964354064 | 2024-06-14T22:11:47.868725
22 /
tcp
SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.7
Key type: ecdsa-sha2-nistp256
Key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAwBtLBZMKEXxApjyhzhJjJj
o+GoMTgrVafzw3HRgMcCihhZ8Hff9B1uebQWVajGIUKnORZqIetyxPB20zd8Psc=
Fingerprint: de:1d:3a:ba:de:ad:d7:12:82:a7:f1:44:14:dc:f9:a3
Kex Algorithms:
curve25519-sha256
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
sntrup761x25519-sha512@openssh.com
diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group14-sha256
kex-strict-s-v00@openssh.com
Server Host Key Algorithms:
rsa-sha2-512
rsa-sha2-256
ecdsa-sha2-nistp256
ssh-ed25519
Encryption Algorithms:
chacha20-poly1305@openssh.com
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
MAC Algorithms:
umac-64-etm@openssh.com
umac-128-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha1-etm@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1
Compression Algorithms:
none
zlib@openssh.com
1083886113 | 2024-05-23T17:01:49.548172
80 /
tcp
HTTP/1.1 403 Forbidden
Date: Thu, 23 May 2024 17:01:49 GMT
Server: Apache/2.4.37 (Alibaba Cloud Linux)
Last-Modified: Thu, 01 Jul 2021 09:21:13 GMT
ETag: "1c4-5c60c5c3d9440"
Accept-Ranges: bytes
Content-Length: 452
Content-Type: text/html; charset=UTF-8
-721052278 | 2024-06-07T17:12:30.297297
8080 /
tcp
HTTP/1.1 404 Not Found
Date: Fri, 7 Jun 2024 17:12:29 GMT
Content-Type: text/plain
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 120.24.179.84,/load
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 8080
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: ae5afcfee8026674dc8f3b4f2da46c7f
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 23edd14d7b3cc1e9c4132aa1dd4493fd
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
uses_cookies: 1
watermark: 987654321
x64:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 120.24.179.84,/visit.js
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 8080
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: ae5afcfee8026674dc8f3b4f2da46c7f
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 23edd14d7b3cc1e9c4132aa1dd4493fd
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)
uses_cookies: 1
watermark: 987654321