Created
August 10, 2021 10:35
-
-
Save MichaelKoczwara/2b1824008a8c5c9c16610c82acb68fb9 to your computer and use it in GitHub Desktop.
Possible Conti C2 Cobalt Strike
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 162.244.80.229 | |
| fivezin.com,/jquery-3.3.1.min.js | |
| 162.244.82.77 | |
| soft.azureedge.net,/jquery-3.3.1.min.js | |
| 162.244.80.229 | |
| fivezin.com,/jquery-3.3.1.min.js | |
| 162.244.81.10 | |
| onembr.com,/jquery-3.3.1.min.js | |
| 162.244.80.198 | |
| 162.244.80.198,/jquery-3.3.1.min.js | |
| ------------------------------------------------ | |
| 162.244.80.229 | |
| HTTP/1.1 404 Not Found | |
| Server: Apache | |
| Content-Length: 0 | |
| Keep-Alive: timeout=10, max=100 | |
| Connection: Keep-Alive | |
| Content-Type: text/plain | |
| CobaltStrike Beacon configurations: | |
| | x64 URI Response: | |
| | BeaconType: 0 (HTTP) | |
| | Port: 80 | |
| | Polling: 5000 | |
| | Jitter: 10 | |
| | C2 Server: fivezin.com,/jquery-3.3.1.min.js | |
| | HTTP Method Path 2: /jquery-3.3.2.min.js | |
| | Method1: GET | |
| | Method2: POST | |
| | Spawnto_x86: %windir%\syswow64\dllhost.exe | |
| | Spawnto_x64: %windir%\sysnative\dllhost.exe | |
| | Proxy_AccessType: 2 (Use IE settings) | |
| |_ | |
| ----------------------------------------------- | |
| 162.244.82.77 | |
| HTTP/1.1 404 Not Found | |
| Content-Type: text/plain | |
| Content-Length: 0 | |
| CobaltStrike Beacon configurations: | |
| | x86 URI Response: | |
| | BeaconType: 0 (HTTP) | |
| | Port: 80 | |
| | Polling: 60000 | |
| | Jitter: 37 | |
| | C2 Server: soft.azureedge.net ,/jquery-3.3.1.min.js | |
| | HTTP Method Path 2: /jquery-3.3.2.min.js | |
| | Method1: GET | |
| | Method2: POST | |
| | Spawnto_x86: %windir%\syswow64\rundll32.exe | |
| | Spawnto_x64: %windir%\sysnative\rundll32.exe | |
| | Proxy_AccessType: 2 (Use IE settings) | |
| | | |
| | | |
| | x64 URI Response: | |
| | BeaconType: 0 (HTTP) | |
| | Port: 80 | |
| | Polling: 60000 | |
| | Jitter: 37 | |
| | C2 Server: soft.azureedge.net ,/jquery-3.3.1.min.js | |
| | HTTP Method Path 2: /jquery-3.3.2.min.js | |
| | Method1: GET | |
| | Method2: POST | |
| | Spawnto_x86: %windir%\syswow64\rundll32.exe | |
| | Spawnto_x64: %windir%\sysnative\rundll32.exe | |
| | Proxy_AccessType: 2 (Use IE settings) | |
| |_ | |
| ------------------------------------------------ | |
| 162.244.80.229 | |
| HTTP/1.1 404 Not Found | |
| Keep-Alive: timeout=10, max=100 | |
| Connection: Keep-Alive | |
| Content-Type: text/plain | |
| Server: Apache | |
| Content-Length: 0 | |
| CobaltStrike Beacon configurations: | |
| | x86 URI Response: | |
| | BeaconType: 8 (HTTPS) | |
| | Port: 443 | |
| | Polling: 5000 | |
| | Jitter: 10 | |
| | C2 Server: fivezin.com,/jquery-3.3.1.min.js | |
| | HTTP Method Path 2: /jquery-3.3.2.min.js | |
| | Method1: GET | |
| | Method2: POST | |
| | Spawnto_x86: %windir%\syswow64\dllhost.exe | |
| | Spawnto_x64: %windir%\sysnative\dllhost.exe | |
| | Proxy_AccessType: 2 (Use IE settings) | |
| | | |
| | | |
| | x64 URI Response: | |
| | BeaconType: 8 (HTTPS) | |
| | Port: 443 | |
| | Polling: 5000 | |
| | Jitter: 10 | |
| | C2 Server: fivezin.com,/jquery-3.3.1.min.js | |
| | HTTP Method Path 2: /jquery-3.3.2.min.js | |
| | Method1: GET | |
| | Method2: POST | |
| | Spawnto_x86: %windir%\syswow64\dllhost.exe | |
| | Spawnto_x64: %windir%\sysnative\dllhost.exe | |
| | Proxy_AccessType: 2 (Use IE settings) | |
| |_ | |
| ------------------------------------------------- | |
| 162.244.81.10 | |
| HTTP/1.1 404 Not Found | |
| Server: Apache | |
| Content-Length: 0 | |
| Keep-Alive: timeout=10, max=100 | |
| Connection: Keep-Alive | |
| Content-Type: text/plain | |
| CobaltStrike Beacon configurations: | |
| | x86 URI Response: | |
| | BeaconType: 8 (HTTPS) | |
| | Port: 443 | |
| | Polling: 5000 | |
| | Jitter: 10 | |
| | C2 Server: onembr.com,/jquery-3.3.1.min.js | |
| | HTTP Method Path 2: /jquery-3.3.2.min.js | |
| | Method1: GET | |
| | Method2: POST | |
| | Spawnto_x86: %windir%\syswow64\dllhost.exe | |
| | Spawnto_x64: %windir%\sysnative\dllhost.exe | |
| | Proxy_AccessType: 2 (Use IE settings) | |
| | | |
| | | |
| | x64 URI Response: | |
| | BeaconType: 8 (HTTPS) | |
| | Port: 443 | |
| | Polling: 5000 | |
| | Jitter: 10 | |
| | C2 Server: onembr.com,/jquery-3.3.1.min.js | |
| | HTTP Method Path 2: /jquery-3.3.2.min.js | |
| | Method1: GET | |
| | Method2: POST | |
| | Spawnto_x86: %windir%\syswow64\dllhost.exe | |
| | Spawnto_x64: %windir%\sysnative\dllhost.exe | |
| | Proxy_AccessType: 2 (Use IE settings) | |
| |_ | |
| ------------------------------------------------ | |
| 162.244.80.198 | |
| HTTP/1.1 404 Not Found | |
| Server: Apache | |
| Content-Length: 0 | |
| Keep-Alive: timeout=10, max=100 | |
| Connection: Keep-Alive | |
| Content-Type: text/plain | |
| CobaltStrike Beacon configurations: | |
| | x86 URI Response: | |
| | BeaconType: 0 (HTTP) | |
| | Port: 80 | |
| | Polling: 5000 | |
| | Jitter: 10 | |
| | C2 Server: 162.244.80.198,/jquery-3.3.1.min.js | |
| | HTTP Method Path 2: /jquery-3.3.2.min.js | |
| | Method1: GET | |
| | Method2: POST | |
| | Spawnto_x86: %windir%\syswow64\dllhost.exe | |
| | Spawnto_x64: %windir%\sysnative\dllhost.exe | |
| | Proxy_AccessType: 2 (Use IE settings) | |
| | | |
| | | |
| | x64 URI Response: | |
| | BeaconType: 0 (HTTP) | |
| | Port: 80 | |
| | Polling: 5000 | |
| | Jitter: 10 | |
| | C2 Server: 162.244.80.198,/jquery-3.3.1.min.js | |
| | HTTP Method Path 2: /jquery-3.3.2.min.js | |
| | Method1: GET | |
| | Method2: POST | |
| | Spawnto_x86: %windir%\syswow64\dllhost.exe | |
| | Spawnto_x64: %windir%\sysnative\dllhost.exe | |
| | Proxy_AccessType: 2 (Use IE settings) | |
| |_ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment