MichaelKoczwara/Cobalt Strike servers 37.120.222.70 - 37.120.222.73

## Cobalt Strike servers 37.120.222.70 - 37.120.222.73
Cobalt Strike servers

37.120.222.70
37.120.222.71
37.120.222.72
37.120.222.73

VT Graph

https://www.virustotal.com/graph/g1a3e50562f7f442da3faa7251f2c544fdcd75a7dd5fe46db93ffe16e6cbb3b17

37.120.222.70

{"x86": {"time": 1617822272091.0, "md5": "6050f3f1f0a33b1906745adab094540b", "sha256": "7bf40c85b018b9ae1b53ba79c600164789cd9aeda326eb544ea3d9b43ff9fa13", "sha1": "bb3df64decb4d322505d2750feac525774834ece", "config": {"Jitter": 37, "Port": 443, "HTTP Method Path 2": "\/jquery-3.3.2.min.js", "Spawn To x64": "%windir%\\sysnative\\dllhost.exe", "Spawn To x86": "%windir%\\syswow64\\dllhost.exe", "Polling": 5000, "Method 2": "POST", "Method 1": "GET", "C2 Server": "elefanteru.com,\/jquery-3.3.1.min.js", "Beacon Type": "8 (HTTPS)"}}, "x64": {"time": 1617822273908.4, "md5": "42b733036d66d7fa6f3e59567f6a4fcf", "sha256": "fceb8e4ae4d3e5a09dc499255ac1af182e467b80d29c0d8b2171a030a0c413f1", "sha1": "69278f1044d05bba0c0b36da25703116b3e4efd1", "config": {"Jitter": 37, "Port": 443, "HTTP Method Path 2": "\/jquery-3.3.2.min.js", "Spawn To x64": "%windir%\\sysnative\\dllhost.exe", "Spawn To x86": "%windir%\\syswow64\\dllhost.exe", "Polling": 5000, "Method 2": "POST", "Method 1": "GET", "C2 Server": "elefanteru.com,\/jquery-3.3.1.min.js", "Beacon Type": "8 (HTTPS)"}}}

37.120.222.71

{"x86": {"time": 1617822179450.5, "sha1": "ca728ff16116e59a7844eb8be5b1607fc6b4c778", "sha256": "2bf7833308e68a5ac86522d938546250314400655b3bfce752b0ef7d8f7552d1", "md5": "cc575656d94adffd39b7c21218f2990a", "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "8 (HTTPS)", "Polling": 5000, "Method 2": "POST", "C2 Server": "streeanloanerich.com,\/s\/ref=nb_sb_noss_1\/167-3294888-0262949\/field-keywords=books", "HTTP Method Path 2": "\/N4215\/adj\/amzn.us.sr.aps", "Port": 443, "Jitter": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 1": "GET"}}, "x64": {"time": 1617822181416.5, "sha1": "f0d3e4adec237bd3c384d1844a185f088b909c28", "sha256": "459d06099b54a3519fa0d25947f5390643e06e5b01b4b922734916f70ff10879", "md5": "1774c47f21fd501e2928821e3f87e0d5", "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "8 (HTTPS)", "Polling": 5000, "Method 2": "POST", "C2 Server": "streeanloanerich.com,\/s\/ref=nb_sb_noss_1\/167-3294888-0262949\/field-keywords=books", "HTTP Method Path 2": "\/N4215\/adj\/amzn.us.sr.aps", "Port": 443, "Jitter": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 1": "GET"}}}


37.120.222.72


{"x86": {"config": {"HTTP Method Path 2": "\/N4215\/adj\/amzn.us.sr.aps", "Polling": 5000, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "8 (HTTPS)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "furnewslether.com,\/s\/ref=nb_sb_noss_1\/167-3294888-0262949\/field-keywords=books", "Port": 443, "Jitter": 0, "Method 1": "GET", "Method 2": "POST"}, "sha1": "f5a3c52a55b062f4112a86b87fca53e741e8b635", "sha256": "fd83ecb88d7cac49e79d86811cf7e4df7c070fb4eadf39194bb283474d01c96f", "time": 1617822329092.3, "md5": "257f78bc9d3ddc26abb170117005f443"}, "x64": {"config": {"HTTP Method Path 2": "\/N4215\/adj\/amzn.us.sr.aps", "Polling": 5000, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "8 (HTTPS)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "furnewslether.com,\/s\/ref=nb_sb_noss_1\/167-3294888-0262949\/field-keywords=books", "Port": 443, "Jitter": 0, "Method 1": "GET", "Method 2": "POST"}, "sha1": "f508869b147aae4c192d2af9e5a68a4d22f23de9", "sha256": "59a2652a911015b49425d81d1d97a3fe7d24f4064d3ea151f182df96e5999170", "time": 1617822330905.0, "md5": "8d95d0e2456235777169c6af63fb8721"}}

37.120.222.73


{"x86": {"sha256": "d84ff24f8fadb8d91abc5ae79d233c4bd3f1cc8a967bbdeb9128ba490d53ee74", "sha1": "8f48ac60abe6c38de92720d2bf20a198677bcdeb", "md5": "885e8ab5344f21143fa00a6f98e42b31", "time": 1617822456048.6, "config": {"Method 2": "POST", "Method 1": "GET", "C2 Server": "supnewsportal.com,\/jquery-3.3.1.min.js", "Port": 443, "Spawn To x64": "%windir%\\sysnative\\dllhost.exe", "Polling": 5000, "HTTP Method Path 2": "\/jquery-3.3.2.min.js", "Spawn To x86": "%windir%\\syswow64\\dllhost.exe", "Jitter": 37, "Beacon Type": "8 (HTTPS)"}}, "x64": {"sha256": "f7d2419d1a1550259f53a816c7a77942f3aef3aea33c9ecd1bf7366b6c67a00c", "sha1": "dd7c7724fd3016ec21eb5c08a59cca89e0a9d00f", "md5": "93d1ac85038ef0f39a318b69a23dc46b", "time": 1617822458795.0, "config": {"Method 2": "POST", "Method 1": "GET", "C2 Server": "supnewsportal.com,\/jquery-3.3.1.min.js", "Port": 443, "Spawn To x64": "%windir%\\sysnative\\dllhost.exe", "Polling": 5000, "HTTP Method Path 2": "\/jquery-3.3.2.min.js", "Spawn To x86": "%windir%\\syswow64\\dllhost.exe", "Jitter": 37, "Beacon Type": "8 (HTTPS)"}}}
	Cobalt Strike servers

	37.120.222.70
	37.120.222.71
	37.120.222.72
	37.120.222.73

	VT Graph

	https://www.virustotal.com/graph/g1a3e50562f7f442da3faa7251f2c544fdcd75a7dd5fe46db93ffe16e6cbb3b17

	37.120.222.70

	{"x86": {"time": 1617822272091.0, "md5": "6050f3f1f0a33b1906745adab094540b", "sha256": "7bf40c85b018b9ae1b53ba79c600164789cd9aeda326eb544ea3d9b43ff9fa13", "sha1": "bb3df64decb4d322505d2750feac525774834ece", "config": {"Jitter": 37, "Port": 443, "HTTP Method Path 2": "\/jquery-3.3.2.min.js", "Spawn To x64": "%windir%\\sysnative\\dllhost.exe", "Spawn To x86": "%windir%\\syswow64\\dllhost.exe", "Polling": 5000, "Method 2": "POST", "Method 1": "GET", "C2 Server": "elefanteru.com,\/jquery-3.3.1.min.js", "Beacon Type": "8 (HTTPS)"}}, "x64": {"time": 1617822273908.4, "md5": "42b733036d66d7fa6f3e59567f6a4fcf", "sha256": "fceb8e4ae4d3e5a09dc499255ac1af182e467b80d29c0d8b2171a030a0c413f1", "sha1": "69278f1044d05bba0c0b36da25703116b3e4efd1", "config": {"Jitter": 37, "Port": 443, "HTTP Method Path 2": "\/jquery-3.3.2.min.js", "Spawn To x64": "%windir%\\sysnative\\dllhost.exe", "Spawn To x86": "%windir%\\syswow64\\dllhost.exe", "Polling": 5000, "Method 2": "POST", "Method 1": "GET", "C2 Server": "elefanteru.com,\/jquery-3.3.1.min.js", "Beacon Type": "8 (HTTPS)"}}}

	37.120.222.71

	{"x86": {"time": 1617822179450.5, "sha1": "ca728ff16116e59a7844eb8be5b1607fc6b4c778", "sha256": "2bf7833308e68a5ac86522d938546250314400655b3bfce752b0ef7d8f7552d1", "md5": "cc575656d94adffd39b7c21218f2990a", "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "8 (HTTPS)", "Polling": 5000, "Method 2": "POST", "C2 Server": "streeanloanerich.com,\/s\/ref=nb_sb_noss_1\/167-3294888-0262949\/field-keywords=books", "HTTP Method Path 2": "\/N4215\/adj\/amzn.us.sr.aps", "Port": 443, "Jitter": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 1": "GET"}}, "x64": {"time": 1617822181416.5, "sha1": "f0d3e4adec237bd3c384d1844a185f088b909c28", "sha256": "459d06099b54a3519fa0d25947f5390643e06e5b01b4b922734916f70ff10879", "md5": "1774c47f21fd501e2928821e3f87e0d5", "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "8 (HTTPS)", "Polling": 5000, "Method 2": "POST", "C2 Server": "streeanloanerich.com,\/s\/ref=nb_sb_noss_1\/167-3294888-0262949\/field-keywords=books", "HTTP Method Path 2": "\/N4215\/adj\/amzn.us.sr.aps", "Port": 443, "Jitter": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 1": "GET"}}}


	37.120.222.72


	{"x86": {"config": {"HTTP Method Path 2": "\/N4215\/adj\/amzn.us.sr.aps", "Polling": 5000, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "8 (HTTPS)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "furnewslether.com,\/s\/ref=nb_sb_noss_1\/167-3294888-0262949\/field-keywords=books", "Port": 443, "Jitter": 0, "Method 1": "GET", "Method 2": "POST"}, "sha1": "f5a3c52a55b062f4112a86b87fca53e741e8b635", "sha256": "fd83ecb88d7cac49e79d86811cf7e4df7c070fb4eadf39194bb283474d01c96f", "time": 1617822329092.3, "md5": "257f78bc9d3ddc26abb170117005f443"}, "x64": {"config": {"HTTP Method Path 2": "\/N4215\/adj\/amzn.us.sr.aps", "Polling": 5000, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "8 (HTTPS)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "furnewslether.com,\/s\/ref=nb_sb_noss_1\/167-3294888-0262949\/field-keywords=books", "Port": 443, "Jitter": 0, "Method 1": "GET", "Method 2": "POST"}, "sha1": "f508869b147aae4c192d2af9e5a68a4d22f23de9", "sha256": "59a2652a911015b49425d81d1d97a3fe7d24f4064d3ea151f182df96e5999170", "time": 1617822330905.0, "md5": "8d95d0e2456235777169c6af63fb8721"}}

	37.120.222.73


	{"x86": {"sha256": "d84ff24f8fadb8d91abc5ae79d233c4bd3f1cc8a967bbdeb9128ba490d53ee74", "sha1": "8f48ac60abe6c38de92720d2bf20a198677bcdeb", "md5": "885e8ab5344f21143fa00a6f98e42b31", "time": 1617822456048.6, "config": {"Method 2": "POST", "Method 1": "GET", "C2 Server": "supnewsportal.com,\/jquery-3.3.1.min.js", "Port": 443, "Spawn To x64": "%windir%\\sysnative\\dllhost.exe", "Polling": 5000, "HTTP Method Path 2": "\/jquery-3.3.2.min.js", "Spawn To x86": "%windir%\\syswow64\\dllhost.exe", "Jitter": 37, "Beacon Type": "8 (HTTPS)"}}, "x64": {"sha256": "f7d2419d1a1550259f53a816c7a77942f3aef3aea33c9ecd1bf7366b6c67a00c", "sha1": "dd7c7724fd3016ec21eb5c08a59cca89e0a9d00f", "md5": "93d1ac85038ef0f39a318b69a23dc46b", "time": 1617822458795.0, "config": {"Method 2": "POST", "Method 1": "GET", "C2 Server": "supnewsportal.com,\/jquery-3.3.1.min.js", "Port": 443, "Spawn To x64": "%windir%\\sysnative\\dllhost.exe", "Polling": 5000, "HTTP Method Path 2": "\/jquery-3.3.2.min.js", "Spawn To x86": "%windir%\\syswow64\\dllhost.exe", "Jitter": 37, "Beacon Type": "8 (HTTPS)"}}}