Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "scanner": "IPV4 JARM Scan: Silas Cutler - Beacon Config Scan: Wade Hickey",
- "scan_date": "2020-11-25",
- "100.24.69.72": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "50",
- "Maxdns": "255",
- "C2 Server": "one.vhy.me,/__utm.gif",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/___utm.gif",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "100.26.209.220": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "cdn.az.gov,/__utm.gif,cdn.zendesk.com,/__utm.gif,cdn.atlassian.com,/__utm.gif,a1.awsstatic.com,/__utm.gif,f0.awsstatic.com,/__utm.gif",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) likeGecko",
- "HTTP Method Path 2": "/___utm.gif",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "cdn.az.gov,/__utm.gif,cdn.zendesk.com,/__utm.gif,cdn.atlassian.com,/__utm.gif,a1.awsstatic.com,/__utm.gif,f0.awsstatic.com,/__utm.gif",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) likeGecko",
- "HTTP Method Path 2": "/___utm.gif",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.106.65.251": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "103.106.65.251,/IE9CompatViewList.xml",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.126.6.149": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "45000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "103.126.6.149,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.254.75.240": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "103.254.75.240,/load",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "103.254.75.240,/__utm.gif",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.39.18.161": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.39.18.162": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.39.18.163": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.39.18.165": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.39.18.168": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.39.18.170": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.39.18.171": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.39.18.173": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.39.18.176": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.39.18.180": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.39.18.181": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.39.18.182": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.39.18.183": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.39.18.187": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.39.18.189": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.39.18.190": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "103.70.137.129": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "45.170.251.101,/ga.js",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "45.170.251.101,/updates.rss",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.131.125.114": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "Maxdns": "225",
- "C2 Server": "ajax.microsoft.com,/wp-content/themes/am43-6/dist/records,amp.azure.net,/api2/json/cluster/tasks,global.asazure.windows.net,/wp-content/themes/am43-6/dist/records",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/ev/prd001001",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "h\\xD8<\\x84",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.131.167.151": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "C2 Server": "ajax.microsoft.com,/v1/buckets/default/ext-5dkJ19tFufpMZjVJbsWCiqDcclDw/records",
- "HTTP Method Path 2": "/1.5/95648064/storage/tabs",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "C2 Server": "ajax.microsoft.com,/wp-content/themes/am43-6/dist/records",
- "HTTP Method Path 2": "/v3/links/ping-beat/check",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.131.210.108": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "mobilecdnprod.azureedge.net,/__utm.gif",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.131.76.110": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "Maxdns": "225",
- "C2 Server": "ajax.microsoft.com,/api2/json/cluster/tasks",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/v3/links/ping-beat/check",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "h\\xD8<\\x84",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.131.88.156": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "Maxdns": "225",
- "C2 Server": "wepay.com,/en-us/store/api/checkproductinwishlist",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/u/0/_/og/botguard/get",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "h\\xD8<\\x84",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "Maxdns": "225",
- "C2 Server": "wepay.com,/api2/json/access/ticket",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/v3/links/ping-beat/check",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "h\\xD8<\\x84",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.149.168.199": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "104.149.168.199,/g.pixel",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "104.149.168.199,/g.pixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.168.140.127": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "62412",
- "Jitter": "43",
- "Maxdns": "242",
- "C2 Server": "qw.run-upgrade.monster,/avatars.js,as.run-upgrade.monster,/fam_newspaper.js,zx.run-upgrade.monster,/avatars.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
- "HTTP Method Path 2": "/templates",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "@\\xD9\\xA5\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "62412",
- "Jitter": "43",
- "Maxdns": "242",
- "C2 Server": "qw.run-upgrade.monster,/fam_newspaper.js,as.run-upgrade.monster,/fam_newspaper.js,zx.run-upgrade.monster,/avatars.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
- "HTTP Method Path 2": "/templates",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "@\\xD9\\xA5\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.168.159.201": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "55365",
- "Jitter": "43",
- "Maxdns": "255",
- "C2 Server": "104.168.159.201,/en",
- "User Agent": "Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202",
- "HTTP Method Path 2": "/as",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "z\\xC1]\\x0E",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.194.10.58": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "peernew.com,/CWoNaJLBo/VTNeWw11212/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
- "HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.194.11.10": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "simvp.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "simvp.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.194.8.114": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "raills.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.194.8.36": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "rollfx.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.236.172.121": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "104.236.172.121,/ga.js,n00she.com,/match",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "104.236.172.121,/en_US/all.js,n00she.com,/activity",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; LBBROWSER)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.238.133.94": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "104.238.133.94,/pixel.gif",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; yie9)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.238.205.115": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "resfox.com,/us/ky/louisville/312-s-fourth-st.html,zeroflip.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.238.205.44": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "syscx.com,/dot.gif",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; ASU2JS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.238.205.63": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "dealeva.com,/CWoNaJLBo/VTNeWw11212/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
- "HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.243.33.7": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "goodroy.com,/CWoNaJLBo/VTNeWw11212/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
- "HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.243.40.126": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "likenic.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.243.41.123": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "cuphq.com,/cx",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.243.45.15": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "mixres.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "mixres.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.243.45.45": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "mobpros.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.243.46.74": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "104.243.46.74,/IE9CompatViewList.xml",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.247.196.106": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "104.247.196.106,/match",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.247.196.170": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "clubuz.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.248.224.90": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "Maxdns": "225",
- "C2 Server": "www.nytimes.com,/v1/preferences,www.nytimes.com,/v1/preferences,www.nytimes.com,/idcta/translations,www.nytimes.com,/v2/preferences,www.nytimes.com,/idcta/translations",
- "User Agent": "Microsoft BITS/7.8",
- "HTTP Method Path 2": "/track",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "h\\xD8<\\x84",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.248.48.249": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "C2 Server": "104.248.48.249,/gp/cerberus/gv",
- "HTTP Method Path 2": "/1.5/95648064/storage/tabs",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "104.254.128.107": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "45.170.251.101,/ga.js",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "106.52.233.118": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "106.52.233.118,/s",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/S",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "106.55.153.204": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "106.55.153.204,/en_US/all.js",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;SVSE)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "108.177.235.180": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "mail.safeyoke.com,/ptj,feedback.safeyoke.com,/cx",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "108.177.235.22": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "108.177.235.22,/fwlink",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "108.62.118.187": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "ramush.com,/us/ky/louisville/312-s-fourth-st.html,leepick.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "ramush.com,/us/ky/louisville/312-s-fourth-st.html,leepick.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "108.62.118.37": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "amajai-technologies.trade,/ga.js",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "amajai-technologies.trade,/match",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BO1IE8_v1;ENUS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "108.62.141.129": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "eyedm.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "108.62.141.158": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "lenfree.com,/us/ky/louisville/312-s-fourth-st.html,199.127.61.74,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "108.62.141.170": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "172.82.148.202,/us/ky/louisville/312-s-fourth-st.html,resnote.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "108.62.141.62": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "orgsale.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "108.62.141.72": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "foxreps.com,/us/ky/louisville/312-s-fourth-st.html,novause.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "109.201.142.110": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "forteupdate.com,/match",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "109.230.199.56": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "109.230.199.56,/dpixel",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "109.231.194.189": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "880",
- "Jitter": "0",
- "Maxdns": "244",
- "C2 Server": "109.231.194.189,/access/",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:1.9) Gecko/20100101 Firefox/4.0",
- "HTTP Method Path 2": "/radio/xmlrpc/v35",
- "Header1": "",
- "Header2": "",
- "PipeName": "\\\\%s\\pipe\\msagent_%x",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "880",
- "Jitter": "0",
- "Maxdns": "244",
- "C2 Server": "109.231.194.189,/access/",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:1.9) Gecko/20100101 Firefox/4.0",
- "HTTP Method Path 2": "/radio/xmlrpc/v35",
- "Header1": "",
- "Header2": "",
- "PipeName": "\\\\%s\\pipe\\msagent_%x",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "111.229.210.49": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "111.229.210.49,/push",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "114.118.4.189": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "114.118.4.189,/updates",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
- "HTTP Method Path 2": "/windows/mark.jsp",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "114.118.4.189,/updates",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
- "HTTP Method Path 2": "/windows/fly.jsp",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "117.50.106.161": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "117.50.106.161,/pixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "117.51.149.186": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "117.51.149.186,/fwlink",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MATMJS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "119.28.9.129": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "119.28.9.129,/pixel.gif",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "121.196.148.36": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60534",
