Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #CobaltStrike #Trojan
- --------------------------------------
- 24-04-2019 IOC's
- --------------------------------------
- Main object- "6043c45ca9038e45457bb13133109d647417776cd57b75468821f2b68d190a1c_EGnjJdSQul.bin.gz"
- sha256 7b0bc361d72fe47e878fc3ab4f89310b7a61299b497c0864a0251a75caf98ed4
- sha1 9a82bfbbac3624981c3367c55d0074c1874f81c4
- md5 a99623793e5f95cf7d6cbba60b24ee5f
- Dropped executable file
- sha256 C:\Users\admin\Desktop\6043c45ca9038e45457bb13133109d647417776cd57b75468821f2b68d190a1c_EGnjJdSQul.bin.gz 6043c45ca9038e45457bb13133109d647417776cd57b75468821f2b68d190a1c
- sha256 C:\Users\admin\AppData\Local\Temp\65d1.dll 599c5da710ef234060827921f9e93540f7c5d15720b75f23f4c729b42f41ec16
- sha256 C:\Users\admin\AppData\Local\Temp\ce97.dll bf941dc3f3ba9bc970e8facc8715cae6db19d20b286b03815bbf9f74d25f3fcd
- Connections
- ip 104.248.41.209
- HTTP/HTTPS requests
- url http://104.248.41.209/m9lJ
- url http://104.248.41.209/TRAINING-BEACON
- url http://104.248.41.209/TRAINING-BEACON/submit.php?id=65
- url http://104.248.41.209/TRAINING-BEACON/submit.php?id=7629
- url http://104.248.41.209/fmGB
- url http://104.248.41.209/a3qW
- url http://104.248.41.209/TRAINING-BEACON/submit.php?id=53773
- ----------------------------------------
- Main object- "28c37415d6b60441a1a4ee2c2e375fcd5d80646050ea2ccb3890aaa538e64c16_4QukeoaQV8.bin.gz"
- sha256 6d25821830765bc1bba5d43c2401642d5832e9166382b2ce51c5891893a8c1a7
- sha1 72e3d81ec1e24a1b94c9e012717f0df5ad002374
- md5 24bc2b871d68f3ef47e12779972b1a0e
- Connections
- ip 165.22.67.64
- HTTP/HTTPS requests
- url http://165.22.67.64/UJyD
- url http://165.22.67.64/TRAINING-BEACON
- url http://165.22.67.64/TRAINING-BEACON/submit.php?id=48495
- -----------------------------------------
- Main object- "3a1d6417c9103190ca10bd457448da4fc7f244949989997c049df519196de118_LZ7YguMGww.bin.gz"
- sha256 29a4c58b30a6b79e8fbc25f7f3f6baadc5b14ce9a5f851ce380fc5aedc94a38b
- sha1 f727298b5e6d7a447afd637f06dbc66abbe9a559
- md5 960f803723c8b53d33721d8ba44eddca
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\Temp\e54c.dll 8113c0daae8d85ec0f4c258b56b3f4c5d0f15670ce15b4d625f2cb25071067e7
- Connections
- ip 165.22.80.225
- HTTP/HTTPS requests
- url http://165.22.80.225/h3wJ
- url http://165.22.80.225/TRAINING-BEACON
- url http://165.22.80.225/TRAINING-BEACON/submit.php?id=20476
- url http://165.22.80.225/TaUR
- url http://165.22.80.225/TRAINING-BEACON/submit.php?id=80619
- url http://165.22.80.225/TRAINING-BEACON/submit.php?id=74752
- url http://165.22.80.225/WpKJ
- url http://165.22.80.225/h1Xk
- url http://165.22.80.225/TRAINING-BEACON/submit.php?id=58204
- ----------------------------------------
- Main object- "734ca7fc580369ce5e49c813eb5a0749dc41c4c078cfb67336bf85b711b88d1c_ovMljblg40.bin.gz"
- sha256 d29fb2dfa73442d01c6fec2eace67e4e54fdb0b818865a3d0f9f9aa49c400853
- sha1 a3184dc5d2cff2d1543007d2f2610cf5504ed221
- md5 53522f9c8457c3c8be55dc4d8068c5b2
- Connections
- ip 104.248.248.47
- HTTP/HTTPS requests
- url http://104.248.248.47/baCV
- url http://104.248.248.47/TRAINING-BEACON
- url http://104.248.248.47/TRAINING-BEACON/submit.php?id=77541
- ---------------------------------------------
- Main object- "aef703b3c0222fae2afdbdf558cfef1aa327c06608d4c583a9c1a6dcaa169c47_sdseYgbUsY.bin.gz"
- sha256 e9a5fe4b055b82be4a4dea0378fd81fea87918dc2145bddc662bb81d04f40f72
- sha1 da53ebe7646a2be25fa3efd9f6c2d8baececf8cb
- md5 0fd704a517985635cfd3ff05ba279653
- Connections
- ip 165.22.71.42
- HTTP/HTTPS requests
- url http://165.22.71.42/aU1u
- url http://165.22.71.42/TRAINING-BEACON
- url http://165.22.71.42/TRAINING-BEACON/submit.php?id=77772
- -------------------------------------------
- Main object- "77b402f607f7d01aaa9b50e302a2eadc15a7ea1ca1c21f7a62cdfadd304d2193_2Gb5Ydxkrq.bin.gz"
- sha256 e6337adaecb0de0bade65281610d304524c32a47bd13e2d99629d2bba99343f4
- sha1 af41c428d15371d23e5c4ffea3d9818f0d8e0126
- md5 593ba570fff0f27294e3466e610859d1
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\Temp\rad4D0EE.tmp\evil.exe 8a30099e59508e4eefd88b2035a61b380a06fd919c99389cb62f786e51c0e756
- Connections
- ip 165.22.75.186
- HTTP/HTTPS requests
- url http://165.22.75.186/BXmU
- url http://165.22.75.186/TRAINING-BEACON
- url http://165.22.75.186/TRAINING-BEACON/submit.php?id=40405
- -------------------------------------------
- Main object- "18166a89ab82154b94b62f1adbaa8986481338edc28603c89b153514b5d65d7f_T5jVgbUeP2.bin.gz"
- sha256 931606a8ab980049916a5060c8c66dc56cb8d5b53c5db0cf73bd863eff68ea01
- sha1 723fb565b6feced44de5c6dc46d42f6599e49713
- md5 9395cd31fe30a17843057e25d3a9cb8a
- Dropped executable file
- sha256 C:\Users\admin\Desktop\18166a89ab82154b94b62f1adbaa8986481338edc28603c89b153514b5d65d7f_T5jVgbUeP2.bin.gz 18166a89ab82154b94b62f1adbaa8986481338edc28603c89b153514b5d65d7f
- DNS requests
- Connections
- ip 165.22.67.165
- ip 195.138.255.24
- HTTP/HTTPS requests
- url http://165.22.67.165/TRAINING-BEACON
- url http://165.22.67.165/aaMM
- url http://165.22.67.165/TRAINING-BEACON/submit.php?id=34350
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement