This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
159.89.232.12 | |
{"x86": {"time": 1618241999145.0, "sha256": "33884ca1de575556e6488ddd16153047844925d8cc513359db8edcbf542d4f65", "config": {"Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "www.amzservicedesk.com,\/s\/ref=nb_sb_noss_1\/167-3294888-0262949\/field-keywords=books", "Jitter": 0, "Beacon Type": "8 (HTTPS)", "Method 1": "GET", "Method 2": "POST", "Polling": 5000, "HTTP Method Path 2": "\/N4215\/adj\/amzn.us.sr.aps", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Port": 443}, "md5": "a3e525c83b178a9ce8da0c57b0cd0f1b", "sha1": "1730da9fb624c6a8ecb2bf033dede4adfbaa4d94"}, "x64": {"time": 1618242002468.8, "sha256": "6ed37260e7b8101b1d459fc65c207a581ad692276abee0806a7ee7bc503e6a7c", "config": {"Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "www.amzservicedesk.com,\/s\/ref=nb_sb_noss_1\/167-3294888-0262949\/field-keywords=books", "Jitter": 0, "Beacon Type": "8 (HTTPS)", "Method 1": "GET", "Method 2": "POST", "Polling": 5000, "HTTP Method Path 2": "\/N4215\/adj\/am |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
38.135.104.131 | |
38.135.104.132 | |
38.135.104.133 | |
38.135.104.134 | |
VT Graph | |
https://www.virustotal.com/graph/gd2bbe8d4a42845a3aaf2a55bcb76b8606492fe0d0d964eb296503b8cd2755082 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cobalt Strike servers | |
37.120.222.70 | |
37.120.222.71 | |
37.120.222.72 | |
37.120.222.73 | |
VT Graph | |
https://www.virustotal.com/graph/g1a3e50562f7f442da3faa7251f2c544fdcd75a7dd5fe46db93ffe16e6cbb3b17 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cobalt Strike servers | |
All hosted on Xiaozhiyun L.L.C | |
----------------- | |
c2 | |
23.248.248.6/j.ad | |
------------------ | |
23.248.248.2 | |
23.248.248.3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cobalt Strike servers | |
-------------------- | |
beacon sample | |
{"x86": {"md5": "f7412402ff926bff5b86ed1d6c562006", "sha1": "0c5a8d1ab8722d142974000262a30b881f213e07", "time": 1617568268682.4, "config": {"Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Port": 8080, "Jitter": 0, "Polling": 60000, "Method 1": "GET", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "C2 Server": "23.248.248.6,\/ptj", "Beacon Type": "0 (HTTP)"}, "sha256": "465e214a75340fa74014f8b29a4aa74f832b3ccb29fe1d3383ba2bd6b16c7c43"}, "x64": {"md5": "13f0f318b9a15e76af8d71c0e0bee509", "sha1": "40fefeb515b40ef4c0cdebc381b27528685022ed", "time": 1617568272135.7, "config": {"Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Port": 8080, "Jitter": 0, "Polling": 60000, "Method 1": "GET", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "C2 Server": "23.248.248.6,\/j.ad", "Beacon Type": "0 (HTTP)"}, "sha256": "5584d814131fcf46 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
178.62.115.135 | |
167.99.197.196 | |
138.68.131.250 | |
195.206.181.141 | |
193.29.13.201 | |
5.61.61.49 | |
139.59.172.170 | |
46.101.63.124 | |
206.189.121.65 | |
46.101.47.102 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
37.61.205.212 | |
8.210.129.133 | |
3.249.201.172 | |
195.123.219.203 | |
206.189.106.19 | |
185.162.235.111 | |
174.138.0.82 | |
185.162.235.197 | |
185.162.235.61 | |
185.162.235.111 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cobalt Strike servers | |
154.216.68.32 | |
154.216.68.33 | |
154.216.68.34 | |
154.216.68.35 | |
154.216.68.36 | |
154.216.68.37 | |
154.216.68.38 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cobalt Strike servers: | |
160.124.162.128 | |
160.124.162.129 | |
160.124.162.130 | |
160.124.162.131 | |
160.124.162.132 | |
160.124.162.133 | |
160.124.162.134 | |
160.124.162.135 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cobalt Strike Servers: | |
192.151.234.160 | |
192.151.234.161 | |
192.151.234.162 | |
192.151.234.163 | |
192.151.234.164 | |
192.151.234.165 | |
192.151.234.166 | |
192.151.234.167 |