- "Jitter": "41",
- "Maxdns": "249",
- "C2 Server": "121.196.148.36,/ur.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
- "HTTP Method Path 2": "/favicon",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\xD6\\x82\\xA4E",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "123.56.133.239": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "123.56.133.239,/activity",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "123.56.133.239,/activity",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "123.57.235.194": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "1000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "123.57.235.194,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "123.57.90.172": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "123.57.90.172,/__utm.gif",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "123.58.211.116": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "123.58.211.116,/dot.gif",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "124.217.230.137": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "41000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "124.217.230.137,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 7.0; InfoPath.3; .NET CLR 3.1.40767; Trident/6.0; en-IN)",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "128.199.180.58": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "45000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "128.199.180.58,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36/8mqQhSuL-09",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "45000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "128.199.180.58,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36/8mqQhSuL-09",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "128.199.23.209": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "128.199.23.209,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "130.211.251.187": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "130.211.251.187,/ca",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "13.211.94.224": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "20",
- "Maxdns": "235",
- "C2 Server": "au.theguardianweb.com,/preload",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/sa",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "C:\\Windows\\syswow64\\svchost.exe -k localservice -p -s fdPHost",
- "Spawnto_x64": "C:\\Windows\\sysnative\\svchost.exe -k localservice -p -s fdPHost",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "134.122.21.15": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "600",
- "Jitter": "39",
- "Maxdns": "248",
- "C2 Server": "egress.ninja,/bn",
- "User Agent": "",
- "HTTP Method Path 2": "/br",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\system32\\regsvr32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
- "Proxy_Hostname": "http://185.46.212.88:9400",
- "Proxy_AccessType": "0 (Unknown)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "600",
- "Jitter": "39",
- "Maxdns": "248",
- "C2 Server": "egress.ninja,/bn",
- "User Agent": "",
- "HTTP Method Path 2": "/br",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\system32\\regsvr32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
- "Proxy_Hostname": "http://185.46.212.88:9400",
- "Proxy_AccessType": "0 (Unknown)"
- }
- },
- "134.209.117.238": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "50000",
- "Jitter": "37",
- "C2 Server": "jude.saintjameschurch.org,/Video",
- "HTTP Method Path 2": "/search",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "134.209.165.165": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "Maxdns": "225",
- "C2 Server": "ajax.microsoft.com,/wp-includes/js/script/indigo-migrate",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/gp/aw/ybh/handlers",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "h\\xD8<\\x84",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "134.209.200.91": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "85",
- "Maxdns": "255",
- "C2 Server": "134.209.200.91,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "134.209.5.246": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "134.209.5.246,/j.ad",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "134.209.86.120": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "8000",
- "Jitter": "30",
- "Maxdns": "255",
- "C2 Server": "www.stackpath.com,/api/v2/metrics/",
- "User Agent": "Microsoft-CryptoAPI/6.1",
- "HTTP Method Path 2": "/api/v2/analytics/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\xAC\\xD9\\x10\\x8E",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "13.64.101.24": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "64489",
- "Jitter": "39",
- "Maxdns": "248",
- "C2 Server": "http://daiwa-cm-us.azureedge.net/,/ro,13.64.101.24,/ro",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
- "HTTP Method Path 2": "/mobile-ipad-home",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "^\\x16\\xC1\\x88",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "138.124.180.52": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "7000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "gosleepaddict.com,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "7000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "gosleepaddict.com,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "139.155.242.130": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "139.155.242.130,/load",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; InfoPath.2)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "139.162.197.65": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "56943",
- "Jitter": "39",
- "C2 Server": "139.162.197.65,/styles",
- "HTTP Method Path 2": "/RELEASE_NOTES",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
- "Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "139.180.212.244": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "139.180.212.244,/pixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "139.186.146.78": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "10000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "139.186.146.78,/geo/collect/v1,hw.x0x.in,/geo/collect/v1",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0;) like Gecko",
- "HTTP Method Path 2": "/collect/v1",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "139.196.171.222": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5500",
- "Jitter": "30",
- "Maxdns": "240",
- "C2 Server": "v.autohome.com.cn,/_layouts/Wopi/01554532-64bc-45ee-9645-512577ae642d",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.177",
- "HTTP Method Path 2": "/person/ithelp/bug/list",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\w32tm.exe",
- "Spawnto_x64": "%windir%\\sysnative\\w32tm.exe",
- "Proxy_Hostname": "http://10.37.84.125:8080",
- "Proxy_Username": "paicdom\\lihongmei826",
- "Proxy_Password": "Pa888888",
- "Proxy_AccessType": "4 (Use proxy server)"
- }
- },
- "139.196.224.35": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "58.215.145.112,/activity",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "139.199.185.41": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "139.199.185.41,/updates",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
- "HTTP Method Path 2": "/windowsxp/updcheck.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "139.224.105.96": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "62236",
- "Jitter": "39",
- "Maxdns": "252",
- "C2 Server": "theones.me,/template.js",
- "User Agent": "Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202",
- "HTTP Method Path 2": "/nv",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "G\\xEB\\x88\\x8E",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "139.59.230.84": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "139.59.230.84,/push",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ESES)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "139.59.73.112": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "45000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "139.59.73.112,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "1 (Use direct connection)"
- }
- },
- "139.60.161.215": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "600000",
- "Jitter": "28",
- "Maxdns": "245",
- "C2 Server": "139.60.161.215,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.3",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "600000",
- "Jitter": "28",
- "Maxdns": "245",
- "C2 Server": "139.60.161.215,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.3",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "139.60.162.19": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "139.60.162.19,/g.pixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;SVSE)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "139.9.244.218": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "10000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "img.alicdn.com,/contentsvc/microsofticon,at.alicdn.com,/contentsvc/microsofticon,ald.taobao.com,/contentsvc/microsofticon,www.aliyunbaike.com,/contentsvc/microsofticon",
- "User Agent": "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)",
- "HTTP Method Path 2": "/NlEditor/CloudSuggest/V1",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "141.164.35.117": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "coivo2xo.livehost.live,/access/",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/radio/xmlrpc/v35",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "coivo2xo.livehost.live,/access/",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/radio/xmlrpc/v35",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "142.202.205.57": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "142.202.205.57,/updates.rss",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MALC)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "142.202.205.88": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "142.202.205.88,/dot.gif",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MAGWJS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "142.202.205.88,/ptj",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "142.54.188.26": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "agturnfa.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "142.93.152.156": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "70",
- "C2 Server": "onrnicrosoft.com,/thisisnotevil.gif",
- "HTTP Method Path 2": "/send",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
- "Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "70",
- "C2 Server": "onrnicrosoft.com,/thisisnotevil.gif",
- "HTTP Method Path 2": "/send",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
- "Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "142.93.187.11": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "12000",
- "Jitter": "35",
- "C2 Server": "142.93.187.11,/u/vercheck,training42.microsoft-essentials.com,/u/vercheck",
- "HTTP Method Path 2": "/u/version_status",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "142.93.98.6": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "360live.digital,/pixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BO1IE8_v1;ENUS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "144.202.112.14": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "Maxdns": "245",
- "C2 Server": "z.ziper.xyz,/image/",
- "User Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) Chrome/85.0.4183.102 Safari/537.36",
- "HTTP Method Path 2": "/history/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "144.217.207.21": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "52.188.209.63,/visit.js",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "145.249.107.130": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "145.249.107.130,/fwlink",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "145.249.107.130,/pixel",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "146.56.208.33": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "146.56.208.33,/visit.js",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "146.6.15.12": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "146.6.15.12,/g.pixel",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "149.129.53.162": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "sit.watchdog3.com,/updates",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
- "HTTP Method Path 2": "/aircanada/dark.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "sit.watchdog3.com,/updates",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
- "HTTP Method Path 2": "/aircanada/dark.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "149.28.20.245": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "20",
- "Maxdns": "235",
- "C2 Server": "149.28.20.245,/search/",
- "User Agent": "Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/Search/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "1 (Use direct connection)"
- }
- },
- "149.28.95.180": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "149.28.95.180,/en_US/all.js",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MAAU)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "149.6.167.60": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "37",
- "C2 Server": "CLIENT.ELISEA-MUTUELLE.fr,/jquery-3.3.1.min.js",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\WerFault.exe -u -p 223",
- "Spawnto_x64": "%windir%\\sysnative\\WerFault.exe -u -p 223",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "37",
- "C2 Server": "CLIENT.ELISEA-MUTUELLE.fr,/jquery-3.3.1.min.js",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\WerFault.exe -u -p 223",
- "Spawnto_x64": "%windir%\\sysnative\\WerFault.exe -u -p 223",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "15.188.88.72": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "600000",
- "Jitter": "50",
- "Maxdns": "235",
- "C2 Server": "tmestoragetest.azureedge.net,/obj_",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36",
- "HTTP Method Path 2": "/upload",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k LocalService",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k LocalService",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "15.222.241.107": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "45000",
- "Jitter": "37",
- "C2 Server": "jquery.soundcloudcdn.com,/jquery-3.3.1.min.js",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "153.92.127.203": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "io.amscloud.xyz,/ping,d2dtgcu8n83vy7.cloudfront.net,/ping,d1iz6lkxr9mblm.cloudfront.net,/ping",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/pong",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "153.92.127.208": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "io.amscloud.xyz,/ping,d2dtgcu8n83vy7.cloudfront.net,/ping,d1iz6lkxr9mblm.cloudfront.net,/ping",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/pong",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "io.amscloud.xyz,/ping,d2dtgcu8n83vy7.cloudfront.net,/ping,d1iz6lkxr9mblm.cloudfront.net,/ping",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/pong",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "154.86.46.35": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "154.86.46.35,/IE9CompatViewList.xml",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "155.138.230.65": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "20",
- "Maxdns": "235",
- "C2 Server": "155.138.230.65,/viewerng/meta",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/viewersng/meta",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "155.138.245.98": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "155.138.245.98,/pixel.gif",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "156.226.191.234": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "156.226.191.235": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "156.226.191.236": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; .NET CLR 2.0.50727)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "156.226.191.237": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "156.226.191.234,/_/scs/mail-static/_/js/,djiqowenlsakdj.com,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "157.230.184.142": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15",
- "Jitter": "20",
- "Maxdns": "235",
- "C2 Server": "157.230.184.142,/5aq/XP/SY75Qyw.htm",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E )",
- "HTTP Method Path 2": "/RCg/vp6rBcQ.htm",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "157.230.239.44": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "63931",
- "Jitter": "41",
- "C2 Server": "157.230.239.44,/faq",
- "HTTP Method Path 2": "/lt",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
- "Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "157.230.81.209": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "Maxdns": "225",
- "C2 Server": "software-download.office.microsoft.com,/updates",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/notification",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "h\\xD8<\\x84",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "Maxdns": "225",
- "C2 Server": "software-download.office.microsoft.com,/updates",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/notification",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "h\\xD8<\\x84",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "159.65.115.160": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "1500",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "159.65.115.160,/ocsp/a/",
- "User Agent": "Microsoft-CryptoAPI/6.1",
- "HTTP Method Path 2": "/ocsp/b/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\xAC\\xD9\\x10\\x8E",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "1500",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "159.65.115.160,/ocsp/a/",
- "User Agent": "Microsoft-CryptoAPI/6.1",
- "HTTP Method Path 2": "/ocsp/b/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\xAC\\xD9\\x10\\x8E",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "159.65.96.79": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "61924",
- "Jitter": "43",
- "C2 Server": "cleerhr.com,/html.js",
- "HTTP Method Path 2": "/sq",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
- "Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "159.89.109.225": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "23",
- "Maxdns": "255",
- "C2 Server": "159.89.109.225,/sxn/start,104.248.245.41,/sxn/start",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/dd/met7",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "159.89.131.233": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "45102",
- "Jitter": "29",
- "C2 Server": "milbank.azurewebsites.net,/azure/api",
- "HTTP Method Path 2": "/azure/us",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\typeperf.exe",
- "Spawnto_x64": "%windir%\\sysnative\\typeperf.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "159.89.13.234": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "Maxdns": "225",
- "C2 Server": "yelp.com,/wp-includes/js/script/indigo-migrate",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/api2/json/check/ticket",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "h\\xD8<\\x84",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "161.35.218.255": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "161.35.218.255,/g.pixel",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "161.35.218.255,/dot.gif",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "161.35.38.97": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "90000",
- "Jitter": "15",
- "Maxdns": "212",
- "C2 Server": "jscript-cdn.azureedge.net,/npm/fullpage.js@2.9.4/dist/jquery.fullpage.min.css",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.3396.99 Safari/537.36",
- "HTTP Method Path 2": "/sites/p/b93/googleanalytics/track",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "h\\x10U\\x14",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\gpresult.exe",
- "Spawnto_x64": "%windir%\\sysnative\\gpresult.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "161.35.51.98": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "53",
- "Jitter": "40",
- "Maxdns": "255",
- "C2 Server": "mscrl.microsoft.com,/feed/Video/c/dynamic/,ajax.microsoft.com,/feed/Video/c/dynamic/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)",
- "HTTP Method Path 2": "/main/urgent/w/06/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "161.35.6.3": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "161.35.6.3,/updates.rss",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "161.35.76.1": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "1000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "161.35.76.1,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\cmd.exe -k updatehelp",
- "Spawnto_x64": "%windir%\\sysnative\\cmd.exe -k updatehelp",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "161.35.81.119": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "Maxdns": "225",
- "C2 Server": "bbc.com,/en-us/p/onerf/MeSilentPassport",
- "User Agent": "Microsoft BITS/7.8",
- "HTTP Method Path 2": "/1.5/95648064/storage/tabs",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\xBC\\xA6\\x0Ee",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "Maxdns": "225",
- "C2 Server": "bbc.com,/en-us/p/book-2/8MCPZJJCC98C",
- "User Agent": "Microsoft BITS/7.8",
- "HTTP Method Path 2": "/v1/stats",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\xBC\\xA6\\x0Ee",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "161.35.99.14": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "37",
- "C2 Server": "161.35.99.14,/jquery-3.3.1.min.js",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "162.241.127.180": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "162.241.127.180,/j.ad",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;NLNL)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "162.241.127.180,/activity",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENCA)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "162.241.65.121": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "162.241.65.121,/cx",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "162.248.210.234": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "wavetips.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "162.254.204.222": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "13500",
- "Jitter": "27",
- "Maxdns": "255",
- "C2 Server": "mstronestia.me,/maps/overlaybfpr",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
- "HTTP Method Path 2": "/fd/ls/lsp.aspx",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
- "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "165.22.37.148": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "12000",
- "Jitter": "35",
- "C2 Server": "update03.microsoft-essentials.com,/u/vercheck,165.22.37.148,/u/vercheck",
- "HTTP Method Path 2": "/u/version_status",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "165.227.85.160": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "165.227.85.160,/__utm.gif",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "165.227.85.160,/match",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "165.22.8.172": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "48",
- "Jitter": "79",
- "C2 Server": "silicontechgroup.com,/content/latest/i/updateonScroll/",
- "HTTP Method Path 2": "/all/hot/0t/1/",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\werfault.exe",
- "Spawnto_x64": "%windir%\\sysnative\\werfault.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "167.172.203.162": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "C2 Server": "ajax.microsoft.com,/v4/links/activity-stream",
- "HTTP Method Path 2": "/api2/json/check/ticket",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "167.172.217.69": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "45000",
- "Jitter": "37",
- "C2 Server": "xifin.co,/jquery-3.3.1.min.js",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "167.179.87.86": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "167.179.87.86,/g.pixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; BOIE9;ENUS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "167.179.96.215": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "9800",
- "Jitter": "26",
- "Maxdns": "235",
- "C2 Server": "167.179.96.215,/cdn/heartbeat",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0",
- "HTTP Method Path 2": "/cdn/update",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "167.71.145.204": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "45000",
- "Jitter": "37",
- "C2 Server": "1shop4health.com,/jquery-3.3.1.min.js",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "45000",
- "Jitter": "37",
- "C2 Server": "1shop4health.com,/jquery-3.3.1.min.js",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "167.71.244.25": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "C2 Server": "ajax.microsoft.com,/wp-content/themes/am43-6/dist/records",
- "HTTP Method Path 2": "/ev/ext001001",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "C2 Server": "ajax.microsoft.com,/api2/json/cluster/resources",
- "HTTP Method Path 2": "/gp/aw/ybh/handlers",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "167.99.197.196": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "myredirector1.live,/c/msdownload/update/others/2020/10/29136388_,myredirector2.live,/c/msdownload/update/others/2020/10/29136388_",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)",
- "HTTP Method Path 2": "/c/msdownload/update/others/2020/10/28986731_",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "167.99.200.45": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "235",
- "C2 Server": "outlook-1.azureedge.net,/static/css/main.d22d3525.chunk.css",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36",
- "HTTP Method Path 2": "/owamail/calendar/service.svc",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\rZ\\xD5\\xCC",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
- "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "168.119.0.88": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "168.119.0.88,/g.pixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "168.62.7.130": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "37500",
- "Jitter": "33",
- "Maxdns": "245",
- "C2 Server": "red.therclegalgroup.com,/javascripts/jquery.foundation.navigation.js",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; SLCC; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8)",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "172.241.27.214": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "repshd.com,/us/ky/louisville/312-s-fourth-st.html,pinglis.com,/us/ky/louisville/312-s-fourth-st.html,stargut.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "172.241.27.230": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "ramush.com,/us/ky/louisville/312-s-fourth-st.html,leepick.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "172.241.27.46": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "oldplex.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "oldplex.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "172.241.27.57": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "zipflag.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "172.241.29.153": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "172.241.29.153,/dpixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "172.241.29.155": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "amamai-tecnologies.space,/dot.gif",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "172.241.29.156": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "amamai-tecnologies.digital,/IE9CompatViewList.xml",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "172.82.148.202": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "172.82.148.202,/us/ky/louisville/312-s-fourth-st.html,resnote.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "172.82.148.202,/us/ky/louisville/312-s-fourth-st.html,resnote.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "172.82.179.170": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "foxreps.com,/us/ky/louisville/312-s-fourth-st.html,novause.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "172.93.101.50": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "orgsale.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "orgsale.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "172.93.102.164": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "facesh.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "172.93.107.2": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "keyisa.com,/CWoNaJLBo/VTNeWw11212/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
