Last active
April 7, 2021 21:09
-
-
Save MichaelKoczwara/accdf8159b943042177eb39aabd54205 to your computer and use it in GitHub Desktop.
Cobalt Strike servers 37.120.222.70 - 37.120.222.73
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cobalt Strike servers | |
37.120.222.70 | |
37.120.222.71 | |
37.120.222.72 | |
37.120.222.73 | |
VT Graph | |
https://www.virustotal.com/graph/g1a3e50562f7f442da3faa7251f2c544fdcd75a7dd5fe46db93ffe16e6cbb3b17 | |
37.120.222.70 | |
{"x86": {"time": 1617822272091.0, "md5": "6050f3f1f0a33b1906745adab094540b", "sha256": "7bf40c85b018b9ae1b53ba79c600164789cd9aeda326eb544ea3d9b43ff9fa13", "sha1": "bb3df64decb4d322505d2750feac525774834ece", "config": {"Jitter": 37, "Port": 443, "HTTP Method Path 2": "\/jquery-3.3.2.min.js", "Spawn To x64": "%windir%\\sysnative\\dllhost.exe", "Spawn To x86": "%windir%\\syswow64\\dllhost.exe", "Polling": 5000, "Method 2": "POST", "Method 1": "GET", "C2 Server": "elefanteru.com,\/jquery-3.3.1.min.js", "Beacon Type": "8 (HTTPS)"}}, "x64": {"time": 1617822273908.4, "md5": "42b733036d66d7fa6f3e59567f6a4fcf", "sha256": "fceb8e4ae4d3e5a09dc499255ac1af182e467b80d29c0d8b2171a030a0c413f1", "sha1": "69278f1044d05bba0c0b36da25703116b3e4efd1", "config": {"Jitter": 37, "Port": 443, "HTTP Method Path 2": "\/jquery-3.3.2.min.js", "Spawn To x64": "%windir%\\sysnative\\dllhost.exe", "Spawn To x86": "%windir%\\syswow64\\dllhost.exe", "Polling": 5000, "Method 2": "POST", "Method 1": "GET", "C2 Server": "elefanteru.com,\/jquery-3.3.1.min.js", "Beacon Type": "8 (HTTPS)"}}} | |
37.120.222.71 | |
{"x86": {"time": 1617822179450.5, "sha1": "ca728ff16116e59a7844eb8be5b1607fc6b4c778", "sha256": "2bf7833308e68a5ac86522d938546250314400655b3bfce752b0ef7d8f7552d1", "md5": "cc575656d94adffd39b7c21218f2990a", "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "8 (HTTPS)", "Polling": 5000, "Method 2": "POST", "C2 Server": "streeanloanerich.com,\/s\/ref=nb_sb_noss_1\/167-3294888-0262949\/field-keywords=books", "HTTP Method Path 2": "\/N4215\/adj\/amzn.us.sr.aps", "Port": 443, "Jitter": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 1": "GET"}}, "x64": {"time": 1617822181416.5, "sha1": "f0d3e4adec237bd3c384d1844a185f088b909c28", "sha256": "459d06099b54a3519fa0d25947f5390643e06e5b01b4b922734916f70ff10879", "md5": "1774c47f21fd501e2928821e3f87e0d5", "config": {"Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "8 (HTTPS)", "Polling": 5000, "Method 2": "POST", "C2 Server": "streeanloanerich.com,\/s\/ref=nb_sb_noss_1\/167-3294888-0262949\/field-keywords=books", "HTTP Method Path 2": "\/N4215\/adj\/amzn.us.sr.aps", "Port": 443, "Jitter": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Method 1": "GET"}}} | |
37.120.222.72 | |
{"x86": {"config": {"HTTP Method Path 2": "\/N4215\/adj\/amzn.us.sr.aps", "Polling": 5000, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "8 (HTTPS)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "furnewslether.com,\/s\/ref=nb_sb_noss_1\/167-3294888-0262949\/field-keywords=books", "Port": 443, "Jitter": 0, "Method 1": "GET", "Method 2": "POST"}, "sha1": "f5a3c52a55b062f4112a86b87fca53e741e8b635", "sha256": "fd83ecb88d7cac49e79d86811cf7e4df7c070fb4eadf39194bb283474d01c96f", "time": 1617822329092.3, "md5": "257f78bc9d3ddc26abb170117005f443"}, "x64": {"config": {"HTTP Method Path 2": "\/N4215\/adj\/amzn.us.sr.aps", "Polling": 5000, "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "8 (HTTPS)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "furnewslether.com,\/s\/ref=nb_sb_noss_1\/167-3294888-0262949\/field-keywords=books", "Port": 443, "Jitter": 0, "Method 1": "GET", "Method 2": "POST"}, "sha1": "f508869b147aae4c192d2af9e5a68a4d22f23de9", "sha256": "59a2652a911015b49425d81d1d97a3fe7d24f4064d3ea151f182df96e5999170", "time": 1617822330905.0, "md5": "8d95d0e2456235777169c6af63fb8721"}} | |
37.120.222.73 | |
{"x86": {"sha256": "d84ff24f8fadb8d91abc5ae79d233c4bd3f1cc8a967bbdeb9128ba490d53ee74", "sha1": "8f48ac60abe6c38de92720d2bf20a198677bcdeb", "md5": "885e8ab5344f21143fa00a6f98e42b31", "time": 1617822456048.6, "config": {"Method 2": "POST", "Method 1": "GET", "C2 Server": "supnewsportal.com,\/jquery-3.3.1.min.js", "Port": 443, "Spawn To x64": "%windir%\\sysnative\\dllhost.exe", "Polling": 5000, "HTTP Method Path 2": "\/jquery-3.3.2.min.js", "Spawn To x86": "%windir%\\syswow64\\dllhost.exe", "Jitter": 37, "Beacon Type": "8 (HTTPS)"}}, "x64": {"sha256": "f7d2419d1a1550259f53a816c7a77942f3aef3aea33c9ecd1bf7366b6c67a00c", "sha1": "dd7c7724fd3016ec21eb5c08a59cca89e0a9d00f", "md5": "93d1ac85038ef0f39a318b69a23dc46b", "time": 1617822458795.0, "config": {"Method 2": "POST", "Method 1": "GET", "C2 Server": "supnewsportal.com,\/jquery-3.3.1.min.js", "Port": 443, "Spawn To x64": "%windir%\\sysnative\\dllhost.exe", "Polling": 5000, "HTTP Method Path 2": "\/jquery-3.3.2.min.js", "Spawn To x86": "%windir%\\syswow64\\dllhost.exe", "Jitter": 37, "Beacon Type": "8 (HTTPS)"}}} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment