Last active
April 5, 2021 10:36
-
-
Save MichaelKoczwara/8c5c50345ff8f673054dcd694c348c24 to your computer and use it in GitHub Desktop.
Cobalt Strike servers 160.124.162.128 - 160.124.162.158
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Cobalt Strike servers: | |
| 160.124.162.128 | |
| 160.124.162.129 | |
| 160.124.162.130 | |
| 160.124.162.131 | |
| 160.124.162.132 | |
| 160.124.162.133 | |
| 160.124.162.134 | |
| 160.124.162.135 | |
| 160.124.162.136 | |
| 160.124.162.137 | |
| 160.124.162.138 | |
| 160.124.162.139 | |
| 160.124.162.140 | |
| 160.124.162.141 | |
| 160.124.162.142 | |
| 160.124.162.143 | |
| 160.124.162.144 | |
| 160.124.162.145 | |
| 160.124.162.146 | |
| 160.124.162.147 | |
| 160.124.162.148 | |
| 160.124.162.149 | |
| 160.124.162.150 | |
| 160.124.162.151 | |
| 160.124.162.152 | |
| 160.124.162.153 | |
| 160.124.162.154 | |
| 160.124.162.155 | |
| 160.124.162.156 | |
| 160.124.162.157 | |
| 160.124.162.158 | |
| -------------------------------------- | |
| All hosted on Posix Systems (Pty) Ltd | |
| -------------------------------------- | |
| c2 | |
| 103.55.128.118,\/ptj | |
| ---------------------- | |
| beacons | |
| 160.124.162.128 | |
| {"x64": {"config": {"DNS Sleep": 0, "Method 2": "POST", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Pipe Name": "", "HTTP Method Path 2": "\/submit.php", "Polling": 60000, "Header 1": "", "Method 1": "GET", "Max DNS": 255, "C2 Server": "103.55.128.118,\/ptj", "Jitter": 0, "Port": 443, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "DNS Idle": "0.0.0.0", "Header 2": "", "Beacon Type": "0 (HTTP)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe"}, "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "time": 1617377614315.3}, "x86": {"config": {"DNS Sleep": 0, "Method 2": "POST", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Pipe Name": "", "HTTP Method Path 2": "\/submit.php", "Polling": 60000, "Header 1": "", "Method 1": "GET", "Max DNS": 255, "C2 Server": "103.55.128.118,\/ga.js", "Jitter": 0, "Port": 443, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "DNS Idle": "0.0.0.0", "Header 2": "", "Beacon Type": "0 (HTTP)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe"}, "md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "time": 1617377610638.1}} | |
| 160.124.162.129 | |
| {"x86": {"sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e", "time": 1617377676936.4, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"HTTP Method Path 2": "\/submit.php", "Header 1": "", "Polling": 60000, "DNS Idle": "0.0.0.0", "Port": 443, "C2 Server": "103.55.128.118,\/ga.js", "Max DNS": 255, "Header 2": "", "Method 1": "GET", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Jitter": 0, "Beacon Type": "0 (HTTP)", "DNS Sleep": 0, "Pipe Name": "", "Method 2": "POST", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)"}}, "x64": {"sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716", "time": 1617377680423.1, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"HTTP Method Path 2": "\/submit.php", "Header 1": "", "Polling": 60000, "DNS Idle": "0.0.0.0", "Port": 443, "C2 Server": "103.55.128.118,\/ptj", "Max DNS": 255, "Header 2": "", "Method 1": "GET", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Jitter": 0, "Beacon Type": "0 (HTTP)", "DNS Sleep": 0, "Pipe Name": "", "Method 2": "POST", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}}} | |
| 160.124.162.130 | |
| {"x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Method 2": "POST", "Max DNS": 255, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Header 1": "", "Pipe Name": "", "HTTP Method Path 2": "\/submit.php", "Jitter": 0, "Polling": 60000, "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ptj", "Method 1": "GET", "Header 2": "", "Beacon Type": "0 (HTTP)", "DNS Idle": "0.0.0.0", "Port": 443, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe"}, "time": 1617349151652.5, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716"}, "x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Method 2": "POST", "Max DNS": 255, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Header 1": "", "Pipe Name": "", "HTTP Method Path 2": "\/submit.php", "Jitter": 0, "Polling": 60000, "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ga.js", "Method 1": "GET", "Header 2": "", "Beacon Type": "0 (HTTP)", "DNS Idle": "0.0.0.0", "Port": 443, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe"}, "time": 1617349148000.5, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e"}} | |
| 160.124.162.131 | |
| {"x86": {"time": 1617349275490.9, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"HTTP Method Path 2": "\/submit.php", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "Method 1": "GET", "Port": 443, "Polling": 60000, "Max DNS": 255, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 2": "POST", "Pipe Name": "", "Beacon Type": "0 (HTTP)", "DNS Sleep": 0, "Header 1": "", "Header 2": "", "C2 Server": "103.55.128.118,\/ga.js", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Jitter": 0}, "md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}, "x64": {"time": 1617349279586.1, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"HTTP Method Path 2": "\/submit.php", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "Method 1": "GET", "Port": 443, "Polling": 60000, "Max DNS": 255, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 2": "POST", "Pipe Name": "", "Beacon Type": "0 (HTTP)", "DNS Sleep": 0, "Header 1": "", "Header 2": "", "C2 Server": "103.55.128.118,\/ptj", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Jitter": 0}, "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}} | |
| 160.124.162.132 | |
| {"x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ga.js", "Beacon Type": "0 (HTTP)", "Port": 443, "Method 1": "GET", "Header 1": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "DNS Idle": "0.0.0.0", "Jitter": 0, "Polling": 60000, "Max DNS": 255, "Pipe Name": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Method 2": "POST", "Header 2": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe"}, "md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "time": 1617349375882.3}, "x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ptj", "Beacon Type": "0 (HTTP)", "Port": 443, "Method 1": "GET", "Header 1": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "DNS Idle": "0.0.0.0", "Jitter": 0, "Polling": 60000, "Max DNS": 255, "Pipe Name": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Method 2": "POST", "Header 2": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe"}, "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "time": 1617349380011.0}} | |
| 160.124.162.133 | |
| {"x64": {"time": 1617349436756.2, "md5": "1b53f921f14712f2fbda5ce11aa12716", "config": {"Method 1": "GET", "DNS Idle": "0.0.0.0", "Polling": 60000, "Port": 443, "Jitter": 0, "Header 1": "", "Method 2": "POST", "C2 Server": "103.55.128.118,\/ptj", "DNS Sleep": 0, "Beacon Type": "0 (HTTP)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "HTTP Method Path 2": "\/submit.php", "Header 2": "", "Pipe Name": "", "Max DNS": 255}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}, "x86": {"time": 1617349432737.2, "md5": "35d1c3a7654146f572470d929772057e", "config": {"Method 1": "GET", "DNS Idle": "0.0.0.0", "Polling": 60000, "Port": 443, "Jitter": 0, "Header 1": "", "Method 2": "POST", "C2 Server": "103.55.128.118,\/ga.js", "DNS Sleep": 0, "Beacon Type": "0 (HTTP)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "HTTP Method Path 2": "\/submit.php", "Header 2": "", "Pipe Name": "", "Max DNS": 255}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}} | |
| 160.124.162.134 | |
| {"x64": {"sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ptj", "Polling": 60000, "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "Method 1": "GET", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Header 1": "", "Max DNS": 255, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Sleep": 0, "Pipe Name": "", "Port": 443, "Jitter": 0, "DNS Idle": "0.0.0.0", "Header 2": ""}, "time": 1617349500844.6}, "x86": {"sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ga.js", "Polling": 60000, "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "Method 1": "GET", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Header 1": "", "Max DNS": 255, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Sleep": 0, "Pipe Name": "", "Port": 443, "Jitter": 0, "DNS Idle": "0.0.0.0", "Header 2": ""}, "time": 1617349497031.9}} | |
| 160.124.162.135 | |