- "HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "keyisa.com,/CWoNaJLBo/VTNeWw11212/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
- "HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "172.93.97.66": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "stephq.com,/CWoNaJLBo/VTNeWw11212/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
- "HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "stephq.com,/CWoNaJLBo/VTNeWw11212/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
- "HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "172.96.160.218": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "lenview.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "172.98.192.91": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "172.98.192.91,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "172.98.192.94": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "172.98.192.94,/g.pixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "173.234.155.146": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "landcook.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "173.234.155.173": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "resfox.com,/us/ky/louisville/312-s-fourth-st.html,zeroflip.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "173.234.155.184": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "dealeva.com,/CWoNaJLBo/VTNeWw11212/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
- "HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "dealeva.com,/CWoNaJLBo/VTNeWw11212/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
- "HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "173.234.155.54": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "img.intactlinks.com,/fwlink,print.intactlinks.com,/cx",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "img.intactlinks.com,/j.ad,print.intactlinks.com,/activity",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "173.234.155.55": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "cwsedge.net,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "173.234.155.75": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "likenic.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "173.234.155.85": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "arcnew.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "arcnew.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "173.234.25.74": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "45.170.251.101,/ga.js",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "173.234.25.75": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "45.170.251.101,/updates.rss",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "173.234.25.76": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "45.170.251.101,/ga.js",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "173.234.25.77": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "45.170.251.101,/ga.js",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "173.234.25.78": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "45.170.251.101,/ga.js",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "45.170.251.101,/updates.rss",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "176.105.254.220": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "38310",
- "Jitter": "35",
- "Maxdns": "245",
- "C2 Server": "chromeupdates.best,/admin",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.227.0 Safari/536.3",
- "HTTP Method Path 2": "/Login",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
- "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "176.121.14.229": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "176.121.14.229,/match",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "176.121.14.249": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "176.121.14.249,/j.ad",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "176.121.14.251": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "176.121.14.251,/updates.rss",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "176.123.8.228": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "176.123.8.228,/__utm.gif",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)",
- "HTTP Method Path 2": "/___utm.gif",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "178.128.105.13": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "Maxdns": "225",
- "C2 Server": "ajax.microsoft.com,/gp/aj/private/reviewsGallery/get-image-gallery-assets,mscrl.microsoft.com,/wp-includes/js/script/indigo-migrate",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/gp/aw/ybh/handlers",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "h\\xD8<\\x84",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
- "Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "178.128.187.10": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "C2 Server": "securetraining.org,/wp-includes/js/script/indigo-migrate",
- "HTTP Method Path 2": "/v4/links/check-activity/check",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "178.238.228.90": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "57236",
- "Jitter": "37",
- "Maxdns": "249",
- "C2 Server": "178.238.228.90,/Content",
- "User Agent": "Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
- "HTTP Method Path 2": "/adminhtml",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\xDC\\\\x92\\x8B",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
- "Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "178.79.134.144": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "tcpsessionsconnect.com,/idle/1376547834/1",
- "User Agent": "Shockwave Flash",
- "HTTP Method Path 2": "/send/1376547834/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "1 (Use direct connection)"
- }
- },
- "18.144.133.24": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "62658",
- "Jitter": "39",
- "C2 Server": "18.144.133.24,/search",
- "HTTP Method Path 2": "/fo",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
- "Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "18.156.114.88": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "20",
- "C2 Server": "3.127.139.203,/c/msdownload/update/others/2020/11/KB152288_",
- "HTTP Method Path 2": "/c/msdownload/update/others/2020/11/KB13434_",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "18.163.120.26": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "18.163.120.26,/__utm.gif",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSMSE)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "18.163.195.231": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "20",
- "Maxdns": "235",
- "C2 Server": "18.166.71.96,/c/msdownload/update/others/2016/12/29136388_",
- "User Agent": "Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40",
- "HTTP Method Path 2": "/c/msdownload/update/others/2016/12/3215234_",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "20",
- "Maxdns": "235",
- "C2 Server": "18.166.71.96,/c/msdownload/update/others/2016/12/29136388_",
- "User Agent": "Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40",
- "HTTP Method Path 2": "/c/msdownload/update/others/2016/12/3215234_",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "18.189.12.168": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "47",
- "Maxdns": "255",
- "C2 Server": "jquery.alrowadclinic.com,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "18.191.170.242": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "37",
- "C2 Server": "18.191.170.242,/jquery-3.3.1.min.js",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
- "Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "18.191.221.167": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "45000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "18.191.221.167,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "18.191.221.28": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "6700",
- "Jitter": "13",
- "Maxdns": "247",
- "C2 Server": "cmpinsurance.com,/s/ref=nb_sb_noss_1/122-66617254-9010232/field-keywords=problem",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0",
- "HTTP Method Path 2": "/N1547/adj/amzn.us.sr.aps",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "18.206.136.219": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "62177",
- "Jitter": "43",
- "Maxdns": "254",
- "C2 Server": "utils.couch2kubernetes.com,/mobile-home",
- "User Agent": "Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
- "HTTP Method Path 2": "/posting",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": ":Sg?",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
- "Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "18.212.159.80": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "10000",
- "Jitter": "10",
- "C2 Server": "d2mq9y2bddy4j9.cloudfront.net,/ec2/",
- "HTTP Method Path 2": "/console/home/ec2",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\wermgr.exe",
- "Spawnto_x64": "%windir%\\sysnative\\wermgr.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "18.223.155.112": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "18.223.155.112,/match",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "182.254.180.180": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "182.254.180.180,/en_US/all.js",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; yie9)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "182.92.120.156": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "182.92.120.156,/visit.js",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; XBLWP7; ZuneWP7)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.14.30.217": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "C2 Server": "185.14.30.217,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
- "HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "C2 Server": "185.14.30.217,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
- "HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.150.117.142": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "185.150.117.142,/activity",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.150.119.148": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "C2 Server": "185.150.119.148,/_/scs/mail-static/_/js/",
- "HTTP Method Path 2": "/mail/u/0/",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.150.190.113": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "topevi.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.150.190.204": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "regbest.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "regbest.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.153.196.130": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "185.153.196.130,/match",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.158.249.123": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "185.158.249.123,/cm",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.162.235.111": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "185.162.235.111,/visit.js",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; LBBROWSER)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.162.235.35": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "185.162.235.35,/dot.gif",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.162.235.61": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "185.162.235.61,/fwlink",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; ASU2JS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "185.162.235.61,/cx",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.189.151.92": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "185.189.151.92,/activity",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUSMSNIP)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "185.189.151.92,/dot.gif",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.191.32.168": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "45000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "185.191.32.168,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.191.32.180": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "185.191.32.180,/en_US/all.js",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.201.47.155": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "thie7keiz2eu2eeshoog.greenyellow.xyz,/ga.js,Oophofeip9aiph4zoo6e.greenyellow.site,/dpixel,eeTaicaiT4eeceingoz9.greenyellow.fun,/visit.js",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "thie7keiz2eu2eeshoog.greenyellow.xyz,/cm,Oophofeip9aiph4zoo6e.greenyellow.site,/cx,eeTaicaiT4eeceingoz9.greenyellow.fun,/dot.gif",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.225.19.140": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "185.225.19.140,/c/msdownload/update/others/2020/10/29136388_",
- "User Agent": "Windows-Update-Agent/10.0.10022.16384 Client-Protocol/1.40",
- "HTTP Method Path 2": "/c/msdownload/update/others/2020/10/28986731_",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\wusa.exe",
- "Spawnto_x64": "%windir%\\sysnative\\wusa.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.227.82.66": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "185.227.82.66,/push",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSCOM)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.232.52.137": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "185.232.52.137,/g.pixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "185.232.52.137,/pixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) LBBROWSER",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.232.52.143": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "185.232.52.143,/ptj",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.238.169.166": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "rinnosaur.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.244.149.152": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "yambanetsdev.net,/g.pixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.244.39.110": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "45000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "185.244.39.110,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "45000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "185.244.39.110,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.62.189.116": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "10000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "ojbg.sigiwendksgna.com,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "185.82.126.47": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "185.82.126.47,/pixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASB)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "188.119.112.174": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "8081",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "girls4dating.asia,/safebrowsing/rd/CltOb12nLW1IbHehcmUtd2hUdmFzEBAY7-0KIOkUDC7h2",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/safebrowsing/rd/CINnu27nLO8hbHdfgmUtc2ihdmFyEAcY4",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "8081",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "girls4dating.asia,/safebrowsing/rd/CltOb12nLW1IbHehcmUtd2hUdmFzEBAY7-0KIOkUDC7h2",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/safebrowsing/rd/CINnu27nLO8hbHdfgmUtc2ihdmFyEAcY4",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "188.119.113.18": {
- "x86": {
- "BeaconType": "0 (HTTP)",
- "Port": "443",
- "Polling": "7000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "hopetmone.com,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "0 (HTTP)",
- "Port": "443",
- "Polling": "7000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "hopetmone.com,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "192.111.144.210": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "repshd.com,/us/ky/louisville/312-s-fourth-st.html,pinglis.com,/us/ky/louisville/312-s-fourth-st.html,stargut.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "192.119.110.81": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "192.119.111.117,/IE9CompatViewList.xml",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "192.119.111.117": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "192.119.111.117,/cm",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "192.119.111.117,/IE9CompatViewList.xml",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MAARJS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "192.119.111.155": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "192.119.111.117,/cm",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "192.119.92.16": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "59558",
- "Jitter": "41",
- "Maxdns": "241",
- "C2 Server": "qw.client-update.xyz,/kj.html,as.client-update.xyz,/kj.html,zx.client-update.xyz,/kj.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
- "HTTP Method Path 2": "/temp",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\xA7\\x99\\x1D\\x01",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "192.184.35.222": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "exrap.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "exrap.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "192.236.232.228": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "192.236.232.228,/en_US/all.js",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "192.236.248.169": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "amapai-technologies.email,/ptj",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "192.3.81.214": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "139.199.185.41,/updates",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
- "HTTP Method Path 2": "/aircanada/dark.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "193.168.147.249": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "mesteratosr.me,/api",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0",
- "HTTP Method Path 2": "/lowpacket/mt.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "193.27.14.247": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "ap.availablenationwide.com,/jquery-ajaxSuccess.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-before.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "193.34.166.124": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "ntservicespack.com,/load",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "ntservicespack.com,/ptj",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "193.34.166.207": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "timesyncad.com,/IE9CompatViewList.xml",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAAU; NP08)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "193.34.166.73": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "servupdates.com,/ca",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MANM)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "servupdates.com,/cx",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "193.34.166.89": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "193.34.166.89,/fwlink",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; MALCJS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "193.34.167.200": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "inteldrivers.com,/cm",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; XBLWP7; ZuneWP7)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "193.34.167.60": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "server3.msadwindows.com,/cm",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "194.5.249.55": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "194.5.249.55,/cx",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "195.123.217.7": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "195.123.217.7,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,yten.xyz,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "195.123.217.7,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,yten.xyz,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "195.123.222.43": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "7000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "duskeducate.com,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "7000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "duskeducate.com,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "195.30.132.195": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "d1hp3kzjl3pr7y.cloudfront.net,/_/scs/mail-static/_/css/,d3mdcyc7die6tc.cloudfront.net,/_/scs/mail-static/_/css/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)",
- "HTTP Method Path 2": "/mail/u/2/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x01\\x01\\x01\\x01",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "d1hp3kzjl3pr7y.cloudfront.net,/_/scs/mail-static/_/css/,d3mdcyc7die6tc.cloudfront.net,/_/scs/mail-static/_/css/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)",
- "HTTP Method Path 2": "/mail/u/2/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x01\\x01\\x01\\x01",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "198.211.107.136": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "58758",
- "Jitter": "39",
- "Maxdns": "254",
- "C2 Server": "ajax.microsoft.com,/zh.css",
- "User Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0",
- "HTTP Method Path 2": "/an",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "L4\\x8D}",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "198.27.79.75": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "56196",
- "Jitter": "43",
- "Maxdns": "241",
- "C2 Server": "185.189.151.107,/na",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36",
- "HTTP Method Path 2": "/extension",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "q\\xF5\\x128",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "198.44.14.47": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "63118",
- "Jitter": "39",
- "Maxdns": "240",
- "C2 Server": "qw.update-chromeservices.com,/groupcp,as.update-chromeservices.com,/groupcp,zx.update-chromeservices.com,/hr",
- "User Agent": "Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; RM-1152) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/groupcp",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\xD4\\xCC\\xC7&",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
- "Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "198.44.97.180": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "198.44.97.180,/push",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENGB)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "198.44.97.181": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "198.44.97.180,/push",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENGB)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "199.127.60.227": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "bitsse.com,/us/ky/louisville/312-s-fourth-st.html,uncole.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "199.127.60.67": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "zipflag.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "199.127.61.214": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "volof.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "199.127.61.74": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "lenfree.com,/us/ky/louisville/312-s-fourth-st.html,199.127.61.74,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "lenfree.com,/us/ky/louisville/312-s-fourth-st.html,199.127.61.74,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "199.127.63.73": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "eyedm.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "199.195.251.56": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "micsoftin.us,/updates",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
- "HTTP Method Path 2": "/aircanada/dark.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "199.195.254.79": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "10000",
- "Jitter": "20",
- "Maxdns": "235",
- "C2 Server": "www.google-dev.tk,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E )",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "202.182.101.162": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "202.182.101.162,/ca",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "202.182.96.238": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "coivotek.livehost.live,/access/",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/radio/xmlrpc/v35",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "20.36.203.162": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "20.36.203.162,/load",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "204.16.247.235": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "avetool.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "avetool.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "204.16.247.30": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "ballom.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "204.16.247.48": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "goodroy.com,/CWoNaJLBo/VTNeWw11212/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
- "HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "204.16.247.65": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "peernew.com,/CWoNaJLBo/VTNeWw11212/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
- "HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "204.16.247.89": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "204.16.247.89,/g.pixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "204.16.247.89,/ptj",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "206.189.223.152": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "206.189.223.152,/push",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "206.189.37.245": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "Maxdns": "225",
- "C2 Server": "do.skype.com,/api2/json/access/ticket,mscrl.microsoft.com,/en-us/p/onerf/MeSilentPassport",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/gql",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "h\\xD8<\\x84",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\System32\\werfault.exe",
- "Spawnto_x64": "%windir%\\System32\\werfault.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "206.221.176.205": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "arcnew.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "206.221.179.202": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "geotry.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "geotry.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "206.54.190.220": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "45.170.251.101,/ga.js",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "207.148.70.82": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "207.148.70.82,/pixel",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "207.219.199.120": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "s3app.eastus.cloudapp.azure.com,/iconpage.gif,azurecloudapi.eastus.cloudapp.azure.com,/iconpage.gif",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)",
- "HTTP Method Path 2": "/iconimage.gif",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "s3app.eastus.cloudapp.azure.com,/iconpage.gif,azurecloudapi.eastus.cloudapp.azure.com,/iconpage.gif",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)",
- "HTTP Method Path 2": "/iconimage.gif",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "209.222.101.153": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "mixdir.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "209.222.97.8": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "landcook.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "landcook.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "209.222.98.45": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "exrap.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "exrap.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "209.222.98.96": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "wolfnew.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "wolfnew.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "209.249.134.14": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "downloads.daytonaneurosurgery.com,/login",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36",
- "HTTP Method Path 2": "/api/chat.postMessage",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "217.12.208.251": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "45000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "217.12.208.251,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "217.8.117.13": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "217.8.117.13,/fwlink",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.106.160.111": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "mixres.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.106.160.129": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "regbest.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.106.160.191": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "23.106.160.191,/activity",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.106.160.195": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "topevi.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.106.160.198": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "repshd.com,/us/ky/louisville/312-s-fourth-st.html,pinglis.com,/us/ky/louisville/312-s-fourth-st.html,stargut.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.106.160.2": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "bitsse.com,/us/ky/louisville/312-s-fourth-st.html,uncole.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.106.160.216": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "volof.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.106.160.229": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "23.106.160.229,/cx",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MATP; MATP)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "23.106.160.229,/push",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.106.160.61": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "wikibros.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.106.160.86": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "raills.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.106.215.199": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "stephq.com,/CWoNaJLBo/VTNeWw11212/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
- "HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.106.215.32": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "contedge.net,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.106.215.40": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "cuphq.com,/ga.js",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MATBJS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.106.223.151": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "foxreps.com,/us/ky/louisville/312-s-fourth-st.html,novause.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "foxreps.com,/us/ky/louisville/312-s-fourth-st.html,novause.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.106.223.172": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "resfox.com,/us/ky/louisville/312-s-fourth-st.html,zeroflip.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.106.223.27": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "arcnew.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "arcnew.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.19.227.165": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "facesh.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.19.227.204": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "pics.lockboxlink.com,/IE9CompatViewList.xml,black.lockboxlink.com,/g.pixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.227.194.185": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "23.227.194.185,/pixel.gif",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.81.246.24": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "repshd.com,/us/ky/louisville/312-s-fourth-st.html,pinglis.com,/us/ky/louisville/312-s-fourth-st.html,stargut.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "repshd.com,/us/ky/louisville/312-s-fourth-st.html,pinglis.com,/us/ky/louisville/312-s-fourth-st.html,stargut.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.81.246.46": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "contmetric.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
- "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.81.246.74": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "keyisa.com,/CWoNaJLBo/VTNeWw11212/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
- "HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "255",
- "C2 Server": "keyisa.com,/CWoNaJLBo/VTNeWw11212/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)",
- "HTTP Method Path 2": "/CWoNaJLBo/VTNeWw11213/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.81.246.89": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "amapai-technologies.space,/g.pixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENAU)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "amapai-technologies.space,/__utm.gif",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.83.133.240": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "amapai-technologies.site,/ptj",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "23.83.134.16": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "black.lockboxlink.com,/ga.js,pics.lockboxlink.com,/match",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAAU; NP08)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "black.lockboxlink.com,/ptj,pics.lockboxlink.com,/pixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "27.102.70.189": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "10000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "img.alicdn.com,/geo/collect/v1,at.alicdn.com,/geo/collect/v1,ald.taobao.com,/geo/collect/v1,www.aliyunbaike.com,/geo/collect/v1",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0;) like Gecko",
- "HTTP Method Path 2": "/collect/v1",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "31.14.40.143": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "31.14.40.143,/g.pixel",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "31.14.40.143,/push",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "31.187.64.199": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "10010",
- "Jitter": "1",
- "Maxdns": "255",
- "C2 Server": "d30qpb9e10re4o.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,dzep7n1lqmr18.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,d2qbce1fkipgyc.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,nix1.xyz,/gen_204eiT6EX_r4F3fqwHI9boDg",
- "User Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 15.0;) Gecko/20100101 Firefox/637.0",
- "HTTP Method Path 2": "/_/VisualFrontendUi/data/batchexecute",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "POST",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
- "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "31.187.64.231": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "10010",
- "Jitter": "1",
- "Maxdns": "255",
- "C2 Server": "d30qpb9e10re4o.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,dzep7n1lqmr18.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,d2qbce1fkipgyc.cloudfront.net,/gen_204eiT6EX_r4F3fqwHI9boDg,nix1.xyz,/gen_204eiT6EX_r4F3fqwHI9boDg",
- "User Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 15.0;) Gecko/20100101 Firefox/637.0",
- "HTTP Method Path 2": "/_/VisualFrontendUi/data/batchexecute",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "POST",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
- "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.122.109.210": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "37500",
- "Jitter": "33",
- "Maxdns": "245",
- "C2 Server": "3.122.109.210,/audio/",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
- "HTTP Method Path 2": "/melody/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
- "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.122.252.220": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "45000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "cdn1.srv-spotlfy.com,/js/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/js/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.124.3.252": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "20",
- "C2 Server": "3.127.139.203,/c/msdownload/update/others/2020/11/KB152288_",
- "HTTP Method Path 2": "/c/msdownload/update/others/2020/11/KB13434_",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.125.158.190": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "37500",
- "Jitter": "33",
- "Maxdns": "245",
- "C2 Server": "hydra1337.com,/audio/",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
- "HTTP Method Path 2": "/melody/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
- "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.126.209.180": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "C2 Server": "cob.maranshipssupplies.com,/_/scs/mail-static/_/js/",
- "HTTP Method Path 2": "/mail/u/0/",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.127.139.203": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "20",
- "C2 Server": "3.127.139.203,/c/msdownload/update/others/2020/11/KB152288_",
- "HTTP Method Path 2": "/c/msdownload/update/others/2020/11/KB13434_",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.127.150.208": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "C2 Server": "cob.maranshipssupplies.com,/_/scs/mail-static/_/js/",
- "HTTP Method Path 2": "/mail/u/0/",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "C2 Server": "cob.maranshipssupplies.com,/_/scs/mail-static/_/js/",
- "HTTP Method Path 2": "/mail/u/0/",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.128.244.129": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "30",
- "Maxdns": "99",
- "C2 Server": "analytics.itshealthpro.com,/logo",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/r_config",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "(pH\\xCD",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
- "Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.133.100.221": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "3.133.100.221,/cx",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.133.160.202": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "scripts.completelyinnocuousdomain.com,/updates.rss",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.135.189.104": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "810",
- "Jitter": "0",
- "Maxdns": "242",
- "C2 Server": "raymondjames.hostedconnectedrisk.com:,/access/",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
- "HTTP Method Path 2": "/radio/xmlrpc/v35",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "810",
- "Jitter": "0",
- "Maxdns": "242",
- "C2 Server": "raymondjames.hostedconnectedrisk.com:,/access/",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
- "HTTP Method Path 2": "/radio/xmlrpc/v35",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.135.47.125": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "47",
- "Maxdns": "255",
- "C2 Server": "DailyHealthGuide.org,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.136.109.67": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "Maxdns": "235",
- "C2 Server": "pentair-slack.com,/messages/C0527B0NM,3.136.109.67,/messages/C0527B0NM",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/api/api.test",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
- "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.136.160.122": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "telemetry.wessonlabpartners.com,/jquery-3.3.1.min.js,admitting.healthfitconnection.com,/jquery-3.3.1.min.js,skilled_nursing.healthmanagementtoday.com,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x03\\x88\\xA0z",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\spoolsv.exe",
- "Spawnto_x64": "%windir%\\sysnative\\spoolsv.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.137.139.119": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "service.office247.tech,/match",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.137.206.229": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "3.133.100.221,/cx",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.137.217.140": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "3.137.217.140,/cm",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; NP07; NP07)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.139.231.113": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "57081",
- "Jitter": "37",
- "C2 Server": "3.139.231.113,/ky",
- "HTTP Method Path 2": "/lv",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
- "Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "57081",
- "Jitter": "37",
- "C2 Server": "3.139.231.113,/ky",
- "HTTP Method Path 2": "/lv",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
- "Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "31.44.184.100": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "31.44.184.100,/dpixel",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "31.44.184.174": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "31.44.184.174,/ptj",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "31.44.184.174,/dot.gif",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "31.44.184.181": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "31.44.184.181,/ptj",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "31.44.184.56": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "31.44.184.56,/pixel.gif",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.16.136.106": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "37",
- "Maxdns": "255",
- "C2 Server": "ajax.microsoft.com,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe -k netsvcs",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k netsvcs",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.16.1.87": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "3.16.1.87,/dot.gif",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "3.16.1.87,/load",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.17.176.47": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "scripts.arshmedicalfoundation.com,/dot.gif",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.19.26.213": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "C2 Server": "ec2-3-19-26-213.us-east-2.compute.amazonaws.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
- "HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.22.101.152": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "C2 Server": "d6qg530ok85uj.cloudfront.net,/safebrowsing/fp/X5dYOhqFrKn95vdkmSCHODPEuY9",
- "HTTP Method Path 2": "/safebrowsing/fp/Xtsuqd9wDd34nVxGbIiRlzzODKYweAye7kEob",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mcbuilder.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mcbuilder.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "20",
- "C2 Server": "d6qg530ok85uj.cloudfront.net,/safebrowsing/fp/X5dYOhqFrKn95vdkmSCHODPEuY9",
- "HTTP Method Path 2": "/safebrowsing/fp/Xtsuqd9wDd34nVxGbIiRlzzODKYweAye7kEob",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mcbuilder.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mcbuilder.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.231.164.70": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "57970",
- "Jitter": "43",
- "Maxdns": "254",
- "C2 Server": "k8s.containerkubernetes.com,/bm",
- "User Agent": "Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1; Microsoft; RM-1152) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/br",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\xB7\\x08(1",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\runonce.exe",
- "Spawnto_x64": "%windir%\\sysnative\\runonce.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.234.215.191": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "10",
- "C2 Server": "secure.kaysHealthAndBeautySense.com,/recipe.html",
- "HTTP Method Path 2": "/italian",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.23.61.79": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "41000",
- "Jitter": "35",
- "C2 Server": "3.23.61.79,/c/msdownload/update/others/2019/12/mVKMlUG03GFQfOJ2FZUYNYaNl",
- "HTTP Method Path 2": "/msdownload/update/others/2019/12/lmT9iLxVAILu9XhSluVMNWXi9lAma",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
- "Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "41000",
- "Jitter": "35",
- "C2 Server": "3.23.61.79,/c/msdownload/update/others/2019/12/mVKMlUG03GFQfOJ2FZUYNYaNl",
- "HTTP Method Path 2": "/msdownload/update/others/2019/12/lmT9iLxVAILu9XhSluVMNWXi9lAma",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
- "Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.236.230.152": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "2700",
- "Jitter": "11",
- "Maxdns": "244",
- "C2 Server": "www.pepsicoamerica.com,/preload",
- "User Agent": "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB6 (.NET CLR 3.5.30729)",
- "HTTP Method Path 2": "/sa",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "1 (Use direct connection)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "2700",
- "Jitter": "11",
- "Maxdns": "244",
- "C2 Server": "www.pepsicoamerica.com,/preload",
- "User Agent": "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB6 (.NET CLR 3.5.30729)",
- "HTTP Method Path 2": "/sa",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "1 (Use direct connection)"
- }
- },
- "3.237.38.249": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "45000",
- "Jitter": "20",
- "C2 Server": "www.amzn-solutions.com,/page.jsp,help.amzn-solutions.com,/page.jsp,forum.dmcseddebtservices.com,/index.jsp,www.dmcseddebtservices.com,/process.jsp",
- "HTTP Method Path 2": "/search.jsp",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\wecutil.exe",
- "Spawnto_x64": "%windir%\\sysnative\\wecutil.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "45000",
- "Jitter": "20",
- "C2 Server": "www.amzn-solutions.com,/page.jsp,help.amzn-solutions.com,/process.jsp,forum.dmcseddebtservices.com,/index.jsp,www.dmcseddebtservices.com,/user.jsp",
- "HTTP Method Path 2": "/parse.jsp",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\wecutil.exe",
- "Spawnto_x64": "%windir%\\sysnative\\wecutil.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.250.193.216": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "400",
- "Jitter": "12",
- "C2 Server": "ehrclient-canary.teams.microsoft.com,/s/ref=nb_sb_noss_1/698-71218292-1534620/field-keywords=point",
- "HTTP Method Path 2": "/N5819/adj/amzn.us.sr.aps",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\net.exe",
- "Spawnto_x64": "%windir%\\sysnative\\net.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "400",
- "Jitter": "12",
- "C2 Server": "ehrclient-canary.teams.microsoft.com,/s/ref=nb_sb_noss_1/698-71218292-1534620/field-keywords=point",
- "HTTP Method Path 2": "/N5819/adj/amzn.us.sr.aps",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\net.exe",
- "Spawnto_x64": "%windir%\\sysnative\\net.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.25.232.105": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "C2 Server": "blog.widetechworld.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
- "HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "C:\\Windows\\syswow64\\svchost.exe -k localservice -p -s fdPHost",
- "Spawnto_x64": "C:\\Windows\\sysnative\\svchost.exe -k localservice -p -s fdPHost",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "34.121.230.223": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "about.inno-finance.com,/cx",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASB)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "34.200.243.234": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "20",
- "C2 Server": "api.bcbshealth.care,/complete/search",
- "HTTP Method Path 2": "/Complete_Search",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe",
- "Spawnto_x64": "C:\\Program Files\\internet explorer\\iexplore.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "34.201.140.145": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "34.201.140.145,/_/scs/mail-static/_/js/",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MAAU)",
- "HTTP Method Path 2": "/mail/u/0/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "34.203.235.59": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "20000",
- "Jitter": "20",
- "C2 Server": "sitehealthcheck.org,/oscp/",
- "HTTP Method Path 2": "/oscp/a/",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "20000",
- "Jitter": "20",
- "C2 Server": "sitehealthcheck.org,/oscp/",
- "HTTP Method Path 2": "/oscp/a/",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "34.211.110.219": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "nelnetbanks.com,/fwlink",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; InfoPath.3)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "34.212.57.1": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "ec2-34-212-57-1.us-west-2.compute.amazonaws.com,/ptj",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "34.217.5.107": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "30000",
- "Jitter": "50",
- "Maxdns": "255",
- "C2 Server": "secure.carestreamhealthcare.com,/__utm.gif",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/___utm.gif",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
- "Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "34.222.203.112": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5400",
- "Jitter": "12",
- "C2 Server": "creditnetfinance.com,/rs-apps/assets/images/portfolio",
- "HTTP Method Path 2": "/next-api/graphql",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\upnpcont.exe",
- "Spawnto_x64": "%windir%\\sysnative\\upnpcont.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5400",
- "Jitter": "12",
- "C2 Server": "creditnetfinance.com,/rs-apps/assets/images/portfolio",
- "HTTP Method Path 2": "/next-api/graphql",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\upnpcont.exe",
- "Spawnto_x64": "%windir%\\sysnative\\upnpcont.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "34.238.192.43": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "32051",
- "Jitter": "57",
- "Maxdns": "255",
- "C2 Server": "sharkfishinguk.com,/jquery-1.12.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 Edg/80.0.361.62",
- "HTTP Method Path 2": "/jquery-1.12.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\spoolsv.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "32051",
- "Jitter": "57",
- "Maxdns": "255",
- "C2 Server": "sharkfishinguk.com,/jquery-1.12.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 Edg/80.0.361.62",
- "HTTP Method Path 2": "/jquery-1.12.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\spoolsv.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "34.80.40.66": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "25000",
- "Jitter": "5",
- "Maxdns": "255",
- "C2 Server": "www.huijingwifi.com,/link",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3835.79",
- "HTTP Method Path 2": "/images/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "35.158.118.182": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "15",
- "C2 Server": "cob.maranshipssupplies.com,/_/scs/mail-static/_/js/",
- "HTTP Method Path 2": "/mail/u/0/",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "35.158.226.16": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "C2 Server": "rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants",
- "HTTP Method Path 2": "/vlk/xmlrpc/v2",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mavinject.exe",
- "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "C2 Server": "rijkzijn.nl,/vlk/grants,uwprivatebank.nl,/vlk/grants,systest.nl,/vlk/grants",
- "HTTP Method Path 2": "/vlk/xmlrpc/v2",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mavinject.exe",
- "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "35.176.207.20": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "20",
- "Maxdns": "235",
- "C2 Server": "35.176.207.20,/c/msdownload/update/others/2016/12/29136388_",
- "User Agent": "Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40",
- "HTTP Method Path 2": "/c/msdownload/update/others/2016/12/3215234_",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
- "Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "20",
- "Maxdns": "235",
- "C2 Server": "35.176.207.20,/c/msdownload/update/others/2016/12/29136388_",
- "User Agent": "Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40",
- "HTTP Method Path 2": "/c/msdownload/update/others/2016/12/3215234_",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
- "Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "35.192.90.50": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "55647",
- "Jitter": "39",
- "Maxdns": "254",
- "C2 Server": "recovery.healthfitconnection.com,/ticket",
- "User Agent": "Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0",
- "HTTP Method Path 2": "/wwwboard",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "D@\\xE68",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "35.193.193.149": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "35.193.193.149,/dot.gif",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAAU; NP08)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "35.221.158.178": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "35.221.158.178,/ptj",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; XBLWP7; ZuneWP7)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "35.241.143.134": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "20",
- "Maxdns": "235",
- "C2 Server": "control.commanderinthe.cloud,/search/",
- "User Agent": "Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/Search/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "37.252.120.101": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "10000",
- "Jitter": "15",
- "Maxdns": "255",
- "C2 Server": "37.252.120.101,/resolve/alter/",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS125526)",
- "HTTP Method Path 2": "/client/real/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "38.100.141.131": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "15000",
- "Jitter": "90",
- "Maxdns": "225",
- "C2 Server": "ecnads1.msn.com,/api2/json/access/ticket",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/gp/aw/ybh/handlers",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "h\\xD8<\\x84",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\SearchProtocolHost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\SearchProtocolHost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.85.60.172": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "32051",
- "Jitter": "57",
- "Maxdns": "255",
- "C2 Server": "banking.capitalviewfinance.com,/jquery-1.12.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 Edg/80.0.361.62",
- "HTTP Method Path 2": "/jquery-1.12.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\spoolsv.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.86.2.34": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5400",
- "Jitter": "12",
- "Maxdns": "255",
- "C2 Server": "roofstock-cdn5.azureedge.net,/rs-apps/assets/images/portfolio",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/next-api/graphql",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\upnpcont.exe",
- "Spawnto_x64": "%windir%\\sysnative\\upnpcont.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5400",
- "Jitter": "12",
- "Maxdns": "255",
- "C2 Server": "roofstock-cdn5.azureedge.net,/rs-apps/assets/images/portfolio",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/next-api/graphql",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\upnpcont.exe",
- "Spawnto_x64": "%windir%\\sysnative\\upnpcont.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "39.108.229.236": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "39.108.229.236,/match",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENXA)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "3.95.159.27": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "32051",
- "Jitter": "57",
- "Maxdns": "255",
- "C2 Server": "sharkfishinguk.com,/jquery-1.12.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 Edg/80.0.361.62",
- "HTTP Method Path 2": "/jquery-1.12.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\svchost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\spoolsv.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "39.98.84.58": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "www.microport.com.cn,/zC",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/dE",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "39.99.60.123": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "39.99.60.123,/cx",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MDDCJS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "40.113.217.182": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "40.113.217.182,/__utm.gif",
- "HTTP Method Path 2": "/___utm.gif",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\explorer.exe",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "40.113.217.182,/__utm.gif",
- "HTTP Method Path 2": "/___utm.gif",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\explorer.exe",
- "Spawnto_x64": "%windir%\\sysnative\\svchost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "40.117.40.46": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "wmjdvuif.limyonly.me,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "40.122.106.213": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "37000",
- "Jitter": "25",
- "C2 Server": "api.aperture.network,/functionalStatus",
- "HTTP Method Path 2": "/rest/2/meetings",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
- "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "43.240.15.68": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "5.180.99.65,/dot.gif",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "43.243.171.226": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "30",
- "Maxdns": "255",
- "C2 Server": "43.243.171.226,/cache/global/img/aladdinIcon-1.0.gif",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
- "HTTP Method Path 2": "/link",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "30",
- "Maxdns": "255",
- "C2 Server": "43.243.171.226,/cache/global/img/aladdinIcon-1.0.gif",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
- "HTTP Method Path 2": "/link",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "44.231.58.231": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "225",
- "C2 Server": "dist.nuget.org,/cgi-bin/certstore/,ajax.aspnetcdn.com,/cgi-bin/certstore/",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36",
- "HTTP Method Path 2": "/pem/office.microsoft.com/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "(pH\\xCD",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "225",
- "C2 Server": "dist.nuget.org,/cgi-bin/certstore/,ajax.aspnetcdn.com,/cgi-bin/certstore/",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36",
- "HTTP Method Path 2": "/pem/office.microsoft.com/",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "(pH\\xCD",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "44.234.72.246": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "44.234.72.246,/cx",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;SVSE)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "45.128.156.102": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "mixdir.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "45.138.172.80": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "57000",
- "Jitter": "41",
- "C2 Server": "meadowstonto.com,/fo.html",
- "HTTP Method Path 2": "/default",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "45.14.149.202": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "45.14.149.202,/activity",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 2.0.50727)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "45.14.149.202,/pixel.gif",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "45.141.84.32": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "45.141.84.32,/IE9CompatViewList.xml",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "45.146.165.140": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "45.146.165.140,/IE9CompatViewList.xml",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "45.147.229.44": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60283",
- "Jitter": "39",
- "Maxdns": "249",
- "C2 Server": "mn.backup-helper.com,/template.css,nm.backup-helper.com,/fam_calendar.css,ws.backup-helper.com,/fam_calendar.css",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246",
- "HTTP Method Path 2": "/gv",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x1E\\xBEI\\x86",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "45.147.230.0": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "amajai-technologies.online,/push",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "amajai-technologies.online,/en_US/all.js",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "45.153.243.215": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "amajai-technologies.support,/g.pixel",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "45.170.251.101": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "45.170.251.101,/ga.js",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "C2 Server": "45.170.251.101,/updates.rss",
- "HTTP Method Path 2": "/submit.php",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "45.199.110.164": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "wyx.3utilities.com,/IE9CompatViewList.xml",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) LBBROWSER",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "45.207.49.205": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "45.207.49.205,/updates",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
- "HTTP Method Path 2": "/windebug/updcheck.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "45.207.49.205,/updates",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0",
- "HTTP Method Path 2": "/aero2/fly.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x04\\x04",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "45.32.52.188": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "10000",
- "Jitter": "41",
- "Maxdns": "67",
- "C2 Server": "45.32.52.188,/settings",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.75 Safari/537.36",
- "HTTP Method Path 2": "/collect/v1",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\xDF\\x05\\x05\\x05",
- "DNS Sleep": "0",
- "Method1": "POST",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\msiexec.exe",
- "Spawnto_x64": "%windir%\\sysnative\\msiexec.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "10000",
- "Jitter": "41",
- "Maxdns": "67",
- "C2 Server": "45.32.52.188,/settings",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.75 Safari/537.36",
- "HTTP Method Path 2": "/collect/v1",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\xDF\\x05\\x05\\x05",
- "DNS Sleep": "0",
- "Method1": "POST",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\msiexec.exe",
- "Spawnto_x64": "%windir%\\sysnative\\msiexec.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "45.33.27.73": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "45.33.27.73,/dpixel",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "45.58.116.242": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "10",
- "Maxdns": "235",
- "C2 Server": "withfix.com,/us/ky/louisville/312-s-fourth-st.html",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)",
- "HTTP Method Path 2": "/OrderEntryService.asmx/AddOrderLine",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "45.64.186.249": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "45.64.186.249,/static/v3/logo2.gif",
- "User Agent": "Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Java/1.5.0_08",
- "HTTP Method Path 2": "/static/v3/logo1.gif",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "45.67.229.168": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "53000",
- "Jitter": "34",
- "Maxdns": "255",
- "C2 Server": "45.67.229.168,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "J}\\xC4q",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe",
- "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "45.76.48.40": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "45.76.48.40,/ptj",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "46.161.27.220": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "46.161.27.220,/ptj",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "46.166.128.234": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "46.166.128.234,/cx",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "46.166.129.176": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "46.166.129.169,/load",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "46.166.162.165": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "46.166.162.165,/pixel.gif",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "46.166.162.165,/j.ad",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Avant Browser)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "46.166.162.97": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "46.166.162.97,/cx",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "46.30.189.89": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "top.jimwilkens.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
- "HTTP Method Path 2": "/N4215/adj/amzn.us.sr.aps",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\mstsc.exe",
- "Spawnto_x64": "%windir%\\sysnative\\mstsc.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "46.8.180.147": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "46.8.180.147,/visit.js",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "46.8.180.147,/cm",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "47.101.214.85": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "47.101.214.85,/dpixel",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "47.104.11.169": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "47.104.11.169,/pixel",
- "User Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "47.104.11.169,/cx",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENIN)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "47.104.156.242": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "50",
- "Maxdns": "244",
- "C2 Server": "47.104.156.242,/v1/act",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/82.0.4068.4 Safari/537.36",
- "HTTP Method Path 2": "/v2/api",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
- "Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "50",
- "Maxdns": "244",
- "C2 Server": "47.104.156.242,/v1/act",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/82.0.4068.4 Safari/537.36",
- "HTTP Method Path 2": "/v2/do",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x08\\x08\\x08\\x08",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\WerFault.exe",
- "Spawnto_x64": "%windir%\\sysnative\\WerFault.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "47.111.134.70": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "59768",
- "Jitter": "41",
- "Maxdns": "253",
- "C2 Server": "47.111.134.70,/mt",
- "User Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0",
- "HTTP Method Path 2": "/language",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "d \\x8E\\x86",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "59768",
- "Jitter": "41",
- "Maxdns": "253",
- "C2 Server": "47.111.134.70,/eo",
- "User Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0",
- "HTTP Method Path 2": "/ny",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "d \\x8E\\x86",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\regsvr32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\regsvr32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "47.114.35.225": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "8658",
- "Jitter": "37",
- "Maxdns": "243",
- "C2 Server": "47.114.35.225,/gv",
- "User Agent": "Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202",
- "HTTP Method Path 2": "/an",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\xC1\\x19\\xB3p",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe",
- "Spawnto_x64": "%windir%\\sysnative\\WUAUCLT.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "47.242.140.1": {
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "37500",
- "Jitter": "33",
- "Maxdns": "245",
- "C2 Server": "36.102.212.68,/modcp,221.236.11.67,/mobile-home,58.218.215.93,/mobile-home,118.123.241.208,/modcp,222.222.88.77,/mobile-home,121.9.212.217,/mt,175.6.235.200,/modcp,118.123.241.208,/mt,121.9.212.217,/modcp,125.37.206.224,/modcp,58.218.215.129,/mobile-home",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
- "HTTP Method Path 2": "/Admin",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "rrrr",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "GET",
- "Spawnto_x86": "%windir%\\syswow64\\gpupdate.exe",
- "Spawnto_x64": "%windir%\\sysnative\\gpupdate.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "47.56.144.122": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "47.56.144.122,/visit.js",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP08; MAAU; NP08)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },
- "x64": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "47.56.144.122,/updates.rss",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "47.95.37.84": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "5000",
- "Jitter": "50",
- "Maxdns": "255",
- "C2 Server": "47.95.37.84,/jquery-3.3.1.min.js",
- "User Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) WebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
- "HTTP Method Path 2": "/jquery-3.3.2.min.js",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\notepad.exe",
- "Spawnto_x64": "%windir%\\sysnative\\notepad.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- }
- },
- "47.97.65.242": {
- "x86": {
- "BeaconType": "8 (HTTPS)",
- "Port": "443",
- "Polling": "60000",
- "Jitter": "0",
- "Maxdns": "255",
- "C2 Server": "47.97.65.242,/ptj",
- "User Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)",
- "HTTP Method Path 2": "/submit.php",
- "Header1": "",
- "Header2": "",
- "PipeName": "",
- "DNS Idle": "\\x00\\x00\\x00\\x00",
- "DNS Sleep": "0",
- "Method1": "GET",
- "Method2": "POST",
- "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe",
- "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe",
- "Proxy_AccessType": "2 (Use IE settings)"
- },