MichaelKoczwara
/ Cobalt Strike Amazon profiles
Last active
April 17, 2021 12:56
Cobalt Strike/C2 - Amazon profiles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 159.89.232.12 | |
| {"x86": {"time": 1618241999145.0, "sha256": "33884ca1de575556e6488ddd16153047844925d8cc513359db8edcbf542d4f65", "config": {"Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "www.amzservicedesk.com,\/s\/ref=nb_sb_noss_1\/167-3294888-0262949\/field-keywords=books", "Jitter": 0, "Beacon Type": "8 (HTTPS)", "Method 1": "GET", "Method 2": "POST", "Polling": 5000, "HTTP Method Path 2": "\/N4215\/adj\/amzn.us.sr.aps", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Port": 443}, "md5": "a3e525c83b178a9ce8da0c57b0cd0f1b", "sha1": "1730da9fb624c6a8ecb2bf033dede4adfbaa4d94"}, "x64": {"time": 1618242002468.8, "sha256": "6ed37260e7b8101b1d459fc65c207a581ad692276abee0806a7ee7bc503e6a7c", "config": {"Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "C2 Server": "www.amzservicedesk.com,\/s\/ref=nb_sb_noss_1\/167-3294888-0262949\/field-keywords=books", "Jitter": 0, "Beacon Type": "8 (HTTPS)", "Method 1": "GET", "Method 2": "POST", "Polling": 5000, "HTTP Method Path 2": "\/N4215\/adj\/am |
MichaelKoczwara
/ Cobalt Strike 38.135.104.131 - 38.135.104.134
Last active
April 13, 2021 14:21
Cobalt Strike/C2 38.135.104.131 - 38.135.104.134
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 38.135.104.131 | |
| 38.135.104.132 | |
| 38.135.104.133 | |
| 38.135.104.134 | |
| VT Graph | |
| https://www.virustotal.com/graph/gd2bbe8d4a42845a3aaf2a55bcb76b8606492fe0d0d964eb296503b8cd2755082 |
MichaelKoczwara
/ Cobalt Strike servers 37.120.222.70 - 37.120.222.73
Last active
April 7, 2021 21:09
Cobalt Strike servers 37.120.222.70 - 37.120.222.73
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Cobalt Strike servers | |
| 37.120.222.70 | |
| 37.120.222.71 | |
| 37.120.222.72 | |
| 37.120.222.73 | |
| VT Graph | |
| https://www.virustotal.com/graph/g1a3e50562f7f442da3faa7251f2c544fdcd75a7dd5fe46db93ffe16e6cbb3b17 |
MichaelKoczwara
/ Cobalt Strike servers 23.248.248.2 -23.248.248.6
Last active
April 5, 2021 10:35
Cobalt Strike servers 23.248.248.2 -23.248.248.6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Cobalt Strike servers | |
| All hosted on Xiaozhiyun L.L.C | |
| ----------------- | |
| c2 | |
| 23.248.248.6/j.ad | |
| ------------------ | |
| 23.248.248.2 | |
| 23.248.248.3 |
MichaelKoczwara
/ Cobalt Strike servers 23.226.51.96 - 23.226.51.126
Last active
April 5, 2021 10:35
Cobalt Strike servers 23.226.51.96 - 23.226.51.126
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Cobalt Strike servers | |
| -------------------- | |
| beacon sample | |
| {"x86": {"md5": "f7412402ff926bff5b86ed1d6c562006", "sha1": "0c5a8d1ab8722d142974000262a30b881f213e07", "time": 1617568268682.4, "config": {"Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Port": 8080, "Jitter": 0, "Polling": 60000, "Method 1": "GET", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "C2 Server": "23.248.248.6,\/ptj", "Beacon Type": "0 (HTTP)"}, "sha256": "465e214a75340fa74014f8b29a4aa74f832b3ccb29fe1d3383ba2bd6b16c7c43"}, "x64": {"md5": "13f0f318b9a15e76af8d71c0e0bee509", "sha1": "40fefeb515b40ef4c0cdebc381b27528685022ed", "time": 1617568272135.7, "config": {"Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Port": 8080, "Jitter": 0, "Polling": 60000, "Method 1": "GET", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Method 2": "POST", "HTTP Method Path 2": "\/submit.php", "C2 Server": "23.248.248.6,\/j.ad", "Beacon Type": "0 (HTTP)"}, "sha256": "5584d814131fcf46 |
MichaelKoczwara
/ Cobalt Strike servers April 2021
Last active
April 15, 2024 16:38
Cobalt Strike servers April 2021
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 178.62.115.135 | |
| 167.99.197.196 | |
| 138.68.131.250 | |
| 195.206.181.141 | |
| 193.29.13.201 | |
| 5.61.61.49 | |
| 139.59.172.170 | |
| 46.101.63.124 | |
| 206.189.121.65 | |
| 46.101.47.102 |
MichaelKoczwara
/ Cobalt Strike servers March 2021
Last active
April 5, 2021 10:35
Cobalt Strike servers March 2021
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 37.61.205.212 | |
| 8.210.129.133 | |
| 3.249.201.172 | |
| 195.123.219.203 | |
| 206.189.106.19 | |
| 185.162.235.111 | |
| 174.138.0.82 | |
| 185.162.235.197 | |
| 185.162.235.61 | |
| 185.162.235.111 |
MichaelKoczwara
/ Cobalt Strike servers 154.216.68.32 - 154.216.68.6
Last active
April 5, 2021 10:36
Cobalt Strike servers 154.216.68.32 - 154.216.68.62
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Cobalt Strike servers | |
| 154.216.68.32 | |
| 154.216.68.33 | |
| 154.216.68.34 | |
| 154.216.68.35 | |
| 154.216.68.36 | |
| 154.216.68.37 | |
| 154.216.68.38 |
MichaelKoczwara
/ Cobalt Strike servers 160.124.162.128 - 160.124.162.158
Last active
April 5, 2021 10:36
Cobalt Strike servers 160.124.162.128 - 160.124.162.158
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Cobalt Strike servers: | |
| 160.124.162.128 | |
| 160.124.162.129 | |
| 160.124.162.130 | |
| 160.124.162.131 | |
| 160.124.162.132 | |
| 160.124.162.133 | |
| 160.124.162.134 | |
| 160.124.162.135 |
MichaelKoczwara
/ Cobalt Strike servers 192.151.234.160 - 192.151.234.190
Last active
April 10, 2021 11:35
Cobalt Strike servers 192.151.234.160 - 192.151.234.190
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Cobalt Strike Servers: | |
| 192.151.234.160 | |
| 192.151.234.161 | |
| 192.151.234.162 | |
| 192.151.234.163 | |
| 192.151.234.164 | |
| 192.151.234.165 | |
| 192.151.234.166 | |
| 192.151.234.167 |