| {"x64": {"sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "config": {"User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Header 2": "", "Method 1": "GET", "DNS Idle": "0.0.0.0", "C2 Server": "103.55.128.118,\/ptj", "Beacon Type": "0 (HTTP)", "Pipe Name": "", "Method 2": "POST", "Jitter": 0, "HTTP Method Path 2": "\/submit.php", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Polling": 60000, "Header 1": "", "Max DNS": 255, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Port": 443, "DNS Sleep": 0}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "time": 1617349552161.3, "md5": "1b53f921f14712f2fbda5ce11aa12716"}, "x86": {"sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "config": {"User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Header 2": "", "Method 1": "GET", "DNS Idle": "0.0.0.0", "C2 Server": "103.55.128.118,\/ga.js", "Beacon Type": "0 (HTTP)", "Pipe Name": "", "Method 2": "POST", "Jitter": 0, "HTTP Method Path 2": "\/submit.php", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Polling": 60000, "Header 1": "", "Max DNS": 255, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Port": 443, "DNS Sleep": 0}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "time": 1617349548161.5, "md5": "35d1c3a7654146f572470d929772057e"}} | |
| 160.124.162.136 | |
| {"x64": {"time": 1617349621924.1, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Polling": 60000, "Header 2": "", "Beacon Type": "0 (HTTP)", "Header 1": "", "Pipe Name": "", "Port": 443, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "C2 Server": "103.55.128.118,\/ptj", "Method 1": "GET", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "DNS Sleep": 0, "Jitter": 0, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Max DNS": 255, "DNS Idle": "0.0.0.0"}}, "x86": {"time": 1617349618607.0, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Polling": 60000, "Header 2": "", "Beacon Type": "0 (HTTP)", "Header 1": "", "Pipe Name": "", "Port": 443, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "C2 Server": "103.55.128.118,\/ga.js", "Method 1": "GET", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "DNS Sleep": 0, "Jitter": 0, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Max DNS": 255, "DNS Idle": "0.0.0.0"}}} | |
| 160.124.162.137 | |
| {"x64": {"time": 1617349678980.9, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "config": {"Jitter": 0, "DNS Idle": "0.0.0.0", "Beacon Type": "0 (HTTP)", "DNS Sleep": 0, "Max DNS": 255, "Header 2": "", "Polling": 60000, "Pipe Name": "", "Port": 443, "Method 2": "POST", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 1": "GET", "C2 Server": "103.55.128.118,\/ptj", "HTTP Method Path 2": "\/submit.php", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Header 1": ""}, "md5": "1b53f921f14712f2fbda5ce11aa12716"}, "x86": {"time": 1617349675380.3, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "config": {"Jitter": 0, "DNS Idle": "0.0.0.0", "Beacon Type": "0 (HTTP)", "DNS Sleep": 0, "Max DNS": 255, "Header 2": "", "Polling": 60000, "Pipe Name": "", "Port": 443, "Method 2": "POST", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 1": "GET", "C2 Server": "103.55.128.118,\/ga.js", "HTTP Method Path 2": "\/submit.php", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Header 1": ""}, "md5": "35d1c3a7654146f572470d929772057e"}} | |
| 160.124.162.138 | |
| {"x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "config": {"Header 1": "", "Beacon Type": "0 (HTTP)", "Max DNS": 255, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "103.55.128.118,\/ptj", "HTTP Method Path 2": "\/submit.php", "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Jitter": 0, "DNS Sleep": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 2": "POST", "Polling": 60000, "Pipe Name": "", "Method 1": "GET", "Port": 443, "Header 2": ""}, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "time": 1617349732449.4, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8"}, "x86": {"md5": "35d1c3a7654146f572470d929772057e", "config": {"Header 1": "", "Beacon Type": "0 (HTTP)", "Max DNS": 255, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "103.55.128.118,\/ga.js", "HTTP Method Path 2": "\/submit.php", "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Jitter": 0, "DNS Sleep": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 2": "POST", "Polling": 60000, "Pipe Name": "", "Method 1": "GET", "Port": 443, "Header 2": ""}, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "time": 1617349729075.8, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35"}} | |
| 160.124.162.139 | |
| {"x86": {"time": 1617349809947.0, "md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "config": {"Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Jitter": 0, "Header 2": "", "Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ga.js", "Method 1": "GET", "Max DNS": 255, "HTTP Method Path 2": "\/submit.php", "Header 1": "", "DNS Sleep": 0, "Port": 443, "Pipe Name": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Polling": 60000, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 2": "POST", "DNS Idle": "0.0.0.0"}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35"}, "x64": {"time": 1617349816446.6, "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "config": {"Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Jitter": 0, "Header 2": "", "Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ptj", "Method 1": "GET", "Max DNS": 255, "HTTP Method Path 2": "\/submit.php", "Header 1": "", "DNS Sleep": 0, "Port": 443, "Pipe Name": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Polling": 60000, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 2": "POST", "DNS Idle": "0.0.0.0"}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8"}} | |
| 160.124.162.140 | |
| {"x86": {"sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "config": {"Header 2": "", "HTTP Method Path 2": "\/submit.php", "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ga.js", "Header 1": "", "Pipe Name": "", "Jitter": 0, "DNS Sleep": 0, "Max DNS": 255, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 1": "GET", "Polling": 60000, "Port": 443, "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)"}, "time": 1617349871357.5, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "md5": "35d1c3a7654146f572470d929772057e"}, "x64": {"sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "config": {"Header 2": "", "HTTP Method Path 2": "\/submit.php", "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ptj", "Header 1": "", "Pipe Name": "", "Jitter": 0, "DNS Sleep": 0, "Max DNS": 255, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 1": "GET", "Polling": 60000, "Port": 443, "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}, "time": 1617349874727.7, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "md5": "1b53f921f14712f2fbda5ce11aa12716"}} | |
| 160.124.162.141 | |
| {"x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "md5": "1b53f921f14712f2fbda5ce11aa12716", "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "HTTP Method Path 2": "\/submit.php", "Max DNS": 255, "Port": 443, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "103.55.128.118,\/ptj", "Pipe Name": "", "Polling": 60000, "Method 2": "POST", "Header 2": "", "Method 1": "GET", "DNS Sleep": 0, "Header 1": "", "Jitter": 0, "Beacon Type": "0 (HTTP)"}, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "time": 1617349930881.1}, "x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "md5": "35d1c3a7654146f572470d929772057e", "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "HTTP Method Path 2": "\/submit.php", "Max DNS": 255, "Port": 443, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "103.55.128.118,\/ga.js", "Pipe Name": "", "Polling": 60000, "Method 2": "POST", "Header 2": "", "Method 1": "GET", "DNS Sleep": 0, "Header 1": "", "Jitter": 0, "Beacon Type": "0 (HTTP)"}, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "time": 1617349927263.1}} | |
| 160.124.162.142 | |
| "x64": {"config": {"Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "DNS Idle": "0.0.0.0", "DNS Sleep": 0, "Jitter": 0, "Pipe Name": "", "Max DNS": 255, "Method 2": "POST", "C2 Server": "103.55.128.118,\/ptj", "Header 1": "", "Beacon Type": "0 (HTTP)", "Port": 443, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "HTTP Method Path 2": "\/submit.php", "Method 1": "GET", "Polling": 60000, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Header 2": ""}, "time": 1617349988019.0, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8"}, "x86": {"config": {"Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "DNS Idle": "0.0.0.0", "DNS Sleep": 0, "Jitter": 0, "Pipe Name": "", "Max DNS": 255, "Method 2": "POST", "C2 Server": "103.55.128.118,\/ga.js", "Header 1": "", "Beacon Type": "0 (HTTP)", "Port": 443, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "HTTP Method Path 2": "\/submit.php", "Method 1": "GET", "Polling": 60000, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Header 2": ""}, "time": 1617349983548.2, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35"}} | |
| 160.124.162.143 | |
| {"x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716", "config": {"Method 2": "POST", "DNS Idle": "0.0.0.0", "HTTP Method Path 2": "\/submit.php", "Polling": 60000, "Header 1": "", "C2 Server": "103.55.128.118,\/ptj", "Jitter": 0, "Method 1": "GET", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Pipe Name": "", "Port": 443, "Header 2": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Max DNS": 255, "DNS Sleep": 0, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Beacon Type": "0 (HTTP)"}, "time": 1617350041536.6}, "x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e", "config": {"Method 2": "POST", "DNS Idle": "0.0.0.0", "HTTP Method Path 2": "\/submit.php", "Polling": 60000, "Header 1": "", "C2 Server": "103.55.128.118,\/ga.js", "Jitter": 0, "Method 1": "GET", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Pipe Name": "", "Port": 443, "Header 2": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Max DNS": 255, "DNS Sleep": 0, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Beacon Type": "0 (HTTP)"}, "time": 1617350037948.3}} | |
| 160.124.162.144 | |
| {"x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Port": 443, "Pipe Name": "", "Header 2": "", "Max DNS": 255, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Jitter": 0, "Method 1": "GET", "Method 2": "POST", "Polling": 60000, "Beacon Type": "0 (HTTP)", "DNS Sleep": 0, "DNS Idle": "0.0.0.0", "C2 Server": "103.55.128.118,\/ga.js", "Header 1": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe"}, "time": 1617350091726.7, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e"}, "x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Port": 443, "Pipe Name": "", "Header 2": "", "Max DNS": 255, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Jitter": 0, "Method 1": "GET", "Method 2": "POST", "Polling": 60000, "Beacon Type": "0 (HTTP)", "DNS Sleep": 0, "DNS Idle": "0.0.0.0", "C2 Server": "103.55.128.118,\/ptj", "Header 1": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe"}, "time": 1617350096429.7, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716"}} | |
| 160.124.162.145 | |
| {"x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "md5": "1b53f921f14712f2fbda5ce11aa12716", "time": 1617350154520.7, "config": {"Header 2": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Pipe Name": "", "Max DNS": 255, "Method 1": "GET", "Port": 443, "Method 2": "POST", "Header 1": "", "Jitter": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "0 (HTTP)", "Polling": 60000, "DNS Sleep": 0, "DNS Idle": "0.0.0.0", "C2 Server": "103.55.128.118,\/ptj"}, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}, "x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "md5": "35d1c3a7654146f572470d929772057e", "time": 1617350150446.7, "config": {"Header 2": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Pipe Name": "", "Max DNS": 255, "Method 1": "GET", "Port": 443, "Method 2": "POST", "Header 1": "", "Jitter": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "0 (HTTP)", "Polling": 60000, "DNS Sleep": 0, "DNS Idle": "0.0.0.0", "C2 Server": "103.55.128.118,\/ga.js"}, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}} | |
| 160.124.162.146 | |
| {"x86": {"md5": "35d1c3a7654146f572470d929772057e", "time": 1617350258105.8, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "config": {"HTTP Method Path 2": "\/submit.php", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Pipe Name": "", "Beacon Type": "0 (HTTP)", "Port": 443, "Max DNS": 255, "Method 2": "POST", "Jitter": 0, "C2 Server": "103.55.128.118,\/ga.js", "Header 2": "", "Method 1": "GET", "Header 1": "", "Polling": 60000, "DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0"}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35"}, "x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "time": 1617350261876.3, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "config": {"HTTP Method Path 2": "\/submit.php", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Pipe Name": "", "Beacon Type": "0 (HTTP)", "Port": 443, "Max DNS": 255, "Method 2": "POST", "Jitter": 0, "C2 Server": "103.55.128.118,\/ptj", "Header 2": "", "Method 1": "GET", "Header 1": "", "Polling": 60000, "DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0"}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8"}} | |
