Created
July 11, 2023 18:37
-
-
Save usualsuspect/194c248e30c43c25681c6f1e15cc778a to your computer and use it in GitHub Desktop.
Pokemon Cobalt Strike Config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BeaconType - HTTPS | |
| Port - 443 | |
| SleepTime - 10000 | |
| MaxGetSize - 1398322 | |
| Jitter - 20 | |
| MaxDNS - Not Found | |
| PublicKey_MD5 - e516ca02d126b82ff30593ce45d9cba5 | |
| C2Server - 47.94.58.82,/api/v1/server/user/info | |
| UserAgent - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 | |
| HttpPostUri - /api/v1/server/log | |
| Malleable_C2_Instructions - Remove 37 bytes from the end | |
| Remove 181 bytes from the beginning | |
| Base64 decode | |
| HttpGet_Metadata - ConstHeaders | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 | |
| Sec-Fetch-Site: same-origin | |
| Sec-Fetch-User: ?1 | |
| Referer: https://www.baidu.com/ | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: zh-CN,zh;q=0.9 | |
| Metadata | |
| base64 | |
| prepend "BIDUPSID=CB490622E06ED73544708FA6EC8D7149; BAIDUID=" | |
| append ":FG=1; BD_HOME=1; ZFY=mHnRy:AULlW2VAfYn8cPmgDRqCsBjVtIS4QVfeV3R1VA:C; delPer=0; BD_CK_SAM=1; PSINO=1;" | |
| header "Cookie" | |
| HttpPost_Metadata - ConstHeaders | |
| X-Client-Version: 20210803 | |
| Accept: application/json, text/plain, */* | |
| Sec-Fetch-Site: same-origin | |
| Sec-Fetch-Mode: cors | |
| Referer: https://bbs.baidu.com/ | |
| Accept-Encoding: gzip, deflate | |
| SessionId | |
| mask | |
| base64url | |
| prepend "__bai_duid=FN=0:" | |
| append ":FG=1;PSSID=1_bcd567e0967f83a2f4dfeb9abbd0fd1f1667269580786" | |
| header "Cookie" | |
| Output | |
| base64 | |
| prepend "{"event_type":"load","page":01,"user_from":"web","event_name":"visited-home","log_info":"" | |
| append "","code":"116082388"}" | |
| PipeName - Not Found | |
| DNS_Idle - Not Found | |
| DNS_Sleep - Not Found | |
| SSH_Host - Not Found | |
| SSH_Port - Not Found | |
| SSH_Username - Not Found | |
| SSH_Password_Plaintext - Not Found | |
| SSH_Password_Pubkey - Not Found | |
| SSH_Banner - | |
| HttpGet_Verb - GET | |
| HttpPost_Verb - POST | |
| HttpPostChunk - 0 | |
| Spawnto_x86 - %windir%\syswow64\dllhost.exe | |
| Spawnto_x64 - %windir%\sysnative\dllhost.exe | |
| CryptoScheme - 0 | |
| Proxy_Config - Not Found | |
| Proxy_User - Not Found | |
| Proxy_Password - Not Found | |
| Proxy_Behavior - Use IE settings | |
| Watermark_Hash - BeudtKgqnlm0Ruvf+VYxuw== | |
| Watermark - 100000 | |
| bStageCleanup - True | |
| bCFGCaution - False | |
| KillDate - 0 | |
| bProcInject_StartRWX - False | |
| bProcInject_UseRWX - False | |
| bProcInject_MinAllocSize - 17500 | |
| ProcInject_PrependAppend_x86 - b'\x90\x90' | |
| Empty | |
| ProcInject_PrependAppend_x64 - b'\x90\x90' | |
| Empty | |
| ProcInject_Execute - ntdll:RtlUserThreadStart | |
| CreateThread | |
| NtQueueApcThread-s | |
| CreateRemoteThread | |
| RtlCreateUserThread | |
| ProcInject_AllocationMethod - NtMapViewOfSection | |
| bUsesCookies - True | |
| HostHeader - | |
| headersToRemove - Not Found | |
| DNS_Beaconing - Not Found | |
| DNS_get_TypeA - Not Found | |
| DNS_get_TypeAAAA - Not Found | |
| DNS_get_TypeTXT - Not Found | |
| DNS_put_metadata - Not Found | |
| DNS_put_output - Not Found | |
| DNS_resolver - Not Found | |
| DNS_strategy - round-robin | |
| DNS_strategy_rotate_seconds - -1 | |
| DNS_strategy_fail_x - -1 | |
| DNS_strategy_fail_seconds - -1 | |
| Retry_Max_Attempts - 0 | |
| Retry_Increase_Attempts - 0 | |
| Retry_Duration - 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment