Skip to content

Instantly share code, notes, and snippets.

@usualsuspect
Created March 15, 2023 10:08
Show Gist options
  • Save usualsuspect/891392114006046a02efbfcf3e4c6f1c to your computer and use it in GitHub Desktop.
Save usualsuspect/891392114006046a02efbfcf3e4c6f1c to your computer and use it in GitHub Desktop.
Cobalt Strike in ms_KB5023921_x64_install.iso
BeaconType - HTTPS
Port - 443
SleepTime - 30000
MaxGetSize - 4194310
Jitter - 90
MaxDNS - Not Found
PublicKey_MD5 - bf11f0c194c8a14fad097015ca064e80
C2Server - fc01np5u7i.execute-api.us-east-1.amazonaws.com,/api/v2/json/cluster/tasks
UserAgent - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4501.0 Safari/537.36 Edg/91.0.866.0
HttpPostUri - /1295648064/storage/tabs
Malleable_C2_Instructions - Base64 URL-safe decode
XOR mask w/ random key
HttpGet_Metadata - ConstHeaders
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Metadata
base64url
prepend "__cfduid="
header "Cookie"
HttpPost_Metadata - ConstHeaders
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Content-Type: application/x-www-form-urlencoded
SessionId
mask
base64url
prepend "__cfduid"
header "Cookie"
Output
base64url
prepend "result="
print
PipeName - Not Found
DNS_Idle - Not Found
DNS_Sleep - Not Found
SSH_Host - Not Found
SSH_Port - Not Found
SSH_Username - Not Found
SSH_Password_Plaintext - Not Found
SSH_Password_Pubkey - Not Found
SSH_Banner - Host: fc01np5u7i.execute-api.us-east-1.amazonaws.com
HttpGet_Verb - GET
HttpPost_Verb - POST
HttpPostChunk - 0
Spawnto_x86 - %windir%\syswow64\WerFault -a
Spawnto_x64 - %windir%\sysnative\WerFault -a
CryptoScheme - 0
Proxy_Config - Not Found
Proxy_User - Not Found
Proxy_Password - Not Found
Proxy_Behavior - Use IE settings
Watermark_Hash - JEIplsBbLxMHK6Muusm4gQ==
Watermark - 1741264894
bStageCleanup - True
bCFGCaution - False
KillDate - 2023-05-14
bProcInject_StartRWX - False
bProcInject_UseRWX - False
bProcInject_MinAllocSize - 13424
ProcInject_PrependAppend_x86 - b'\x90\x90\x90\x90'
b'\x90\x90'
ProcInject_PrependAppend_x64 - b'\x90\x90\x90\x90\x90'
b'\x90\x90\x90'
ProcInject_Execute - ntdll:RtlUserThreadStart
CreateThread
NtQueueApcThread-s
NtQueueApcThread
RtlCreateUserThread
SetThreadContext
CreateRemoteThread
ProcInject_AllocationMethod - NtMapViewOfSection
bUsesCookies - True
HostHeader - Host: fc01np5u7i.execute-api.us-east-1.amazonaws.com
headersToRemove - Not Found
DNS_Beaconing - Not Found
DNS_get_TypeA - Not Found
DNS_get_TypeAAAA - Not Found
DNS_get_TypeTXT - Not Found
DNS_put_metadata - Not Found
DNS_put_output - Not Found
DNS_resolver - Not Found
DNS_strategy - round-robin
DNS_strategy_rotate_seconds - -1
DNS_strategy_fail_x - -1
DNS_strategy_fail_seconds - -1
Retry_Max_Attempts - 0
Retry_Increase_Attempts - 0
Retry_Duration - 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment