SHARE
TWEET

CobaltStrike_IOC's_24-04-2019

G0dR4p3 Apr 24th, 2019 (edited) 1,170 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #CobaltStrike #Trojan
  2. --------------------------------------
  3. 24-04-2019              IOC's
  4. --------------------------------------
  5. Main object- "6043c45ca9038e45457bb13133109d647417776cd57b75468821f2b68d190a1c_EGnjJdSQul.bin.gz"
  6.     sha256  7b0bc361d72fe47e878fc3ab4f89310b7a61299b497c0864a0251a75caf98ed4   
  7.     sha1    9a82bfbbac3624981c3367c55d0074c1874f81c4   
  8.     md5 a99623793e5f95cf7d6cbba60b24ee5f   
  9. Dropped executable file
  10.     sha256  C:\Users\admin\Desktop\6043c45ca9038e45457bb13133109d647417776cd57b75468821f2b68d190a1c_EGnjJdSQul.bin.gz   6043c45ca9038e45457bb13133109d647417776cd57b75468821f2b68d190a1c   
  11.     sha256  C:\Users\admin\AppData\Local\Temp\65d1.dll  599c5da710ef234060827921f9e93540f7c5d15720b75f23f4c729b42f41ec16   
  12.     sha256  C:\Users\admin\AppData\Local\Temp\ce97.dll  bf941dc3f3ba9bc970e8facc8715cae6db19d20b286b03815bbf9f74d25f3fcd   
  13. Connections
  14.     ip  104.248.41.209 
  15. HTTP/HTTPS requests
  16.     url http://104.248.41.209/m9lJ 
  17.     url http://104.248.41.209/TRAINING-BEACON  
  18.     url http://104.248.41.209/TRAINING-BEACON/submit.php?id=65 
  19.     url http://104.248.41.209/TRAINING-BEACON/submit.php?id=7629   
  20.     url http://104.248.41.209/fmGB 
  21.     url http://104.248.41.209/a3qW 
  22.     url http://104.248.41.209/TRAINING-BEACON/submit.php?id=53773
  23. ----------------------------------------
  24. Main object- "28c37415d6b60441a1a4ee2c2e375fcd5d80646050ea2ccb3890aaa538e64c16_4QukeoaQV8.bin.gz"
  25.     sha256  6d25821830765bc1bba5d43c2401642d5832e9166382b2ce51c5891893a8c1a7   
  26.     sha1    72e3d81ec1e24a1b94c9e012717f0df5ad002374   
  27.     md5 24bc2b871d68f3ef47e12779972b1a0e   
  28. Connections
  29.     ip  165.22.67.64   
  30. HTTP/HTTPS requests
  31.     url http://165.22.67.64/UJyD   
  32.     url http://165.22.67.64/TRAINING-BEACON
  33.     url http://165.22.67.64/TRAINING-BEACON/submit.php?id=48495
  34. -----------------------------------------
  35. Main object- "3a1d6417c9103190ca10bd457448da4fc7f244949989997c049df519196de118_LZ7YguMGww.bin.gz"
  36.     sha256  29a4c58b30a6b79e8fbc25f7f3f6baadc5b14ce9a5f851ce380fc5aedc94a38b   
  37.     sha1    f727298b5e6d7a447afd637f06dbc66abbe9a559   
  38.     md5 960f803723c8b53d33721d8ba44eddca   
  39. Dropped executable file
  40.     sha256  C:\Users\admin\AppData\Local\Temp\e54c.dll  8113c0daae8d85ec0f4c258b56b3f4c5d0f15670ce15b4d625f2cb25071067e7   
  41. Connections
  42.     ip  165.22.80.225  
  43. HTTP/HTTPS requests
  44.     url http://165.22.80.225/h3wJ  
  45.     url http://165.22.80.225/TRAINING-BEACON   
  46.     url http://165.22.80.225/TRAINING-BEACON/submit.php?id=20476   
  47.     url http://165.22.80.225/TaUR  
  48.     url http://165.22.80.225/TRAINING-BEACON/submit.php?id=80619   
  49.     url http://165.22.80.225/TRAINING-BEACON/submit.php?id=74752   
  50.     url http://165.22.80.225/WpKJ  
  51.     url http://165.22.80.225/h1Xk  
  52.     url http://165.22.80.225/TRAINING-BEACON/submit.php?id=58204
  53. ----------------------------------------
  54. Main object- "734ca7fc580369ce5e49c813eb5a0749dc41c4c078cfb67336bf85b711b88d1c_ovMljblg40.bin.gz"
  55.     sha256  d29fb2dfa73442d01c6fec2eace67e4e54fdb0b818865a3d0f9f9aa49c400853   
  56.     sha1    a3184dc5d2cff2d1543007d2f2610cf5504ed221   
  57.     md5 53522f9c8457c3c8be55dc4d8068c5b2   
  58. Connections
  59.     ip  104.248.248.47 
  60. HTTP/HTTPS requests
  61.     url http://104.248.248.47/baCV 
  62.     url http://104.248.248.47/TRAINING-BEACON  
  63.     url http://104.248.248.47/TRAINING-BEACON/submit.php?id=77541
  64. ---------------------------------------------
  65. Main object- "aef703b3c0222fae2afdbdf558cfef1aa327c06608d4c583a9c1a6dcaa169c47_sdseYgbUsY.bin.gz"
  66.     sha256  e9a5fe4b055b82be4a4dea0378fd81fea87918dc2145bddc662bb81d04f40f72   
  67.     sha1    da53ebe7646a2be25fa3efd9f6c2d8baececf8cb   
  68.     md5 0fd704a517985635cfd3ff05ba279653   
  69. Connections
  70.     ip  165.22.71.42   
  71. HTTP/HTTPS requests
  72.     url http://165.22.71.42/aU1u   
  73.     url http://165.22.71.42/TRAINING-BEACON
  74.     url http://165.22.71.42/TRAINING-BEACON/submit.php?id=77772
  75. -------------------------------------------
  76. Main object- "77b402f607f7d01aaa9b50e302a2eadc15a7ea1ca1c21f7a62cdfadd304d2193_2Gb5Ydxkrq.bin.gz"
  77.     sha256  e6337adaecb0de0bade65281610d304524c32a47bd13e2d99629d2bba99343f4   
  78.     sha1    af41c428d15371d23e5c4ffea3d9818f0d8e0126   
  79.     md5 593ba570fff0f27294e3466e610859d1   
  80. Dropped executable file
  81.     sha256  C:\Users\admin\AppData\Local\Temp\rad4D0EE.tmp\evil.exe 8a30099e59508e4eefd88b2035a61b380a06fd919c99389cb62f786e51c0e756   
  82. Connections
  83.     ip  165.22.75.186  
  84. HTTP/HTTPS requests
  85.     url http://165.22.75.186/BXmU  
  86.     url http://165.22.75.186/TRAINING-BEACON   
  87.     url http://165.22.75.186/TRAINING-BEACON/submit.php?id=40405
  88. -------------------------------------------
  89. Main object- "18166a89ab82154b94b62f1adbaa8986481338edc28603c89b153514b5d65d7f_T5jVgbUeP2.bin.gz"
  90.     sha256  931606a8ab980049916a5060c8c66dc56cb8d5b53c5db0cf73bd863eff68ea01   
  91.     sha1    723fb565b6feced44de5c6dc46d42f6599e49713   
  92.     md5 9395cd31fe30a17843057e25d3a9cb8a   
  93. Dropped executable file
  94.     sha256  C:\Users\admin\Desktop\18166a89ab82154b94b62f1adbaa8986481338edc28603c89b153514b5d65d7f_T5jVgbUeP2.bin.gz   18166a89ab82154b94b62f1adbaa8986481338edc28603c89b153514b5d65d7f   
  95. DNS requests
  96.            
  97. Connections
  98.     ip  165.22.67.165  
  99.     ip  195.138.255.24 
  100. HTTP/HTTPS requests
  101.     url http://165.22.67.165/TRAINING-BEACON   
  102.     url http://165.22.67.165/aaMM  
  103.     url http://165.22.67.165/TRAINING-BEACON/submit.php?id=34350
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top