148673907 | 2024-06-05T07:46:37.163915
22 /
tcp
SSH-2.0-OpenSSH_9.6p1 Debian-4
Key type: ecdsa-sha2-nistp256
Key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDp0/ZeGT3d6fQCM9q1ZrPp1
XDQhZ6HyVG6Ugp98Dn3GB3EFZKWodWkier5KStwnA7HgwyR6RdFyqEn5J/n+Eqk=
Fingerprint: c8:12:30:a9:eb:45:6d:dd:d3:18:13:07:2c:e7:4a:21
Kex Algorithms:
sntrup761x25519-sha512@openssh.com
curve25519-sha256
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group14-sha256
ext-info-s
kex-strict-s-v00@openssh.com
Server Host Key Algorithms:
rsa-sha2-512
rsa-sha2-256
ecdsa-sha2-nistp256
ssh-ed25519
Encryption Algorithms:
chacha20-poly1305@openssh.com
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
MAC Algorithms:
umac-64-etm@openssh.com
umac-128-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha1-etm@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1
Compression Algorithms:
none
zlib@openssh.com
-492245929 | 2024-06-05T05:00:36.413946
81 /
tcp
HTTP/1.1 404 Not Found
Date: Wed, 5 Jun 2024 04:59:30 GMT
Content-Type: text/plain
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 79.124.40.106,/IE9CompatViewList.xml
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 81
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 4f008617308ce68d8bd188c95d8aac4e
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)
uses_cookies: 1
watermark: 987654321
x64:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 79.124.40.106,/ca
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 81
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 4f008617308ce68d8bd188c95d8aac4e
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
uses_cookies: 1
watermark: 987654321
710226912 | 2024-06-04T23:06:29.973764
82 /
tcp
HTTP/1.1 404 Not Found
Date: Tue, 4 Jun 2024 23:05:23 GMT
Content-Type: text/plain
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 79.124.40.106,/dot.gif
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 82
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 4f008617308ce68d8bd188c95d8aac4e
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MDDCJS)
uses_cookies: 1
watermark: 987654321
x64:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 79.124.40.106,/fwlink
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 82
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 4f008617308ce68d8bd188c95d8aac4e
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)
uses_cookies: 1
watermark: 987654321
0 | 2024-05-22T19:33:24.510983
4443 /
tcp
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
94:95:05:f5:9a:af:16:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=KY, O=Barrows Inc, OU=copy, CN=barrows.inc.biz/emailAddress=copy@barrows.inc.biz
Validity
Not Before: Aug 22 16:59:55 2020 GMT
Not After : Aug 20 16:59:55 2028 GMT
Subject: C=US, ST=KY, O=Barrows Inc, OU=copy, CN=barrows.inc.biz/emailAddress=copy@barrows.inc.biz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d2:40:3e:7b:d2:b7:e3:4f:03:e1:83:eb:2b:af:
c5:4d:e8:64:de:eb:dd:3a:10:c6:ee:05:32:26:bb:
20:06:a5:d2:65:2a:56:c2:93:6b:3b:1e:80:2c:7c:
ab:12:3a:03:c1:97:46:c3:8d:7e:a0:9e:ef:a9:f4:
f5:21:6a:79:d4:1f:77:23:73:b0:16:74:21:58:1d:
13:12:43:ac:71:3a:6d:48:09:c7:c8:81:b8:d2:4e:
e4:e0:8f:36:8c:49:bd:c5:04:0f:96:b6:9b:6c:f5:
11:9a:af:06:6c:f8:1c:aa:ad:7a:d7:bf:3e:50:6a:
37:90:31:63:f9:fc:50:7c:e7:a7:43:fe:89:15:12:
d6:09:4a:96:97:a1:b1:04:f1:3a:93:f6:a6:bc:ea:
b3:dd:3b:1b:a6:7a:34:2d:39:b4:35:07:98:9a:1e:
bd:03:21:4d:ba:a0:c3:28:f1:8a:0e:61:4e:4e:79:
3c:00:79:67:82:27:36:99:2f:a6:ac:24:43:6e:d1:
47:b1:b8:e8:1a:cb:35:7b:b6:41:91:4a:8e:a9:cb:
7f:09:f4:4a:34:09:6e:eb:99:d7:ab:cd:dd:b3:6c:
59:f8:34:d6:8e:be:cb:ba:cb:00:8a:8f:4f:1d:fd:
89:c5:24:c8:ff:2f:57:7f:1b:f4:94:0a:96:e8:37:
8b:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
29:2A:85:C9:0A:30:AA:F4:6C:60:9E:DD:30:9E:7C:DD:17:70:11:98
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
75:79:84:16:94:ad:75:8c:ca:fb:2f:5c:3b:8d:2e:a7:ce:d9:
be:9e:01:a4:8a:2e:9f:07:81:ba:5e:92:14:ed:3d:15:2a:8c:
b6:44:39:ad:52:fa:2e:09:93:bb:35:07:bd:30:7b:b2:2e:4a:
3d:fc:26:4f:7e:99:06:37:34:58:42:db:63:31:93:f6:37:af:
33:e4:c2:56:ef:dc:ff:26:c4:10:8a:86:b8:82:03:59:37:c7:
30:d0:51:84:c4:23:c8:fa:90:03:44:eb:25:3b:9d:81:d0:84:
e2:7f:c6:74:d4:6f:76:ce:cc:ca:49:e0:77:35:f4:f3:e5:88:
c7:93:24:73:a3:97:c6:a5:5d:14:8c:eb:37:24:81:33:a8:82:
35:41:5c:45:9c:4c:ff:c1:7c:20:94:76:33:68:20:0e:2c:a4:
a8:4f:f7:53:1f:a1:68:1c:dd:60:37:0f:f7:17:07:56:54:91:
66:05:7d:a5:c7:27:1b:0d:36:8b:0a:87:5b:02:cf:35:f4:c1:
8d:b5:5c:1e:70:d4:73:27:5d:64:0b:b5:2f:90:ef:ef:f6:5d:
9e:ac:78:9c:32:66:2b:9f:b4:c3:c2:d4:e6:63:c9:09:bf:5c:
67:bb:aa:38:d6:46:1f:1c:47:4c:b9:db:d6:65:b3:ca:d9:cd:
e4:42:d3:5d
1420214384 | 2024-06-05T05:15:54.596798
5901 /
tcp
RFB 003.008
VNC:
Protocol Version: 3.8
Security Types:
2: VNC Authentication
16: Tight
120534451 | 2024-06-04T22:53:18.864422
6001 /
tcp