Last active
April 5, 2021 10:36
-
-
Save MichaelKoczwara/95f4f675b5a070efbd846133bad4436d to your computer and use it in GitHub Desktop.
Cobalt Strike servers 154.216.68.32 - 154.216.68.62
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Cobalt Strike servers | |
| 154.216.68.32 | |
| 154.216.68.33 | |
| 154.216.68.34 | |
| 154.216.68.35 | |
| 154.216.68.36 | |
| 154.216.68.37 | |
| 154.216.68.38 | |
| 154.216.68.39 | |
| 154.216.68.40 | |
| 154.216.68.41 | |
| 154.216.68.42 | |
| 154.216.68.43 | |
| 154.216.68.44 | |
| 154.216.68.45 | |
| 154.216.68.46 | |
| 154.216.68.47 | |
| 154.216.68.48 | |
| 154.216.68.49 | |
| 154.216.68.50 | |
| 154.216.68.51 | |
| 154.216.68.52 | |
| 154.216.68.53 | |
| 154.216.68.54 | |
| 154.216.68.55 | |
| 154.216.68.56 | |
| 154.216.68.57 | |
| 154.216.68.58 | |
| 154.216.68.59 | |
| 154.216.68.60 | |
| 154.216.68.61 | |
| 154.216.68.62 | |
| -------------- | |
| c2 | |
| 103.55.128.118/ga.js | |
| -------------- | |
| Sample beacons | |
| 154.216.68.50 | |
| {"x86": {"md5": "35d1c3a7654146f572470d929772057e", "config": {"Polling": 60000, "Header 2": "", "Method 1": "GET", "Port": 443, "Method 2": "POST", "DNS Idle": "0.0.0.0", "Jitter": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Header 1": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Max DNS": 255, "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ga.js", "HTTP Method Path 2": "\/submit.php", "Pipe Name": "", "Beacon Type": "0 (HTTP)"}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "time": 1617378845278.1}, "x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "config": {"Polling": 60000, "Header 2": "", "Method 1": "GET", "Port": 443, "Method 2": "POST", "DNS Idle": "0.0.0.0", "Jitter": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Header 1": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Max DNS": 255, "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ptj", "HTTP Method Path 2": "\/submit.php", "Pipe Name": "", "Beacon Type": "0 (HTTP)"}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "time": 1617378849069.4}} | |
| 154.216.68.51 | |
| {"x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "config": {"Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ptj", "DNS Sleep": 0, "Header 2": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Max DNS": 255, "Method 1": "GET", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Jitter": 0, "Pipe Name": "", "Header 1": "", "Method 2": "POST", "Port": 443, "Polling": 60000, "DNS Idle": "0.0.0.0"}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "time": 1617378910308.4}, "x86": {"md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "config": {"Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ga.js", "DNS Sleep": 0, "Header 2": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Max DNS": 255, "Method 1": "GET", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Jitter": 0, "Pipe Name": "", "Header 1": "", "Method 2": "POST", "Port": 443, "Polling": 60000, "DNS Idle": "0.0.0.0"}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "time": 1617378906353.6}} | |
| 154.216.68.52 | |
| {"x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "md5": "1b53f921f14712f2fbda5ce11aa12716", "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "0 (HTTP)", "Method 1": "GET", "Port": 443, "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "C2 Server": "103.55.128.118,\/ptj", "DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Pipe Name": "", "Method 2": "POST", "Polling": 60000, "Header 1": "", "Jitter": 0, "Max DNS": 255, "Header 2": ""}, "time": 1617378972304.5, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}, "x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "md5": "35d1c3a7654146f572470d929772057e", "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "0 (HTTP)", "Method 1": "GET", "Port": 443, "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "C2 Server": "103.55.128.118,\/ga.js", "DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Pipe Name": "", "Method 2": "POST", "Polling": 60000, "Header 1": "", "Jitter": 0, "Max DNS": 255, "Header 2": ""}, "time": 1617378968676.3, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}} | |
| 154.216.68.53 | |
| {"x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "time": 1617378767080.0, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "config": {"Jitter": 0, "C2 Server": "103.55.128.118,\/ga.js", "Polling": 60000, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "DNS Idle": "0.0.0.0", "Max DNS": 255, "HTTP Method Path 2": "\/submit.php", "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Pipe Name": "", "DNS Sleep": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 1": "GET", "Header 1": "", "Header 2": "", "Port": 443, "Beacon Type": "0 (HTTP)"}, "md5": "35d1c3a7654146f572470d929772057e"}, "x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "time": 1617378770837.8, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "config": {"Jitter": 0, "C2 Server": "103.55.128.118,\/ptj", "Polling": 60000, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "DNS Idle": "0.0.0.0", "Max DNS": 255, "HTTP Method Path 2": "\/submit.php", "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Pipe Name": "", "DNS Sleep": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 1": "GET", "Header 1": "", "Header 2": "", "Port": 443, "Beacon Type": "0 (HTTP)"}, "md5": "1b53f921f14712f2fbda5ce11aa12716"}} | |
| 154.216.68.54 | |
| {"x86": {"sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e", "time": 1617379024114.2, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Method 1": "GET", "Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ga.js", "Pipe Name": "", "DNS Sleep": 0, "Header 1": "", "Header 2": "", "Port": 443, "Max DNS": 255, "Method 2": "POST", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "Jitter": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "HTTP Method Path 2": "\/submit.php", "Polling": 60000}}, "x64": {"sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716", "time": 1617379027961.6, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Method 1": "GET", "Beacon Type": "0 (HTTP)", "C2 Server": "103.55.128.118,\/ptj", "Pipe Name": "", "DNS Sleep": 0, "Header 1": "", "Header 2": "", "Port": 443, "Max DNS": 255, "Method 2": "POST", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "Jitter": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "HTTP Method Path 2": "\/submit.php", "Polling": 60000}}} | |
| 154.216.68.55 | |
| {"x64": {"time": 1617379098316.4, "config": {"Pipe Name": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Header 1": "", "Port": 443, "Method 1": "GET", "Beacon Type": "0 (HTTP)", "DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Jitter": 0, "Method 2": "POST", "DNS Idle": "0.0.0.0", "Header 2": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "C2 Server": "103.55.128.118,\/ptj", "Polling": 60000, "Max DNS": 255}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "md5": "1b53f921f14712f2fbda5ce11aa12716", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}, "x86": {"time": 1617379093541.9, "config": {"Pipe Name": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Header 1": "", "Port": 443, "Method 1": "GET", "Beacon Type": "0 (HTTP)", "DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Jitter": 0, "Method 2": "POST", "DNS Idle": "0.0.0.0", "Header 2": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "C2 Server": "103.55.128.118,\/ga.js", "Polling": 60000, "Max DNS": 255}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "md5": "35d1c3a7654146f572470d929772057e", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}} | |
| 154.216.68.56 | |
| {"x64": {"time": 1617379138844.2, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Header 2": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Pipe Name": "", "Header 1": "", "DNS Idle": "0.0.0.0", "Polling": 60000, "Method 2": "POST", "Method 1": "GET", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "0 (HTTP)", "HTTP Method Path 2": "\/submit.php", "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ptj", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Jitter": 0, "Max DNS": 255, "Port": 443}, "md5": "1b53f921f14712f2fbda5ce11aa12716"}, "x86": {"time": 1617379135291.2, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Header 2": "", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Pipe Name": "", "Header 1": "", "DNS Idle": "0.0.0.0", "Polling": 60000, "Method 2": "POST", "Method 1": "GET", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "0 (HTTP)", "HTTP Method Path 2": "\/submit.php", "DNS Sleep": 0, "C2 Server": "103.55.128.118,\/ga.js", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Jitter": 0, "Max DNS": 255, "Port": 443}, "md5": "35d1c3a7654146f572470d929772057e"}} | |
| 154.216.68.57 | |
