1167562274 | 2024-06-01T18:12:04.367193
22 /
tcp
SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABgQDoD+C4ssztGhkrxIePL7ayFLZdHIrFlT7Sx3YVhlVel1Sq
3KZ6P2dMG62kAlciuxOC80J7Kqf5D2sgbxAm24T5cZnHFpYJ9d4wUAH00y8FUPXp6iLUFki56u7+
GPmoixMRRddNnGxBag6/DDZQXSqkSbSNMFrIzv+jWMzRrCIifuC+ogX32qI8AqmP4szrmqcY5xdY
Nuhw9++oJY9xIRBt4RtnJ0AwNYEJqS/OHQJfUAKFfiORgrDT0ZigUu8i7s23/fcgDx+k/efMq0En
FHrJz6M/XOBdJ4QGBAV/mIYh0wOHidnvu2B7ntUquCkG423GgxLwb131YsXsfLCN5X157qbLx/ix
FVDY72cVg5OUivlp92YDKVATYsMOd0mD2R7OvFBLGQlWO66jfDYVBLdhTw7sG/cA8GBopHk/9uEf
GO3ouhP0DSkCH8fWh8jpdJcUIPmww+Jb3qF/0YyYCANod2OxnZjaOfVPuA0uBySqb25bBHwTazXL
RIUxil2X0+k=
Fingerprint: a4:1a:29:25:74:a2:c4:53:ed:9d:3c:cc:93:a6:3f:d4
Kex Algorithms:
curve25519-sha256
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group14-sha256
kex-strict-s-v00@openssh.com
Server Host Key Algorithms:
rsa-sha2-512
rsa-sha2-256
ssh-rsa
ecdsa-sha2-nistp256
ssh-ed25519
Encryption Algorithms:
chacha20-poly1305@openssh.com
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
MAC Algorithms:
umac-64-etm@openssh.com
umac-128-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha1-etm@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1
Compression Algorithms:
none
zlib@openssh.com
-700110522 | 2024-05-31T23:05:37.570459
80 /
tcp
HTTP/1.1 404 Not Found
Date: Fri, 31 May 2024 23:05:37 GMT
Content-Type: text/plain
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTP
cfg_caution: 1
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
utmac=UA-2202604-2
utmcn=1
utmcs=ISO-8859-1
utmsr=1280x1024
utmsc=32-bit
utmul=en-US
__utma
utmcc
http-get.uri: 207.154.242.220,/__utm.gif
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
UA-220
-2
utmac
utmcn=1
utmcs=ISO-8859-1
utmsr=1280x1024
utmsc=32-bit
utmul=en-US
http-post.uri: /___utm.gif
http-post.verb: POST
maxgetsize: 1048616
port: 80
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 254e0876d823ac3b5765a82b4c4aba36
sleeptime: 60000
stage.cleanup: 1
useragent_header: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; MASPJS)
watermark: 987654321
x64:
beacon_type: HTTP
cfg_caution: 1
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
utmac=UA-2202604-2
utmcn=1
utmcs=ISO-8859-1
utmsr=1280x1024
utmsc=32-bit
utmul=en-US
__utma
utmcc
http-get.uri: 207.154.242.220,/__utm.gif
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
UA-220
-2
utmac
utmcn=1
utmcs=ISO-8859-1
utmsr=1280x1024
utmsc=32-bit
utmul=en-US
http-post.uri: /___utm.gif
http-post.verb: POST
maxgetsize: 1048616
port: 80
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 254e0876d823ac3b5765a82b4c4aba36
sleeptime: 60000
stage.cleanup: 1
useragent_header: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)
watermark: 987654321
-979665791 | 2024-06-01T04:04:37.731939
4433 /
tcp
HTTP/1.1 404 Not Found
Date: Sat, 1 Jun 2024 04:04:37 GMT
Content-Type: text/plain
Content-Length: 0
1068527006 | 2024-06-01T07:18:05.132956
8080 /
tcp
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Jun 2024 07:18:04 GMT
Content-Type: text/html
Content-Length: 66
Last-Modified: Sat, 27 Apr 2024 14:27:04 GMT
Connection: keep-alive
ETag: "662d0b38-42"
Accept-Ranges: bytes