-1979572463 | 2024-06-13T21:37:19.702901
22 /
tcp
SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABgQDHI1mznRcWs9L8M2X2D/feluUQzhu00yn1rlhha0FPgVFd
lNO3OyGnF20wtlRGQvAizDzE+smxAdodrV1NOocMLXAGqxj18m21GiNiDtYzaeulpRVAXR3C0z6L
JmMUwFcNPtKDvr6KXtJkd1HuSQ1qyLnie7lATARU2SoW/3o1zkaoSt3nH3q9JAwaettWIK125l1x
R7bg19FWqN1macd5EJhixobk7IXo7945nMBFoEWz/8x61uCTfUYndyk7u/zSoYcnVt9zQd640v+d
vMv5I9W2wt6CqhcFsc5MpYDEgO3OmbxXHI0V30DHhPKsvQgjnB0nfPvwqIeTId7nYGbA89e7XAHf
JMo6KLTOOxI4i3ymHaURAlQriq6MxOGRGetoVGlrgqPWMKiXqDabL8v8eY+Oy+abrlliD7oQpuvW
Ae+Vj/nVz/pbiNlDH2m5cp+Id3rvyR7M0pMc/qJMOYNs72zVtDMCPEh4Hza9GNoEzIhb0FYb0gLa
llYqWvyQYlU=
Fingerprint: 6d:be:e6:39:78:0d:74:ea:23:c2:1a:8b:ad:1a:84:55
Kex Algorithms:
curve25519-sha256
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group14-sha256
Server Host Key Algorithms:
rsa-sha2-512
rsa-sha2-256
ssh-rsa
ecdsa-sha2-nistp256
ssh-ed25519
Encryption Algorithms:
chacha20-poly1305@openssh.com
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
MAC Algorithms:
umac-64-etm@openssh.com
umac-128-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha1-etm@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1
Compression Algorithms:
none
zlib@openssh.com
-1211616364 | 2024-06-13T15:32:39.373133
80 /
tcp
HTTP/1.1 404 Not Found
Date: Thu, 13 Jun 2024 15:32:39 GMT
Content-Type: text/plain
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 120.27.212.14,/pixel
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 80
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: cc4ba01c076d925ce1fc333d59ba83db
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 83111245bd04611f243a2a30f8f82871
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)
uses_cookies: 1
watermark: 987654321
x64:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 120.27.212.14,/activity
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 80
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: cc4ba01c076d925ce1fc333d59ba83db
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 83111245bd04611f243a2a30f8f82871
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; LBBROWSER)
uses_cookies: 1
watermark: 987654321
