1f45f95f9bd2f5df1738c8f6e01fa7ab8204c0160960e5865436db8591823508d9fb9b99467a1da2246d1c9398acdc74cac51b4f94d13d2880ab9145ebd14e4a23dc3d27b5ca3b80972bcecd03e022987a9bcb6887583060ca5008a6c730d011a3da0dbee328be378832e85902030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 36 { | |
| "Ip": "120.92.139.155", | |
| "Ports": ["120.92.139.155:80", "120.92.139.155:443", "120.92.139.155:22", "120.92.139.155:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://120.92.139.155:80/": "404/0", | |
| "https://120.92.139.155:443/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://120.92.139.155:80/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208465, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "120.92.139.155,/en_US/all.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)", | |
| ".watermark": "1359593325", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "80", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d308189028181981da74db5c4bbc2342370f4096ac1d17989f8af272d8269c4031f6bf42c1631a476b6e85f6ec0262ec7cae20857091cb74d09615e0151a5266a81a423bb03d82cf74d2ec2e71f9dace4272f2b6b8123aacedd57628883fef6a2481a29262cecd8e22609c0b13e79593cb2056fd687c2269ad6c36d05eb04c208abd7e8f7cc5702030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }, { | |
| "Uri": "https://120.92.139.155:443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208464, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "120.92.139.155,/match", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)", | |
| ".watermark": "1359593325", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "443", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d308189028181981da74db5c4bbc2342370f4096ac1d17989f8af272d8269c4031f6bf42c1631a476b6e85f6ec0262ec7cae20857091cb74d09615e0151a5266a81a423bb03d82cf74d2ec2e71f9dace4272f2b6b8123aacedd57628883fef6a2481a29262cecd8e22609c0b13e79593cb2056fd687c2269ad6c36d05eb04c208abd7e8f7cc5702030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "true", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 37 { | |
| "Ip": "106.52.181.247", | |
| "Ports": ["106.52.181.247:22", "106.52.181.247:443", "106.52.181.247:80", "106.52.181.247:8080", "106.52.181.247:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://106.52.181.247:80/": "404/0", | |
| "http://106.52.181.247:8080/": "404/0", | |
| "https://106.52.181.247:443/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "https://106.52.181.247:443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208450, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "106.52.181.247,/match", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", | |
| ".watermark": "1359593325", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "443", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d30818902818185a43bfb07802692a61de6590a62f0d64f44f9394252f0ff0de802d3b6f4dbe6e4d813e68c3435d867ee665baf48b6292a4a9d634b0316f24b74a39050e819f465f5a995699b55d701e80dd8969c9afd34a838ff04b99c1bdd17511286dd087c2051358523e8f390435a471d36c0f9f7fd6992b7d0dd058c46afe15b3a36f3ef02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "true", | |
| "text_section": "0" | |
| } | |
| }, { | |
| "Uri": "http://106.52.181.247:8080/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208446, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "106.52.181.247,/cx", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)", | |
| ".watermark": "1359593325", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8080", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d30818902818185a43bfb07802692a61de6590a62f0d64f44f9394252f0ff0de802d3b6f4dbe6e4d813e68c3435d867ee665baf48b6292a4a9d634b0316f24b74a39050e819f465f5a995699b55d701e80dd8969c9afd34a838ff04b99c1bdd17511286dd087c2051358523e8f390435a471d36c0f9f7fd6992b7d0dd058c46afe15b3a36f3ef02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 38 { | |
| "Ip": "81.71.25.190", | |
| "Ports": ["81.71.25.190:22", "81.71.25.190:8443", "81.71.25.190:8080", "81.71.25.190:8081", "81.71.25.190:8082", "81.71.25.190:50050", "81.71.25.190:9443"], | |
| "DefaultBeaconResponses": { | |
| "http://81.71.25.190:8080/": "404/0", | |
| "http://81.71.25.190:8081/": "404/0", | |
| "http://81.71.25.190:8082/": "404/0", | |
| "http://81.71.25.190:8443/": "404/0", | |
| "https://81.71.25.190:9443/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://81.71.25.190:8443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208466, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\r\u0002\t__cfduid=\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004\u0001\u0005\ufffd\u0002T\u0002\u000f[\r\u000f", | |
| ".http-get.uri": "81.71.25.190,/jquery-3.3.1.min.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\u000f\r\u0005\u0008__cfduid\u0007\u0001\u000f\r\u0004", | |
| ".http-post.uri": "/jquery-3.3.2.min.js", | |
| ".http-post.verb": "POST", | |
| ".jitter": "37", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "1", | |
| ".user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko", | |
| ".watermark": "16777216", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8443", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281818d4227034fc251b7f8d0515bb5b2576145d02bba1bf38391e1c64a8081d55d6c4593b0b640dcc015abae85801ca9dc51adeae2b30be75deb410808d377f550364256303ef19cb989980b3e99f57b023ad327a686d7c9d2ac5ed4bfc5a2d327aec0bbd5410362a6b4fd3161035662bb1609b4498da42b27a306faac53c00288fb02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }, { | |
| "Uri": "http://81.71.25.190:8081/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208484, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\r\u0002\t__cfduid=\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004\u0001\u0005\ufffd\u0002T\u0002\u000f[\r\u000f", | |
| ".http-get.uri": "81.71.25.190,/jquery-3.3.1.min.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\u000f\r\u0005\u0008__cfduid\u0007\u0001\u000f\r\u0004", | |
| ".http-post.uri": "/jquery-3.3.2.min.js", | |
| ".http-post.verb": "POST", | |
| ".jitter": "37", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "1", | |
| ".user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko", | |
| ".watermark": "16777216", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8081", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281818d4227034fc251b7f8d0515bb5b2576145d02bba1bf38391e1c64a8081d55d6c4593b0b640dcc015abae85801ca9dc51adeae2b30be75deb410808d377f550364256303ef19cb989980b3e99f57b023ad327a686d7c9d2ac5ed4bfc5a2d327aec0bbd5410362a6b4fd3161035662bb1609b4498da42b27a306faac53c00288fb02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }, { | |
| "Uri": "http://81.71.25.190:8082/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208469, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\r\u0002\t__cfduid=\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004\u0001\u0005\ufffd\u0002T\u0002\u000f[\r\u000f", | |
| ".http-get.uri": "81.71.25.190,/jquery-3.3.1.min.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\u000f\r\u0005\u0008__cfduid\u0007\u0001\u000f\r\u0004", | |
| ".http-post.uri": "/jquery-3.3.2.min.js", | |
| ".http-post.verb": "POST", | |
| ".jitter": "37", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "1", | |
| ".user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko", | |
| ".watermark": "16777216", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8082", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281818d4227034fc251b7f8d0515bb5b2576145d02bba1bf38391e1c64a8081d55d6c4593b0b640dcc015abae85801ca9dc51adeae2b30be75deb410808d377f550364256303ef19cb989980b3e99f57b023ad327a686d7c9d2ac5ed4bfc5a2d327aec0bbd5410362a6b4fd3161035662bb1609b4498da42b27a306faac53c00288fb02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }, { | |
| "Uri": "https://81.71.25.190:9443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208460, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\r\u0002\t__cfduid=\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004\u0001\u0005\ufffd\u0002T\u0002\u000f[\r\u000f", | |
| ".http-get.uri": "81.71.25.190,/jquery-3.3.1.min.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\u000f\r\u0005\u0008__cfduid\u0007\u0001\u000f\r\u0004", | |
| ".http-post.uri": "/jquery-3.3.2.min.js", | |
| ".http-post.verb": "POST", | |
| ".jitter": "37", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "1", | |
| ".user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko", | |
| ".watermark": "16777216", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "9443", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281818d4227034fc251b7f8d0515bb5b2576145d02bba1bf38391e1c64a8081d55d6c4593b0b640dcc015abae85801ca9dc51adeae2b30be75deb410808d377f550364256303ef19cb989980b3e99f57b023ad327a686d7c9d2ac5ed4bfc5a2d327aec0bbd5410362a6b4fd3161035662bb1609b4498da42b27a306faac53c00288fb02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "true", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 39 | |
| Time: 1 m8 .717329036 s { | |
| "Ip": "42.193.225.116", | |
| "Ports": ["42.193.225.116:22", "42.193.225.116:8888"], | |
| "DefaultBeaconResponses": { | |
| "http://42.193.225.116:8888/": "302/219" | |
| }, | |
| "Jarm": "", | |
| "Certificate": "", | |
| "Beacons": null | |
| } | |
| 0 { | |
| "Ip": "114.117.213.24", | |
| "Ports": ["114.117.213.24:1234", "114.117.213.24:3000", "114.117.213.24:8089"], | |
| "DefaultBeaconResponses": { | |
| "http://114.117.213.24:3000/": "200/-1" | |
| }, | |
| "Jarm": "", | |
| "Certificate": "", | |
| "Beacons": null | |
| } | |
| 1 { | |
| "Ip": "175.27.236.117", | |
| "Ports": ["175.27.236.117:22", "175.27.236.117:80"], | |
| "DefaultBeaconResponses": { | |
| "http://175.27.236.117:80/": "200/-1" | |
| }, | |
| "Jarm": "00000000000000000000000000000000000000000000000000000000000000", | |
| "Certificate": "", | |
| "Beacons": null | |
| } | |
| 2 { | |
| "Ip": "121.5.10.238", | |
| "Ports": ["121.5.10.238:22", "121.5.10.238:50050"], | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 3 { | |
| "Ip": "47.107.78.225", | |
| "Ports": ["47.107.78.225:22", "47.107.78.225:50050"], | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 4 { | |
| "Ip": "123.57.209.41", | |
| "Ports": ["123.57.209.41:22", "123.57.209.41:80", "123.57.209.41:443", "123.57.209.41:8080", "123.57.209.41:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://123.57.209.41:80/": "404/-1", | |
| "http://123.57.209.41:8080/": "302/35" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 5 { | |
| "Ip": "47.118.40.231", | |
| "Ports": ["47.118.40.231:22", "47.118.40.231:50050"], | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53", | |
| "Certificate": "Outlook.live.com", | |
| "Beacons": null | |
| } | |
| 6 { | |
| "Ip": "121.5.117.32", | |
| "Ports": ["121.5.117.32:22", "121.5.117.32:50050"], | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 7 { | |
| "Ip": "118.31.188.237", | |
| "Ports": null, | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "", | |
| "Certificate": "", | |
| "Beacons": null | |
| } | |
| 8 { | |
| "Ip": "140.143.168.220", | |
| "Ports": ["140.143.168.220:22", "140.143.168.220:8888", "140.143.168.220:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://140.143.168.220:8888/": "302/219" | |
| }, | |
| "Jarm": "07d14d16d21d21d00007d14d07d21d3fe87b802002478c27f1c0da514dbf80", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 9 { | |
| "Ip": "81.68.107.151", | |
| "Ports": ["81.68.107.151:22", "81.68.107.151:50050"], | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 10 { | |
| "Ip": "101.201.145.63", | |
| "Ports": ["101.201.145.63:22", "101.201.145.63:80", "101.201.145.63:8090", "101.201.145.63:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://101.201.145.63:80/": "200/-1", | |
| "http://101.201.145.63:8090/": "200/194" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 11 { | |
| "Ip": "47.100.95.224", | |
| "Ports": ["47.100.95.224:22"], | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "", | |
| "Certificate": "", | |
| "Beacons": null | |
| } | |
| 12 { | |
| "Ip": "106.14.38.189", | |
| "Ports": ["106.14.38.189:80", "106.14.38.189:22", "106.14.38.189:8888", "106.14.38.189:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://106.14.38.189:80/": "200/917", | |
| "http://106.14.38.189:8888/": "302/219" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 13 { | |
| "Ip": "62.234.99.204", | |
| "Ports": ["62.234.99.204:22", "62.234.99.204:443", "62.234.99.204:80", "62.234.99.204:8080", "62.234.99.204:8888", "62.234.99.204:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://62.234.99.204:443/": "302/138", | |
| "http://62.234.99.204:80/": "200/-1", | |
| "http://62.234.99.204:8080/": "200/-1", | |
| "http://62.234.99.204:8888/": "302/219" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 14 { | |
| "Ip": "139.199.118.78", | |
| "Ports": ["139.199.118.78:22", "139.199.118.78:80", "139.199.118.78:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://139.199.118.78:80/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d00042d41d00041d47e4e0ae17960b2a5b4fd6107fbb0926", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://139.199.118.78:80/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208961, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "139.199.118.78,/g.pixel", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "80", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281819603b6a5d4bdad9bf65d7ce80789268f0c2e2ef806dd7a191cca2b404df93d3a06139da9c9193266b16218c01f405e493e3f0e267319cbb0ec22931da2014d5f719859321a8120ed84790f045af084edad1bc794c01a10706c74a049d1bfbfe558af7bfd90756f6c6c74d887f4636538f6ed3f8483607e8b8128867c6130abff02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 15 { | |
| "Ip": "42.192.1.130", | |
| "Ports": ["42.192.1.130:80", "42.192.1.130:22", "42.192.1.130:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://42.192.1.130:80/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 16 { | |
| "Ip": "118.31.188.237", | |
| "Ports": null, | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "", | |
| "Certificate": "", | |
| "Beacons": null | |
| } | |
| 17 { | |
| "Ip": "139.129.243.114", | |
| "Ports": ["139.129.243.114:80", "139.129.243.114:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://139.129.243.114:80/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 18 { | |
| "Ip": "118.24.9.34", | |
| "Ports": ["118.24.9.34:80", "118.24.9.34:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://118.24.9.34:80/": "404/315" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 19 { | |
| "Ip": "119.23.8.187", | |
| "Ports": ["119.23.8.187:22", "119.23.8.187:50050"], | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "05d13d20d21d20d05c05d13d05d20dd7fc4c7c6ef19b77a4ca0787979cdc13", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 20 { | |
| "Ip": "114.215.182.44", | |
| "Ports": ["114.215.182.44:22", "114.215.182.44:8080", "114.215.182.44:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://114.215.182.44:8080/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 21 | |
| 2021 / 04 / 30 22: 43: 42 Error reading body: context deadline exceeded(Client.Timeout or context cancellation | |
| while reading body) { | |
| "Ip": "42.193.220.212", | |
| "Ports": ["42.193.220.212:22", "42.193.220.212:80", "42.193.220.212:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://42.193.220.212:80/": "200/14896" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 22 { | |
| "Ip": "121.40.124.244", | |
| "Ports": ["121.40.124.244:22", "121.40.124.244:50050"], | |
| "DefaultBeaconResponses": {}, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 23 { | |
| "Ip": "120.26.44.254", | |
| "Ports": ["120.26.44.254:22", "120.26.44.254:80", "120.26.44.254:8888", "120.26.44.254:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://120.26.44.254:80/": "200/-1", | |
| "http://120.26.44.254:8888/": "302/219" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 24 | |
| 2021 / 04 / 30 22: 43: 47 Error reading body: context deadline exceeded(Client.Timeout or context cancellation | |
| while reading body) | |
| 2021 / 04 / 30 22: 43: 48 Error reading body: context deadline exceeded(Client.Timeout or context cancellation | |
| while reading body) { | |
| "Ip": "121.5.152.196", | |
| "Ports": ["121.5.152.196:22", "121.5.152.196:8099", "121.5.152.196:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://121.5.152.196:8099/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://121.5.152.196:8099/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208973, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "121.5.152.196,/IE9CompatViewList.xml", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) LBBROWSER", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8099", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281819941a3dc4eba786cc78d93e2c560c47a4ccfea24e085ddf30149e88b951cd1df204fa7b3786bb2fd40ffd624c8d22b81ed0c19eed923d0374a3564284bc89aaae4cbfea9708497c344058dc538593c0ee15ad1f7282ea3c759e7e0fcff290c47fa2bfbc8c50fbe7d527906647090f21cbe77e7e68679c3cae5767269041a760902030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 25 | |
| 2021 / 04 / 30 22: 43: 52 Error reading body: context deadline exceeded(Client.Timeout or context cancellation | |
| while reading body) { | |
| "Ip": "212.64.69.215", | |
| "Ports": ["212.64.69.215:80", "212.64.69.215:22", "212.64.69.215:8888", "212.64.69.215:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://212.64.69.215:80/": "200/-1", | |
| "http://212.64.69.215:8888/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://212.64.69.215:8888/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208972, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "212.64.69.215,/updates.rss", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP02)", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8888", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281819855f58d5d9bc0c1f64b830d8886f4645de6534573635d50219708853863328a7d4fc6d82112ee0cec168e11a4158a6b38fa2a1d7c588e7ba01735e1793d7b86925bd492881ab56d539551c709edee487e260350d14446960861a99af5ec966cdd9b89946a25fb951dddd4788727836cae6125fab48eb7cfcd72b677f3f78e8702030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 26 { | |
| "Ip": "118.195.162.4", | |
| "Ports": ["118.195.162.4:80", "118.195.162.4:8080", "118.195.162.4:8888", "118.195.162.4:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://118.195.162.4:80/": "200/2307", | |
| "http://118.195.162.4:8080/": "200/0", | |
| "http://118.195.162.4:8888/": "404/0" | |
| }, | |
| "Jarm": "05d13d20d21d20d05c05d13d05d20dd7fc4c7c6ef19b77a4ca0787979cdc13", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://118.195.162.4:8888/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208965, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "118.195.162.4,/push", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8888", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d308189028181a70991d69d816a601ffa80976473830f0d3b41276d2790401ddedb18e2d3cab3c315e3222325be42b65adb2878f33f5a03ff5010b23e842a510c1482ad6a42f1e7e5726eb31813e7437640ed7879955f401e172c34d3517241596dd41f8e48d3d1b1c288e6c8752ff65dc27acccba4ba9cd6d0e4de6196cea4da480d3b99d0ed02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 27 { | |
| "Ip": "120.77.0.33", | |
| "Ports": ["120.77.0.33:22", "120.77.0.33:4443", "120.77.0.33:50050"], | |
| "DefaultBeaconResponses": { | |
| "https://120.77.0.33:4443/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "https://120.77.0.33:4443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208959, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "120.77.0.33,/updates.rss", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "4443", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d308189028181a233044c17d1fe42f5d4a8db339353997094110134480af0f742c3eea2575d541ad2d433e49f6a1c8bcf3d440bb64fb7adc53c019b8becf36f3f205a0d5765f3c521674f87da3fe2a20b516cfdab57f7176ee7ef38d11c74cf985869d3cd182d0543c6a0e9d96805a2d019d5f56caa809903ed05204e933ccde72d356f23ff02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "true", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 28 { | |
| "Ip": "121.4.249.122", | |
| "Ports": ["121.4.249.122:22", "121.4.249.122:80", "121.4.249.122:8888", "121.4.249.122:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://121.4.249.122:80/": "200/-1", | |
| "http://121.4.249.122:8888/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://121.4.249.122:8888/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208460, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "121.4.249.122,/visit.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)", | |
| ".watermark": "1359593325", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8888", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d308189028181a42f854ae0c3eb4e510b342f20cd1387c117871176279d7486063afc6572e3b95a855cecb0be5289dfe3a216aaa07c9c369c1503a3cfd4763e6f6a92c44934a1c633b2e962c6a488ffaa7b62d1b0d72f2fd63dd3e9446a311b70f7bee4f5df33b69c90ec2327150c8f6ae1e00168bd6252cde9f631f572f87abe570b2bc8bcf902030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 29 { | |
| "Ip": "39.102.55.191", | |
| "Ports": ["39.102.55.191:22", "39.102.55.191:80", "39.102.55.191:443", "39.102.55.191:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://39.102.55.191:80/": "200/2831", | |
| "https://39.102.55.191:443/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "https://39.102.55.191:443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 206427, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "39.102.55.191,/en_US/all.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)", | |
| ".watermark": "16777216", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "443", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "bRڮ\ufffd\ufffd\ufffd\ufffd|+/{\ufffd\ufffd\ufffd\u000e", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d30818902818181291929ef7e968c234ae372ca91aa9227a549729db4a7cd348044c30fbc30934e49afaedc69e19646f1e2dccc511c59e4ebbe839c27083711d50eed75c666396bfbe579adc632172e91ebc3704d2deb61ef9a6551f2f1777b645fd31b2ea735bbd5b164524d522a0a142526dc05ec84fec34b4a6471196df2ccc33483fbb44302030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "true", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 30 { | |
| "Ip": "39.102.38.121", | |
| "Ports": ["39.102.38.121:22", "39.102.38.121:4443", "39.102.38.121:50050"], | |
| "DefaultBeaconResponses": { | |
| "https://39.102.38.121:4443/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d58c7162162b6a603d3d90a2b76865b53", | |
| "Certificate": "Microsoft Windows", | |
| "Beacons": [{ | |
| "Uri": "https://39.102.38.121:4443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208960, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\n\u000bAccept: */*\u0010\u0014Host: www.amazon.com\u0007\u0003\u0002\u000esession-token=\u0002\u000cskin=noskin;\u0001,csm-hit=s-24KU11BB82RZSYGJ3BDK|1419899012996\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "39.102.38.121,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u000bAccept: */*\n\u0016Content-Type: text/xml\n X-Requested-With: XMLHttpRequest\u0010\u0014Host: www.amazon.com\t\nsz=160x600\t\u0011oe=oe=ISO-8859-1;\u0007\u0005\u0002sn\t\u0006s=3717\t\"dc_ref=http%3A%2F%2Fwww.amazon.com\u0007\u0001\u0003\u0004", | |
| ".http-post.uri": "/N4215/adj/amzn.us.sr.aps", | |
| ".http-post.verb": "POST", | |
| ".jitter": "25", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "5000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "4443", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281818b0739cc14aa67f2e41595ad574fd5d7137c4e17492d87ca0ab67e637eb76de09c69dfa8403d607dfb432320c41b64f7e2740b117b98224aebddab541f20359d3deefe3c95811e0ffe3b3f9d9196219d4e7f6e42513b5c96685e85bc5b3ac133faadd4afbccc3fa4098788a4f50136a86ecac030be92b204344f049b1a2502030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "true", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 31 { | |
| "Ip": "106.14.247.149", | |
| "Ports": ["106.14.247.149:1234", "106.14.247.149:22", "106.14.247.149:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://106.14.247.149:1234/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d00042d41d00041d47e4e0ae17960b2a5b4fd6107fbb0926", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://106.14.247.149:1234/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208990, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "106.14.247.149,/visit.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "1234", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281819352527b27bf73fcc92457cf8cb1894ebd1104da185d18dceb28f159d74958d0ae657a3eba6e49c44484682d30a0381298e1ab921d608b3fda43077ab46e268a1160a62d2821b7f0bba5d96c4ea08581b2bb617bf80e5389f454cef53460b5e32bbf045b5d978631f1e0aa29305fc0b4e02e786c1f888d83997c0dceb043bf02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 32 { | |
| "Ip": "218.244.154.94", | |
| "Ports": ["218.244.154.94:22", "218.244.154.94:80", "218.244.154.94:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://218.244.154.94:80/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://218.244.154.94:80/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208986, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "218.244.154.94,/ga.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "80", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281818c31cc9dc6cb716fefa48ea93b1d3073f903540ca503322a230b4377b6a09a99cb460a3626ef0816adc8ace3368d64b2288e375d0323fb5f2b281d7427501c6deaee911120b46ab768de291580c40e847518e507dfaab241be560aeb23d249aa4e86e97dd51a13df5d65c13f767cac9dadafb46e8473fe738cd173dd407f517702030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 33 { | |
| "Ip": "121.196.63.110", | |
| "Ports": ["121.196.63.110:443", "121.196.63.110:80", "121.196.63.110:22", "121.196.63.110:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://121.196.63.110:80/": "307/43", | |
| "https://121.196.63.110:443/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Outlook.live.com", | |
| "Beacons": [{ | |
| "Uri": "https://121.196.63.110:443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 210003, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "121.196.63.110,/cx", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUS)", | |
| ".watermark": "0", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "443", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d308189028181a738cde75f1fbb1c18646c377e03016b162b12ba72bdf7dc36b4cd2e4e9bae12205a95c26170bf908105ad7fa4bbccfa798632261bed9870f975f20794e1fe499523d71f08a56cae0315bfde3d6c8a16386b03b7a6551aa1336d50325a35db27d78ad8fd13b6a73b9fb7c3fb4d7a088e323f07618656ecd83595fa5f82361302030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "true", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 34 { | |
| "Ip": "121.40.52.156", | |
| "Ports": ["121.40.52.156:80", "121.40.52.156:8080", "121.40.52.156:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://121.40.52.156:80/": "200/2307", | |
| "https://121.40.52.156:8080/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": null | |
| } | |
| 35 { | |
| "Ip": "49.235.198.76", | |
| "Ports": ["49.235.198.76:80", "49.235.198.76:22", "49.235.198.76:8443", "49.235.198.76:8099", "49.235.198.76:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://49.235.198.76:80/": "200/-1", | |
| "http://49.235.198.76:8099/": "404/0", | |
| "http://49.235.198.76:8443/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://49.235.198.76:8443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208975, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "106.75.162.166,/dot.gif", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP02)", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8443", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d308189028181a0e06736bee6b9911102876dc2ed9f19a1a9425f1f45f95f9bd2f5df1738c8f6e01fa7ab8204c0160960e5865436db8591823508d9fb9b99467a1da2246d1c9398acdc74cac51b4f94d13d2880ab9145ebd14e4a23dc3d27b5ca3b80972bcecd03e022987a9bcb6887583060ca5008a6c730d011a3da0dbee328be378832e85902030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }, { | |
| "Uri": "http://49.235.198.76:8099/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208958, | |
| "BeaconConfig": { | |
| ".cryptoscheme": "0", | |
| ".dns_idle": "0", | |
| ".dns_sleep ": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "49.235.198.76,/__utm.gif", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".maxdns": "255", | |
| ".pipename": "", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", | |
| ".watermark": "305419896", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8099", | |
| "process-inject-allocation-method": "0", | |
| "process-inject-execute": "\u0001\u0002\u0003\u0004", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-stub": "\ufffdl\ufffd8d\ufffd\ufffd\ufffdL\u0010\u0008\u003c\ufffdW\ufffd\n", | |
| "process-inject-transform-x64": "", | |
| "process-inject-transform-x86": "", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d308189028181a0e06736bee6b9911102876dc2ed9f19a1a9425f1f45f95f9bd2f5df1738c8f6e01fa7ab8204c0160960e5865436db8591823508d9fb9b99467a1da2246d1c9398acdc74cac51b4f94d13d2880ab9145ebd14e4a23dc3d27b5ca3b80972bcecd03e022987a9bcb6887583060ca5008a6c730d011a3da0dbee328be378832e85902030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 36 { | |
| "Ip": "120.92.139.155", | |
| "Ports": ["120.92.139.155:80", "120.92.139.155:443", "120.92.139.155:22", "120.92.139.155:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://120.92.139.155:80/": "404/0", | |
| "https://120.92.139.155:443/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://120.92.139.155:80/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208465, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "120.92.139.155,/en_US/all.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)", | |
| ".watermark": "1359593325", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "80", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d308189028181981da74db5c4bbc2342370f4096ac1d17989f8af272d8269c4031f6bf42c1631a476b6e85f6ec0262ec7cae20857091cb74d09615e0151a5266a81a423bb03d82cf74d2ec2e71f9dace4272f2b6b8123aacedd57628883fef6a2481a29262cecd8e22609c0b13e79593cb2056fd687c2269ad6c36d05eb04c208abd7e8f7cc5702030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }, { | |
| "Uri": "https://120.92.139.155:443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208464, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "120.92.139.155,/match", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)", | |
| ".watermark": "1359593325", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "443", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d308189028181981da74db5c4bbc2342370f4096ac1d17989f8af272d8269c4031f6bf42c1631a476b6e85f6ec0262ec7cae20857091cb74d09615e0151a5266a81a423bb03d82cf74d2ec2e71f9dace4272f2b6b8123aacedd57628883fef6a2481a29262cecd8e22609c0b13e79593cb2056fd687c2269ad6c36d05eb04c208abd7e8f7cc5702030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "true", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 37 { | |
| "Ip": "106.52.181.247", | |
| "Ports": ["106.52.181.247:22", "106.52.181.247:443", "106.52.181.247:80", "106.52.181.247:8080", "106.52.181.247:50050"], | |
| "DefaultBeaconResponses": { | |
| "http://106.52.181.247:80/": "404/0", | |
| "http://106.52.181.247:8080/": "404/0", | |
| "https://106.52.181.247:443/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "https://106.52.181.247:443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208450, | |
| "BeaconConfig": { | |
| "": "\u0004", ".cryptoscheme": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "106.52.181.247,/match", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", | |
| ".watermark": "1359593325", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "443", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d30818902818185a43bfb07802692a61de6590a62f0d64f44f9394252f0ff0de802d3b6f4dbe6e4d813e68c3435d867ee665baf48b6292a4a9d634b0316f24b74a39050e819f465f5a995699b55d701e80dd8969c9afd34a838ff04b99c1bdd17511286dd087c2051358523e8f390435a471d36c0f9f7fd6992b7d0dd058c46afe15b3a36f3ef02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "true", | |
| "text_section": "0" | |
| } | |
| }, { | |
| "Uri": "http://106.52.181.247:8080/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208446, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\u0007\u0003\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004", | |
| ".http-get.uri": "106.52.181.247,/cx", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\n\u0026Content-Type: application/octet-stream\u0007\u0005\u0002id\u0007\u0001\u0004", | |
| ".http-post.uri": "/submit.php", | |
| ".http-post.verb": "POST", | |
| ".jitter": "0", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "0", | |
| ".user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)", | |
| ".watermark": "1359593325", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8080", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d30818902818185a43bfb07802692a61de6590a62f0d64f44f9394252f0ff0de802d3b6f4dbe6e4d813e68c3435d867ee665baf48b6292a4a9d634b0316f24b74a39050e819f465f5a995699b55d701e80dd8969c9afd34a838ff04b99c1bdd17511286dd087c2051358523e8f390435a471d36c0f9f7fd6992b7d0dd058c46afe15b3a36f3ef02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 38 { | |
| "Ip": "81.71.25.190", | |
| "Ports": ["81.71.25.190:22", "81.71.25.190:8443", "81.71.25.190:8080", "81.71.25.190:8081", "81.71.25.190:8082", "81.71.25.190:50050", "81.71.25.190:9443"], | |
| "DefaultBeaconResponses": { | |
| "http://81.71.25.190:8080/": "404/0", | |
| "http://81.71.25.190:8081/": "404/0", | |
| "http://81.71.25.190:8082/": "404/0", | |
| "http://81.71.25.190:8443/": "404/0", | |
| "https://81.71.25.190:9443/": "404/0" | |
| }, | |
| "Jarm": "07d14d16d21d21d07c07d14d07d21d9b2f5869a6985368a9dec764186a9175", | |
| "Certificate": "Major Cobalt Strike", | |
| "Beacons": [{ | |
| "Uri": "http://81.71.25.190:8443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208466, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\r\u0002\t__cfduid=\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004\u0001\u0005\ufffd\u0002T\u0002\u000f[\r\u000f", | |
| ".http-get.uri": "81.71.25.190,/jquery-3.3.1.min.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\u000f\r\u0005\u0008__cfduid\u0007\u0001\u000f\r\u0004", | |
| ".http-post.uri": "/jquery-3.3.2.min.js", | |
| ".http-post.verb": "POST", | |
| ".jitter": "37", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "1", | |
| ".user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko", | |
| ".watermark": "16777216", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8443", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281818d4227034fc251b7f8d0515bb5b2576145d02bba1bf38391e1c64a8081d55d6c4593b0b640dcc015abae85801ca9dc51adeae2b30be75deb410808d377f550364256303ef19cb989980b3e99f57b023ad327a686d7c9d2ac5ed4bfc5a2d327aec0bbd5410362a6b4fd3161035662bb1609b4498da42b27a306faac53c00288fb02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }, { | |
| "Uri": "http://81.71.25.190:8081/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208484, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\r\u0002\t__cfduid=\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004\u0001\u0005\ufffd\u0002T\u0002\u000f[\r\u000f", | |
| ".http-get.uri": "81.71.25.190,/jquery-3.3.1.min.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\u000f\r\u0005\u0008__cfduid\u0007\u0001\u000f\r\u0004", | |
| ".http-post.uri": "/jquery-3.3.2.min.js", | |
| ".http-post.verb": "POST", | |
| ".jitter": "37", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "1", | |
| ".user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko", | |
| ".watermark": "16777216", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8081", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281818d4227034fc251b7f8d0515bb5b2576145d02bba1bf38391e1c64a8081d55d6c4593b0b640dcc015abae85801ca9dc51adeae2b30be75deb410808d377f550364256303ef19cb989980b3e99f57b023ad327a686d7c9d2ac5ed4bfc5a2d327aec0bbd5410362a6b4fd3161035662bb1609b4498da42b27a306faac53c00288fb02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }, { | |
| "Uri": "http://81.71.25.190:8082/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208469, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\r\u0002\t__cfduid=\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004\u0001\u0005\ufffd\u0002T\u0002\u000f[\r\u000f", | |
| ".http-get.uri": "81.71.25.190,/jquery-3.3.1.min.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\u000f\r\u0005\u0008__cfduid\u0007\u0001\u000f\r\u0004", | |
| ".http-post.uri": "/jquery-3.3.2.min.js", | |
| ".http-post.verb": "POST", | |
| ".jitter": "37", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "1", | |
| ".user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko", | |
| ".watermark": "16777216", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "8082", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281818d4227034fc251b7f8d0515bb5b2576145d02bba1bf38391e1c64a8081d55d6c4593b0b640dcc015abae85801ca9dc51adeae2b30be75deb410808d377f550364256303ef19cb989980b3e99f57b023ad327a686d7c9d2ac5ed4bfc5a2d327aec0bbd5410362a6b4fd3161035662bb1609b4498da42b27a306faac53c00288fb02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "false", | |
| "text_section": "0" | |
| } | |
| }, { | |
| "Uri": "https://81.71.25.190:9443/aaa9", | |
| "Body": "", | |
| "StatusCode": 200, | |
| "ContentLength": 208460, | |
| "BeaconConfig": { | |
| "": "\u0004", | |
| ".cryptoscheme": "0", | |
| ".http-get.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\r\u0002\t__cfduid=\u0006\u0006Cookie", | |
| ".http-get.server.output": "\u0004\u0001\u0005\ufffd\u0002T\u0002\u000f[\r\u000f", | |
| ".http-get.uri": "81.71.25.190,/jquery-3.3.1.min.js", | |
| ".http-get.verb": "GET", | |
| ".http-post.client": "\nGAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u0010\u0015Host: code.jquery.com\n Referer: http://code.jquery.com/\n\u001eAccept-Encoding: gzip, deflate\u0007\u000f\r\u0005\u0008__cfduid\u0007\u0001\u000f\r\u0004", | |
| ".http-post.uri": "/jquery-3.3.2.min.js", | |
| ".http-post.verb": "POST", | |
| ".jitter": "37", | |
| ".post-ex.spawnto_x64": "%windir%\\sysnative\\rundll32.exe", | |
| ".post-ex.spawnto_x86": "%windir%\\syswow64\\rundll32.exe", | |
| ".proxy_type": "2", | |
| ".sleeptime": "60000", | |
| ".spawto": "", | |
| ".stage.cleanup": "1", | |
| ".user-agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko", | |
| ".watermark": "16777216", | |
| "CFGCaution": "0", | |
| "cookieBeacon": "1", | |
| "dns": "false", | |
| "funk": "0", | |
| "host_header": "", | |
| "killdate": "0", | |
| "port": "9443", | |
| "process-inject-min_alloc": "0", | |
| "process-inject-start-rwx": "64", | |
| "process-inject-use-rwx": "64", | |
| "publickey": "30819f300d06092a864886f70d0101010503818d3081890281818d4227034fc251b7f8d0515bb5b2576145d02bba1bf38391e1c64a8081d55d6c4593b0b640dcc015abae85801ca9dc51adeae2b30be75deb410808d377f550364256303ef19cb989980b3e99f57b023ad327a686d7c9d2ac5ed4bfc5a2d327aec0bbd5410362a6b4fd3161035662bb1609b4498da42b27a306faac53c00288fb02030101", | |
| "shouldChunkPosts": "0", | |
| "ssl": "true", | |
| "text_section": "0" | |
| } | |
| }] | |
| } | |
| 39 | |
| Time: 1 m8 .717329036 s |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment