API tools faq
paste
Advertisement
G0dR4p3

CobaltStrike_IOC's_24-04-2019

G0dR4p3
Apr 24th, 2019
1,488
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.94 KB | None | 0 0
raw download clone embed print report
  1. #CobaltStrike #Trojan
  2. --------------------------------------
  3. 24-04-2019 IOC's
  4. --------------------------------------
  5. Main object- "6043c45ca9038e45457bb13133109d647417776cd57b75468821f2b68d190a1c_EGnjJdSQul.bin.gz"
  6. sha256 7b0bc361d72fe47e878fc3ab4f89310b7a61299b497c0864a0251a75caf98ed4
  7. sha1 9a82bfbbac3624981c3367c55d0074c1874f81c4
  8. md5 a99623793e5f95cf7d6cbba60b24ee5f
  9. Dropped executable file
  10. sha256 C:\Users\admin\Desktop\6043c45ca9038e45457bb13133109d647417776cd57b75468821f2b68d190a1c_EGnjJdSQul.bin.gz 6043c45ca9038e45457bb13133109d647417776cd57b75468821f2b68d190a1c
  11. sha256 C:\Users\admin\AppData\Local\Temp\65d1.dll 599c5da710ef234060827921f9e93540f7c5d15720b75f23f4c729b42f41ec16
  12. sha256 C:\Users\admin\AppData\Local\Temp\ce97.dll bf941dc3f3ba9bc970e8facc8715cae6db19d20b286b03815bbf9f74d25f3fcd
  13. Connections
  14. ip 104.248.41.209
  15. HTTP/HTTPS requests
  16. url http://104.248.41.209/m9lJ
  17. url http://104.248.41.209/TRAINING-BEACON
  18. url http://104.248.41.209/TRAINING-BEACON/submit.php?id=65
  19. url http://104.248.41.209/TRAINING-BEACON/submit.php?id=7629
  20. url http://104.248.41.209/fmGB
  21. url http://104.248.41.209/a3qW
  22. url http://104.248.41.209/TRAINING-BEACON/submit.php?id=53773
  23. ----------------------------------------
  24. Main object- "28c37415d6b60441a1a4ee2c2e375fcd5d80646050ea2ccb3890aaa538e64c16_4QukeoaQV8.bin.gz"
  25. sha256 6d25821830765bc1bba5d43c2401642d5832e9166382b2ce51c5891893a8c1a7
  26. sha1 72e3d81ec1e24a1b94c9e012717f0df5ad002374
  27. md5 24bc2b871d68f3ef47e12779972b1a0e
  28. Connections
  29. ip 165.22.67.64
  30. HTTP/HTTPS requests
  31. url http://165.22.67.64/UJyD
  32. url http://165.22.67.64/TRAINING-BEACON
  33. url http://165.22.67.64/TRAINING-BEACON/submit.php?id=48495
  34. -----------------------------------------
  35. Main object- "3a1d6417c9103190ca10bd457448da4fc7f244949989997c049df519196de118_LZ7YguMGww.bin.gz"
  36. sha256 29a4c58b30a6b79e8fbc25f7f3f6baadc5b14ce9a5f851ce380fc5aedc94a38b
  37. sha1 f727298b5e6d7a447afd637f06dbc66abbe9a559
  38. md5 960f803723c8b53d33721d8ba44eddca
  39. Dropped executable file
  40. sha256 C:\Users\admin\AppData\Local\Temp\e54c.dll 8113c0daae8d85ec0f4c258b56b3f4c5d0f15670ce15b4d625f2cb25071067e7
  41. Connections
  42. ip 165.22.80.225
  43. HTTP/HTTPS requests
  44. url http://165.22.80.225/h3wJ
  45. url http://165.22.80.225/TRAINING-BEACON
  46. url http://165.22.80.225/TRAINING-BEACON/submit.php?id=20476
  47. url http://165.22.80.225/TaUR
  48. url http://165.22.80.225/TRAINING-BEACON/submit.php?id=80619
  49. url http://165.22.80.225/TRAINING-BEACON/submit.php?id=74752
  50. url http://165.22.80.225/WpKJ
  51. url http://165.22.80.225/h1Xk
  52. url http://165.22.80.225/TRAINING-BEACON/submit.php?id=58204
  53. ----------------------------------------
  54. Main object- "734ca7fc580369ce5e49c813eb5a0749dc41c4c078cfb67336bf85b711b88d1c_ovMljblg40.bin.gz"
  55. sha256 d29fb2dfa73442d01c6fec2eace67e4e54fdb0b818865a3d0f9f9aa49c400853
  56. sha1 a3184dc5d2cff2d1543007d2f2610cf5504ed221
  57. md5 53522f9c8457c3c8be55dc4d8068c5b2
  58. Connections
  59. ip 104.248.248.47
  60. HTTP/HTTPS requests
  61. url http://104.248.248.47/baCV
  62. url http://104.248.248.47/TRAINING-BEACON
  63. url http://104.248.248.47/TRAINING-BEACON/submit.php?id=77541
  64. ---------------------------------------------
  65. Main object- "aef703b3c0222fae2afdbdf558cfef1aa327c06608d4c583a9c1a6dcaa169c47_sdseYgbUsY.bin.gz"
  66. sha256 e9a5fe4b055b82be4a4dea0378fd81fea87918dc2145bddc662bb81d04f40f72
  67. sha1 da53ebe7646a2be25fa3efd9f6c2d8baececf8cb
  68. md5 0fd704a517985635cfd3ff05ba279653
  69. Connections
  70. ip 165.22.71.42
  71. HTTP/HTTPS requests
  72. url http://165.22.71.42/aU1u
  73. url http://165.22.71.42/TRAINING-BEACON
  74. url http://165.22.71.42/TRAINING-BEACON/submit.php?id=77772
  75. -------------------------------------------
  76. Main object- "77b402f607f7d01aaa9b50e302a2eadc15a7ea1ca1c21f7a62cdfadd304d2193_2Gb5Ydxkrq.bin.gz"
  77. sha256 e6337adaecb0de0bade65281610d304524c32a47bd13e2d99629d2bba99343f4
  78. sha1 af41c428d15371d23e5c4ffea3d9818f0d8e0126
  79. md5 593ba570fff0f27294e3466e610859d1
  80. Dropped executable file
  81. sha256 C:\Users\admin\AppData\Local\Temp\rad4D0EE.tmp\evil.exe 8a30099e59508e4eefd88b2035a61b380a06fd919c99389cb62f786e51c0e756
  82. Connections
  83. ip 165.22.75.186
  84. HTTP/HTTPS requests
  85. url http://165.22.75.186/BXmU
  86. url http://165.22.75.186/TRAINING-BEACON
  87. url http://165.22.75.186/TRAINING-BEACON/submit.php?id=40405
  88. -------------------------------------------
  89. Main object- "18166a89ab82154b94b62f1adbaa8986481338edc28603c89b153514b5d65d7f_T5jVgbUeP2.bin.gz"
  90. sha256 931606a8ab980049916a5060c8c66dc56cb8d5b53c5db0cf73bd863eff68ea01
  91. sha1 723fb565b6feced44de5c6dc46d42f6599e49713
  92. md5 9395cd31fe30a17843057e25d3a9cb8a
  93. Dropped executable file
  94. sha256 C:\Users\admin\Desktop\18166a89ab82154b94b62f1adbaa8986481338edc28603c89b153514b5d65d7f_T5jVgbUeP2.bin.gz 18166a89ab82154b94b62f1adbaa8986481338edc28603c89b153514b5d65d7f
  95. DNS requests
  96.  
  97. Connections
  98. ip 165.22.67.165
  99. ip 195.138.255.24
  100. HTTP/HTTPS requests
  101. url http://165.22.67.165/TRAINING-BEACON
  102. url http://165.22.67.165/aaMM
  103. url http://165.22.67.165/TRAINING-BEACON/submit.php?id=34350
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!