| 160.124.162.147 | |
| {"x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "time": 1617350313087.0, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Method 2": "POST", "Method 1": "GET", "DNS Idle": "0.0.0.0", "Pipe Name": "", "Port": 443, "DNS Sleep": 0, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Max DNS": 255, "C2 Server": "103.55.128.118,\/ptj", "Polling": 60000, "Header 1": "", "Beacon Type": "0 (HTTP)", "HTTP Method Path 2": "\/submit.php", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 2": "", "Jitter": 0}}, "x86": {"md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "time": 1617350309176.4, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Method 2": "POST", "Method 1": "GET", "DNS Idle": "0.0.0.0", "Pipe Name": "", "Port": 443, "DNS Sleep": 0, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Max DNS": 255, "C2 Server": "103.55.128.118,\/ga.js", "Polling": 60000, "Header 1": "", "Beacon Type": "0 (HTTP)", "HTTP Method Path 2": "\/submit.php", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 2": "", "Jitter": 0}}} | |
| 160.124.162.148 | |
| {"x64": {"time": 1617350400040.9, "config": {"C2 Server": "103.55.128.118,\/ptj", "Max DNS": 255, "Method 2": "POST", "Jitter": 0, "Polling": 60000, "Header 2": "", "HTTP Method Path 2": "\/submit.php", "DNS Sleep": 0, "Port": 443, "Pipe Name": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 1": "", "Method 1": "GET", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "Beacon Type": "0 (HTTP)"}, "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}, "x86": {"time": 1617350396544.9, "config": {"C2 Server": "103.55.128.118,\/ga.js", "Max DNS": 255, "Method 2": "POST", "Jitter": 0, "Polling": 60000, "Header 2": "", "HTTP Method Path 2": "\/submit.php", "DNS Sleep": 0, "Port": 443, "Pipe Name": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 1": "", "Method 1": "GET", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "Beacon Type": "0 (HTTP)"}, "md5": "35d1c3a7654146f572470d929772057e", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}} | |
| 160.124.162.149 | |
| {"x64": {"sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716", "time": 1617350456911.5, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Beacon Type": "0 (HTTP)", "Max DNS": 255, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "HTTP Method Path 2": "\/submit.php", "C2 Server": "103.55.128.118,\/ptj", "Header 2": "", "Jitter": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 1": "GET", "DNS Sleep": 0, "Polling": 60000, "Header 1": "", "Port": 443, "DNS Idle": "0.0.0.0", "Pipe Name": ""}}, "x86": {"sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e", "time": 1617350452470.2, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Beacon Type": "0 (HTTP)", "Max DNS": 255, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "HTTP Method Path 2": "\/submit.php", "C2 Server": "103.55.128.118,\/ga.js", "Header 2": "", "Jitter": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 1": "GET", "DNS Sleep": 0, "Polling": 60000, "Header 1": "", "Port": 443, "DNS Idle": "0.0.0.0", "Pipe Name": ""}}} | |
| 160.124.162.150 | |
| {"x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "time": 1617350506808.7, "config": {"Jitter": 0, "Method 2": "POST", "Header 2": "", "Port": 443, "Header 1": "", "Max DNS": 255, "DNS Sleep": 0, "Pipe Name": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "C2 Server": "103.55.128.118,\/ptj", "Method 1": "GET", "Beacon Type": "0 (HTTP)", "DNS Idle": "0.0.0.0", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Polling": 60000, "HTTP Method Path 2": "\/submit.php"}, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}, "x86": {"md5": "35d1c3a7654146f572470d929772057e", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "time": 1617350501968.8, "config": {"Jitter": 0, "Method 2": "POST", "Header 2": "", "Port": 443, "Header 1": "", "Max DNS": 255, "DNS Sleep": 0, "Pipe Name": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "C2 Server": "103.55.128.118,\/ga.js", "Method 1": "GET", "Beacon Type": "0 (HTTP)", "DNS Idle": "0.0.0.0", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Polling": 60000, "HTTP Method Path 2": "\/submit.php"}, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}} | |
| 160.124.162.151 | |
| {"x64": {"config": {"Port": 443, "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "Pipe Name": "", "Header 2": "", "DNS Idle": "0.0.0.0", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 1": "GET", "Max DNS": 255, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Jitter": 0, "Polling": 60000, "Beacon Type": "0 (HTTP)", "Header 1": "", "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ptj", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe"}, "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "time": 1617350562465.2}, "x86": {"config": {"Port": 443, "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "Pipe Name": "", "Header 2": "", "DNS Idle": "0.0.0.0", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 1": "GET", "Max DNS": 255, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Jitter": 0, "Polling": 60000, "Beacon Type": "0 (HTTP)", "Header 1": "", "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ga.js", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe"}, "md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "time": 1617350558866.9}} | |
| 160.124.162.152 | |
| {"x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "Pipe Name": "", "Beacon Type": "0 (HTTP)", "DNS Idle": "0.0.0.0", "Method 1": "GET", "Header 2": "", "Jitter": 0, "Port": 443, "Max DNS": 255, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Header 1": "", "Polling": 60000, "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ga.js", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe"}, "time": 1617350618308.9, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e"}, "x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "Pipe Name": "", "Beacon Type": "0 (HTTP)", "DNS Idle": "0.0.0.0", "Method 1": "GET", "Header 2": "", "Jitter": 0, "Port": 443, "Max DNS": 255, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Header 1": "", "Polling": 60000, "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ptj", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe"}, "time": 1617350621576.1, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716"}} | |
| 160.124.162.153 | |
| {"x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "config": {"Beacon Type": "0 (HTTP)", "Header 2": "", "Max DNS": 255, "Pipe Name": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Port": 443, "Method 2": "POST", "Polling": 60000, "C2 Server": "103.55.128.118,\/ptj", "Method 1": "GET", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Header 1": "", "DNS Sleep": 0, "HTTP Method Path 2": "\/submit.php", "DNS Idle": "0.0.0.0", "Jitter": 0}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "time": 1617350668019.3, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}, "x86": {"md5": "35d1c3a7654146f572470d929772057e", "config": {"Beacon Type": "0 (HTTP)", "Header 2": "", "Max DNS": 255, "Pipe Name": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Port": 443, "Method 2": "POST", "Polling": 60000, "C2 Server": "103.55.128.118,\/ga.js", "Method 1": "GET", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Header 1": "", "DNS Sleep": 0, "HTTP Method Path 2": "\/submit.php", "DNS Idle": "0.0.0.0", "Jitter": 0}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "time": 1617350664601.3, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}} | |
| 160.124.162.154 | |
| {"x86": {"sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e", "time": 1617350728007.8, "config": {"Beacon Type": "0 (HTTP)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "DNS Sleep": 0, "Max DNS": 255, "Method 1": "GET", "Polling": 60000, "C2 Server": "103.55.128.118,\/ga.js", "Method 2": "POST", "DNS Idle": "0.0.0.0", "Jitter": 0, "Header 2": "", "Port": 443, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Pipe Name": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 1": ""}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35"}, "x64": {"sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716", "time": 1617350732094.5, "config": {"Beacon Type": "0 (HTTP)", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "DNS Sleep": 0, "Max DNS": 255, "Method 1": "GET", "Polling": 60000, "C2 Server": "103.55.128.118,\/ptj", "Method 2": "POST", "DNS Idle": "0.0.0.0", "Jitter": 0, "Header 2": "", "Port": 443, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Pipe Name": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 1": ""}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8"}} | |
| 160.124.162.155 | |
| {"x86": {"md5": "35d1c3a7654146f572470d929772057e", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Header 1": "", "C2 Server": "103.55.128.118,\/ga.js", "Max DNS": 255, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Port": 443, "Method 1": "GET", "Pipe Name": "", "DNS Sleep": 0, "HTTP Method Path 2": "\/submit.php", "Method 2": "POST", "Beacon Type": "0 (HTTP)", "Header 2": "", "Jitter": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Polling": 60000}, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "time": 1617350813880.5}, "x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Header 1": "", "C2 Server": "103.55.128.118,\/ptj", "Max DNS": 255, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Port": 443, "Method 1": "GET", "Pipe Name": "", "DNS Sleep": 0, "HTTP Method Path 2": "\/submit.php", "Method 2": "POST", "Beacon Type": "0 (HTTP)", "Header 2": "", "Jitter": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Polling": 60000}, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "time": 1617350817930.0}} | |
| 160.124.162.156 | |
| {"x86": {"sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e", "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Port": 443, "HTTP Method Path 2": "\/submit.php", "Beacon Type": "0 (HTTP)", "Header 2": "", "Header 1": "", "DNS Sleep": 0, "Jitter": 0, "Method 2": "POST", "Max DNS": 255, "Pipe Name": "", "C2 Server": "103.55.128.118,\/ga.js", "Polling": 60000, "Method 1": "GET", "DNS Idle": "0.0.0.0"}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "time": 1617350878317.1}, "x64": {"sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716", "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Port": 443, "HTTP Method Path 2": "\/submit.php", "Beacon Type": "0 (HTTP)", "Header 2": "", "Header 1": "", "DNS Sleep": 0, "Jitter": 0, "Method 2": "POST", "Max DNS": 255, "Pipe Name": "", "C2 Server": "103.55.128.118,\/ptj", "Polling": 60000, "Method 1": "GET", "DNS Idle": "0.0.0.0"}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "time": 1617350886442.9}} | |
| 160.124.162.157 | |
| {"x64": {"config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 1": "GET", "Max DNS": 255, "C2 Server": "103.55.128.118,\/ptj", "Header 2": "", "Header 1": "", "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Pipe Name": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Jitter": 0, "DNS Sleep": 0, "DNS Idle": "0.0.0.0", "Beacon Type": "0 (HTTP)", "HTTP Method Path 2": "\/submit.php", "Polling": 60000, "Port": 443}, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "md5": "1b53f921f14712f2fbda5ce11aa12716", "time": 1617350938678.4}, "x86": {"config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 1": "GET", "Max DNS": 255, "C2 Server": "103.55.128.118,\/ga.js", "Header 2": "", "Header 1": "", "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Pipe Name": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Jitter": 0, "DNS Sleep": 0, "DNS Idle": "0.0.0.0", "Beacon Type": "0 (HTTP)", "HTTP Method Path 2": "\/submit.php", "Polling": 60000, "Port": 443}, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "md5": "35d1c3a7654146f572470d929772057e", "time": 1617350934542.7}} | |
| 160.124.162.158 | |
| {"x86": {"sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "time": 1617350992245.6, "config": {"Polling": 60000, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Sleep": 0, "Jitter": 0, "Pipe Name": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Max DNS": 255, "Method 1": "GET", "Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ga.js", "Port": 443, "Header 2": "", "DNS Idle": "0.0.0.0", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 1": "", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php"}, "md5": "35d1c3a7654146f572470d929772057e"}, "x64": {"sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "time": 1617350996068.1, "config": {"Polling": 60000, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Sleep": 0, "Jitter": 0, "Pipe Name": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Max DNS": 255, "Method 1": "GET", "Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ptj", "Port": 443, "Header 2": "", "DNS Idle": "0.0.0.0", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Header 1": "", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php"}, "md5": "1b53f921f14712f2fbda5ce11aa12716"}} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment