414694849 | 2024-06-13T21:50:27.914699
22 /
tcp
SSH-2.0-OpenSSH_7.4
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABAQDX7jV7uOGryaJq5q3FFbaG81u4QFKXK0f7mMINSPTzu4FH
w2hk8QOAS/x6fmxnHE9ZluUx8wTSPXeZfOJB2zLU/03vdPEOjp8T+X+FDzLTM7fCPUWI27huhGst
jsIPTZDHc1gYxJZ2+oOzH7zWGaV9k9j3/GzbfUcLpd+uIAHCX8awUNmtWJNRqqgnVKnMiOWl/NyF
qliU85Y/1EGpJSlYwNPmEBMBH2rhubvawabvME2jdJNBbhd3rNQ7NdkmAtlpDimOh257odPG5Z8T
F0DqtK7WNoLuZvDkOeloUwNrvb80KlgwarPpxv9b6tKnh+1RAFau7u4JnKLzzQhfdBtB
Fingerprint: 03:78:52:48:87:8b:f8:33:cb:e3:84:27:ea:65:a8:49
Kex Algorithms:
curve25519-sha256
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group14-sha256
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1
Server Host Key Algorithms:
ssh-rsa
rsa-sha2-512
rsa-sha2-256
ecdsa-sha2-nistp256
ssh-ed25519
Encryption Algorithms:
chacha20-poly1305@openssh.com
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
3des-cbc
MAC Algorithms:
umac-64-etm@openssh.com
umac-128-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha1-etm@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1
Compression Algorithms:
none
zlib@openssh.com
423226475 | 2024-06-14T04:59:50.260301
80 /
tcp
HTTP/1.1 403 Forbidden
Date: Fri, 14 Jun 2024 04:59:50 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.6.40
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
1717034196 | 2024-06-10T15:53:06.017039
3333 /
tcp
HTTP/1.1 404 Not Found
Date: Mon, 10 Jun 2024 15:53:05 GMT
Content-Type: text/plain
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTP
dns-beacon.maxdns: 255
http-get.client:
Cookie
http-get.uri: 47.116.198.16,/j.ad
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 3333
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: 3813887fba4cf7b35affe9dde7d1cdf9
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 1077e25287a844b8a53725b996a7e17d
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)
uses_cookies: 1
watermark: 305419896
x64:
beacon_type: HTTP
dns-beacon.maxdns: 255
http-get.client:
Cookie
http-get.uri: 47.116.198.16,/en_US/all.js
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 3333
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: 3813887fba4cf7b35affe9dde7d1cdf9
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 1077e25287a844b8a53725b996a7e17d
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)
uses_cookies: 1
watermark: 305419896
-2007783223 | 2024-06-12T10:46:10.192067
50050 /
tcp