HTTP/1.1 404 Not Found
Date: Thu, 13 Jun 2024 10:05:52 GMT
Server: Apache
Content-Length: 0
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Content-Type: text/plain
Cobalt Strike Beacon:
x86:
beacon_type: HTTPS
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Host: www.bing.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: DUP=Q=GpO1nJpMnam4UllEfmeMdg2&T=283767088&A=1&IG
q
go=Search
qs=bs
form=QBRE
http-get.uri: 182.92.216.171,/search/
http-get.verb: GET
http-post.client:
Host: www.bing.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: DUP=Q=GpO1nJpMnam4UllEfmeMdg2&T=283767088&A=1&IG
q
go=Search
qs=bs
form
http-post.uri: /Search/
http-post.verb: GET
http_post_chunk: 96
jitter: 37
maxgetsize: 4195812
port: 443
post-ex.spawnto_x64: %windir%\sysnative\dllhost.exe
post-ex.spawnto_x86: %windir%\syswow64\dllhost.exe
process-inject.allocator: 1
process-inject.execute:
ntdll:RtlUserThreadStart
CreateThread
NtQueueApcThread-s
CreateRemoteThread
RtlCreateUserThread
process-inject.min_alloc: 17500
process-inject.startrwx: 4
process-inject.stub: ae5afcfee8026674dc8f3b4f2da46c7f
process-inject.userwx: 32
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 05fa1fd4fc448022e19cd62e5bd51c6f
sleeptime: 15000
stage.cleanup: 1
useragent_header: Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
uses_cookies: 1
watermark: 987654321
x64:
beacon_type: HTTPS
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Host: www.bing.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: DUP=Q=GpO1nJpMnam4UllEfmeMdg2&T=283767088&A=1&IG
q
go=Search
qs=bs
form=QBRE
http-get.uri: 182.92.216.171,/search/
http-get.verb: GET
http-post.client:
Host: www.bing.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: DUP=Q=GpO1nJpMnam4UllEfmeMdg2&T=283767088&A=1&IG
q
go=Search
qs=bs
form
http-post.uri: /Search/
http-post.verb: GET
http_post_chunk: 96
jitter: 37
maxgetsize: 4195812
port: 443
post-ex.spawnto_x64: %windir%\sysnative\dllhost.exe
post-ex.spawnto_x86: %windir%\syswow64\dllhost.exe
process-inject.allocator: 1
process-inject.execute:
ntdll:RtlUserThreadStart
CreateThread
NtQueueApcThread-s
CreateRemoteThread
RtlCreateUserThread
process-inject.min_alloc: 17500
process-inject.startrwx: 4
process-inject.stub: ae5afcfee8026674dc8f3b4f2da46c7f
process-inject.userwx: 32
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 05fa1fd4fc448022e19cd62e5bd51c6f
sleeptime: 15000
stage.cleanup: 1
useragent_header: Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
uses_cookies: 1
watermark: 987654321
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7692634157410349288 (0x6ac1ba02437af0e8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=www.bing.com
Validity
Not Before: May 22 11:25:57 2024 GMT
Not After : May 22 11:25:57 2025 GMT
Subject: C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=www.bing.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:8c:c4:07:b0:62:bd:af:c0:b5:74:a8:11:17:1e:
28:b6:33:85:88:92:d9:e8:88:bc:d7:5b:a4:a9:4c:
db:48:5b:1b:ad:2b:60:d7:24:b7:82:61:cd:7e:55:
ba:3a:0b:9c:09:70:97:a8:d1:c9:88:ae:88:c8:ec:
7b:56:d6:8a:90:05:10:a5:a5:34:94:e2:fd:6e:92:
88:3c:57:19:a1:1b:dd:8a:7b:b3:e1:1e:22:32:02:
f4:67:5d:14:6c:37:5e:78:57:fa:70:ee:f2:b2:ec:
49:c0:91:a8:15:35:05:a8:db:0f:de:3f:53:05:de:
83:c7:83:75:4b:22:5f:b9:86:d3:91:d2:42:c7:5e:
c8:a2:1a:5f:18:93:db:ef:04:79:17:0d:9a:8c:46:
1d:0d:fe:95:3c:46:9d:53:15:8b:e8:e5:48:c8:b8:
75:25:d9:db:86:6e:a6:8c:46:3d:5b:5f:85:73:3b:
af:92:27:29:ff:21:08:ab:f2:37:1e:f5:f2:8d:65:
c4:73:5b:46:07:d7:87:99:8d:eb:eb:be:d3:54:5f:
95:e7:6e:84:a7:67:b5:0b:54:bb:f5:de:98:d4:0e:
29:1d:7c:23:43:4a:47:d1:19:fb:e2:a7:90:9d:9a:
36:b8:5e:72:7c:a9:08:b8:af:ee:08:01:12:83:90:
2c:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:83:A1:4D:CC:7C:02:89:EC:28:47:F7:F8:7F:F3:46:DA:B6:16:B7
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
0f:7a:8a:91:ce:02:df:45:1b:62:c2:3c:71:7b:89:be:d7:d9:
1e:14:5a:f0:36:57:d5:35:d9:8f:0a:d9:1b:69:db:7c:48:d3:
1f:08:2c:61:74:a4:35:de:41:5d:7e:83:ff:28:86:56:32:da:
af:4d:1b:c2:89:d3:6f:88:ce:7b:13:a5:28:90:af:c0:bc:14:
72:fe:b4:61:8f:0b:59:02:ce:b6:70:01:2d:5a:36:20:e5:2d:
ec:8a:f0:82:ff:28:94:9d:83:36:df:fc:f0:89:6a:c7:61:52:
f0:36:45:f2:6e:d4:aa:6c:83:d4:0c:43:c1:d5:5d:25:a3:da:
97:a9:cd:3a:51:b9:82:3a:25:2d:84:6f:ad:1c:c7:ec:c8:0c:
4e:a9:53:b8:bb:ca:db:c3:98:84:c4:8f:c3:f2:12:38:ab:ad:
24:b6:a1:45:0c:69:9b:af:d0:ef:fc:82:81:c8:fe:42:eb:ac:
a6:a7:d3:47:fb:5b:f0:92:16:a3:0d:34:61:eb:3e:c2:c2:59:
a5:b7:da:c9:42:3f:dd:fb:d7:4f:1f:43:65:9e:13:a9:24:ef:
7e:09:ea:4b:b1:3c:c4:dd:07:d2:63:39:7c:00:b9:bc:e5:07:
6d:15:84:ec:3b:c2:27:c8:d4:d7:1d:1e:ff:03:6e:f7:ae:4a:
c2:db:d6:5e