| {"x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "config": {"Port": 443, "Jitter": 0, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Max DNS": 255, "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "103.55.128.118,\/ga.js", "Polling": 60000, "Pipe Name": "", "Header 1": "", "Header 2": "", "HTTP Method Path 2": "\/submit.php", "Beacon Type": "0 (HTTP)", "DNS Sleep": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "Method 1": "GET"}, "time": 1617379192822.5, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e"}, "x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "config": {"Port": 443, "Jitter": 0, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Max DNS": 255, "Method 2": "POST", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "103.55.128.118,\/ptj", "Polling": 60000, "Pipe Name": "", "Header 1": "", "Header 2": "", "HTTP Method Path 2": "\/submit.php", "Beacon Type": "0 (HTTP)", "DNS Sleep": 0, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "DNS Idle": "0.0.0.0", "Method 1": "GET"}, "time": 1617379196224.0, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716"}} | |
| 154.216.68.58 | |
| {"x64": {"sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "time": 1617379271997.6, "config": {"Method 2": "POST", "Header 2": "", "C2 Server": "103.55.128.118,\/ptj", "Polling": 60000, "Port": 443, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Method 1": "GET", "Pipe Name": "", "Header 1": "", "Max DNS": 255, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Beacon Type": "0 (HTTP)", "DNS Sleep": 0, "Jitter": 0, "DNS Idle": "0.0.0.0", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe"}, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "md5": "1b53f921f14712f2fbda5ce11aa12716"}, "x86": {"sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "time": 1617379268514.9, "config": {"Method 2": "POST", "Header 2": "", "C2 Server": "103.55.128.118,\/ga.js", "Polling": 60000, "Port": 443, "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Method 1": "GET", "Pipe Name": "", "Header 1": "", "Max DNS": 255, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "HTTP Method Path 2": "\/submit.php", "Beacon Type": "0 (HTTP)", "DNS Sleep": 0, "Jitter": 0, "DNS Idle": "0.0.0.0", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe"}, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "md5": "35d1c3a7654146f572470d929772057e"}} | |
| 154.216.68.59 | |
| {"x86": {"md5": "35d1c3a7654146f572470d929772057e", "time": 1617379312460.6, "config": {"Port": 443, "C2 Server": "103.55.128.118,\/ga.js", "Jitter": 0, "Header 1": "", "Method 1": "GET", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Pipe Name": "", "DNS Sleep": 0, "Method 2": "POST", "Header 2": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Beacon Type": "0 (HTTP)", "HTTP Method Path 2": "\/submit.php", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Polling": 60000, "DNS Idle": "0.0.0.0", "Max DNS": 255}, "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35", "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658"}, "x64": {"md5": "1b53f921f14712f2fbda5ce11aa12716", "time": 1617379315952.0, "config": {"Port": 443, "C2 Server": "103.55.128.118,\/ptj", "Jitter": 0, "Header 1": "", "Method 1": "GET", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Pipe Name": "", "DNS Sleep": 0, "Method 2": "POST", "Header 2": "", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Beacon Type": "0 (HTTP)", "HTTP Method Path 2": "\/submit.php", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Polling": 60000, "DNS Idle": "0.0.0.0", "Max DNS": 255}, "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8", "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee"}} | |
| 154.216.68.60 | |
| {"x64": {"time": 1617379385688.5, "md5": "1b53f921f14712f2fbda5ce11aa12716", "config": {"Max DNS": 255, "Port": 443, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)", "Polling": 60000, "DNS Idle": "0.0.0.0", "C2 Server": "103.55.128.118,\/ptj", "HTTP Method Path 2": "\/submit.php", "Header 1": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 1": "GET", "Jitter": 0, "Pipe Name": "", "Header 2": "", "Method 2": "POST", "Beacon Type": "0 (HTTP)", "DNS Sleep": 0}, "sha1": "8a5b6735b50b6db465285b6381f923b1ebee28ee", "sha256": "66263cf99bbe5ddbf74543eba1df28452251981e57be39d96fcef96e91a111a8"}, "x86": {"time": 1617379382052.9, "md5": "35d1c3a7654146f572470d929772057e", "config": {"Max DNS": 255, "Port": 443, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; NP07; NP07)", "Polling": 60000, "DNS Idle": "0.0.0.0", "C2 Server": "103.55.128.118,\/ga.js", "HTTP Method Path 2": "\/submit.php", "Header 1": "", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 1": "GET", "Jitter": 0, "Pipe Name": "", "Header 2": "", "Method 2": "POST", "Beacon Type": "0 (HTTP)", "DNS Sleep": 0}, "sha1": "fbab139e81b7304ed400ea0d8e42ff9f767fa658", "sha256": "cff61ad77203e09e0b2791e08878acd6a3b526b887587a948626b42f6ceb9c35"}} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment