Created
March 15, 2023 10:08
-
-
Save usualsuspect/891392114006046a02efbfcf3e4c6f1c to your computer and use it in GitHub Desktop.
Cobalt Strike in ms_KB5023921_x64_install.iso
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BeaconType - HTTPS | |
| Port - 443 | |
| SleepTime - 30000 | |
| MaxGetSize - 4194310 | |
| Jitter - 90 | |
| MaxDNS - Not Found | |
| PublicKey_MD5 - bf11f0c194c8a14fad097015ca064e80 | |
| C2Server - fc01np5u7i.execute-api.us-east-1.amazonaws.com,/api/v2/json/cluster/tasks | |
| UserAgent - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4501.0 Safari/537.36 Edg/91.0.866.0 | |
| HttpPostUri - /1295648064/storage/tabs | |
| Malleable_C2_Instructions - Base64 URL-safe decode | |
| XOR mask w/ random key | |
| HttpGet_Metadata - ConstHeaders | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 | |
| Metadata | |
| base64url | |
| prepend "__cfduid=" | |
| header "Cookie" | |
| HttpPost_Metadata - ConstHeaders | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 | |
| Content-Type: application/x-www-form-urlencoded | |
| SessionId | |
| mask | |
| base64url | |
| prepend "__cfduid" | |
| header "Cookie" | |
| Output | |
| base64url | |
| prepend "result=" | |
| PipeName - Not Found | |
| DNS_Idle - Not Found | |
| DNS_Sleep - Not Found | |
| SSH_Host - Not Found | |
| SSH_Port - Not Found | |
| SSH_Username - Not Found | |
| SSH_Password_Plaintext - Not Found | |
| SSH_Password_Pubkey - Not Found | |
| SSH_Banner - Host: fc01np5u7i.execute-api.us-east-1.amazonaws.com | |
| HttpGet_Verb - GET | |
| HttpPost_Verb - POST | |
| HttpPostChunk - 0 | |
| Spawnto_x86 - %windir%\syswow64\WerFault -a | |
| Spawnto_x64 - %windir%\sysnative\WerFault -a | |
| CryptoScheme - 0 | |
| Proxy_Config - Not Found | |
| Proxy_User - Not Found | |
| Proxy_Password - Not Found | |
| Proxy_Behavior - Use IE settings | |
| Watermark_Hash - JEIplsBbLxMHK6Muusm4gQ== | |
| Watermark - 1741264894 | |
| bStageCleanup - True | |
| bCFGCaution - False | |
| KillDate - 2023-05-14 | |
| bProcInject_StartRWX - False | |
| bProcInject_UseRWX - False | |
| bProcInject_MinAllocSize - 13424 | |
| ProcInject_PrependAppend_x86 - b'\x90\x90\x90\x90' | |
| b'\x90\x90' | |
| ProcInject_PrependAppend_x64 - b'\x90\x90\x90\x90\x90' | |
| b'\x90\x90\x90' | |
| ProcInject_Execute - ntdll:RtlUserThreadStart | |
| CreateThread | |
| NtQueueApcThread-s | |
| NtQueueApcThread | |
| RtlCreateUserThread | |
| SetThreadContext | |
| CreateRemoteThread | |
| ProcInject_AllocationMethod - NtMapViewOfSection | |
| bUsesCookies - True | |
| HostHeader - Host: fc01np5u7i.execute-api.us-east-1.amazonaws.com | |
| headersToRemove - Not Found | |
| DNS_Beaconing - Not Found | |
| DNS_get_TypeA - Not Found | |
| DNS_get_TypeAAAA - Not Found | |
| DNS_get_TypeTXT - Not Found | |
| DNS_put_metadata - Not Found | |
| DNS_put_output - Not Found | |
| DNS_resolver - Not Found | |
| DNS_strategy - round-robin | |
| DNS_strategy_rotate_seconds - -1 | |
| DNS_strategy_fail_x - -1 | |
| DNS_strategy_fail_seconds - -1 | |
| Retry_Max_Attempts - 0 | |
| Retry_Increase_Attempts - 0 | |
| Retry_Duration - 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment