1564823096 | 2025-01-15T06:04:46.510845
22 /
tcp
SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
Key type: ecdsa-sha2-nistp256
Key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIGsJhfcoMuv9atky8SPyUsv
d1U/Htt1R/CU6ZmpBhtZgdeJ6vZIMs50F8qq+rsJNHjjusV2m/Af1pZ++caFM7s=
Fingerprint: 1d:0e:ad:ca:29:c3:9a:d9:a0:86:4f:e4:79:da:95:fb
Kex Algorithms:
curve25519-sha256
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
sntrup761x25519-sha512@openssh.com
diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group14-sha256
kex-strict-s-v00@openssh.com
Server Host Key Algorithms:
rsa-sha2-512
rsa-sha2-256
ecdsa-sha2-nistp256
ssh-ed25519
Encryption Algorithms:
chacha20-poly1305@openssh.com
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
MAC Algorithms:
umac-64-etm@openssh.com
umac-128-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha1-etm@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1
Compression Algorithms:
none
zlib@openssh.com
105479038 | 2025-01-11T07:44:36.653264
443 /
tcp
HTTP/1.1 404 Not Found
Date: Sat, 11 Jan 2025 07:44:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/plain
Brightspot-Id: 00000459-72af-a783-feef2189
Cache-Control: max-age=27039580
X-Content-Type-Options: nosniff
X-Powered-By: Brightspot
Vary: Accept-Encoding
Connection: close
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTPS
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Host: www.baidu.com
Accept: */*
Accept-Language: en-US
Connection: close
_
http-get.uri: 87.120.115.8,/siie=utf-8&f=8&rsv_bp=1&rsv_idx=1&ch=&tn=baidu&bar=&wd=
http-get.verb: GET
http-post.client:
Host: pss.bdstatic.com
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Accept: */*
Accept-Language: en
Connection: close
includeCoorganizers
http-post.uri: /r/www/static/assets/mirror-san/app/miaodong-logo_d5aa8ae.png
http-post.verb: POST
jitter: 25
maxgetsize: 3146759
port: 443
post-ex.spawnto_x64: %windir%\sysnative\secinit.exe
post-ex.spawnto_x86: %windir%\syswow64\RmClient.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: 40ed048138df0b3e23a0ef24dc5efa1a
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 66cac9860bdc449bdfb210dccb024389
sleeptime: 50000
stage.cleanup: 1
useragent_header: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 OPR/111.0.0.0 (Edition Yx 03)
watermark: 666666666
x64:
beacon_type: HTTPS
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Host: www.baidu.com
Accept: */*
Accept-Language: en-US
Connection: close
_
http-get.uri: 87.120.115.8,/siie=utf-8&f=8&rsv_bp=1&rsv_idx=1&ch=&tn=baidu&bar=&wd=
http-get.verb: GET
http-post.client:
Host: pss.bdstatic.com
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Accept: */*
Accept-Language: en
Connection: close
includeCoorganizers
http-post.uri: /r/www/static/assets/mirror-san/app/miaodong-logo_d5aa8ae.png
http-post.verb: POST
jitter: 25
maxgetsize: 3146759
port: 443
post-ex.spawnto_x64: %windir%\sysnative\secinit.exe
post-ex.spawnto_x86: %windir%\syswow64\RmClient.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: 40ed048138df0b3e23a0ef24dc5efa1a
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 66cac9860bdc449bdfb210dccb024389
sleeptime: 50000
stage.cleanup: 1
useragent_header: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 OPR/111.0.0.0 (Edition Yx 03)
watermark: 666666666
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b0:90:64:0d:01:25:c7:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=There, ST=Over, L=Around, O=Pwn3rs, OU=AdvancedReversing, CN=Pwn3rs Striked
Validity
Not Before: Dec 17 08:01:41 2024 GMT
Not After : Mar 17 08:01:41 2025 GMT
Subject: C=There, ST=Over, L=Around, O=Pwn3rs, OU=AdvancedReversing, CN=Pwn3rs Striked
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9d:99:12:cb:56:5c:f9:7c:15:47:35:4f:ce:04:
ab:29:bf:cc:37:b4:6d:1f:f8:70:1c:6e:36:89:6e:
36:96:37:f8:34:57:d0:74:ec:7e:64:3d:c2:e7:4d:
b9:0a:4d:e9:1b:7b:22:39:4c:3a:a3:25:64:0c:d3:
88:10:91:9d:66:a5:70:75:e3:96:86:3d:4a:08:54:
eb:3a:f8:8a:24:2b:70:84:c4:54:e7:96:eb:19:8f:
73:f1:ee:be:1a:23:02:b4:dd:dc:ec:44:50:5d:ba:
ae:d5:ca:32:75:fe:ef:28:50:d4:b7:bd:3c:41:03:
e5:6e:3b:16:35:65:ce:cd:9e:9f:c4:4a:0d:94:2a:
18:06:06:c8:09:dd:7a:f8:6a:f0:9a:12:54:1a:45:
fb:09:32:2c:e3:6f:da:f4:04:10:8a:88:d5:f0:56:
c5:69:0b:96:20:cd:86:bf:67:87:b5:9d:4f:7a:ad:
c0:9b:8f:a5:b3:0a:8d:eb:20:a2:d9:02:db:51:4d:
08:8c:fe:0a:20:51:1c:9b:bd:1a:82:9b:72:bf:f0:
9e:ad:57:6c:06:79:74:82:3a:41:39:5d:3c:2c:d6:
26:45:7d:a8:53:da:56:b8:82:29:22:cf:4f:06:aa:
84:d7:2f:bb:ba:83:a5:18:75:d0:7a:37:87:2b:85:
8b:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:2E:2A:86:13:66:AB:BA:4E:BA:CC:EA:BE:91:12:2C:B3:FE:0E:8E
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
0d:61:9b:93:3a:cf:ca:45:c4:12:dc:a1:36:c3:37:e9:23:cb:
f9:99:71:f0:09:89:b1:80:a6:e4:8b:24:ca:59:54:1f:9d:61:
02:21:27:0a:7c:b2:7a:11:1c:5d:dd:65:6b:73:a7:70:80:44:
61:86:21:30:2a:b2:37:69:7a:93:a6:d1:a1:cc:20:74:a8:e9:
bd:a1:bd:f3:41:4b:cc:c0:41:a0:62:8a:36:64:07:61:95:ac:
d5:99:0c:f4:33:d8:d6:18:5d:c7:be:72:a0:5d:83:a6:6f:84:
44:65:bf:61:e5:e9:88:24:06:c2:16:6e:66:f5:62:b9:3f:ee:
34:4b:ba:77:b0:39:90:9d:75:24:e6:10:b5:7a:0b:b4:2e:e2:
8a:0b:e2:be:14:22:82:d8:34:be:0b:2a:8d:91:b0:8c:2a:12:
b2:e3:b7:2d:3d:48:4f:4b:f4:15:80:b7:25:5e:20:50:38:2c:
43:4d:66:c0:5c:6f:79:ec:13:67:2a:83:5a:6c:b0:e3:97:aa:
f4:9e:3f:9e:b7:3b:64:bf:98:92:c7:37:bb:d6:89:76:71:02:
48:79:4c:38:e5:85:83:c6:2a:1f:e2:32:b4:fc:d3:81:0b:98:
19:f0:52:31:dc:a4:94:a2:43:da:04:e5:8c:a2:80:dd:ae:44:
01:f6:ef:8b
419477611 | 2024-12-21T13:45:21.772570
1433 /
tcp
\x15\x03\x03\x00\x02\x02\n
-761852845 | 2025-01-11T05:05:38.923120
3306 /
tcp
HTTP/1.1 404 Not Found
Date: Sat, 11 Jan 2025 05:05:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/plain
Brightspot-Id: 00000459-72af-a783-feef2189
Cache-Control: max-age=27039580
X-Content-Type-Options: nosniff
X-Powered-By: Brightspot
Vary: Accept-Encoding
Connection: close
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Host: www.baidu.com
Accept: */*
Accept-Language: en-US
Connection: close
_
http-get.uri: 87.120.115.8,/siie=utf-8&f=8&rsv_bp=1&rsv_idx=1&ch=&tn=baidu&bar=&wd=
http-get.verb: GET
http-post.client:
Host: pss.bdstatic.com
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Accept: */*
Accept-Language: en
Connection: close
includeCoorganizers
http-post.uri: /r/www/static/assets/mirror-san/app/miaodong-logo_d5aa8ae.png
http-post.verb: POST
jitter: 25
maxgetsize: 3146759
port: 3306
post-ex.spawnto_x64: %windir%\sysnative\secinit.exe
post-ex.spawnto_x86: %windir%\syswow64\RmClient.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: 40ed048138df0b3e23a0ef24dc5efa1a
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 66cac9860bdc449bdfb210dccb024389
sleeptime: 50000
stage.cleanup: 1
useragent_header: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 OPR/111.0.0.0 (Edition Yx 03)
watermark: 666666666
x64:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Host: www.baidu.com
Accept: */*
Accept-Language: en-US
Connection: close
_
http-get.uri: 87.120.115.8,/siie=utf-8&f=8&rsv_bp=1&rsv_idx=1&ch=&tn=baidu&bar=&wd=
http-get.verb: GET
http-post.client:
Host: pss.bdstatic.com
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Accept: */*
Accept-Language: en
Connection: close
includeCoorganizers
http-post.uri: /r/www/static/assets/mirror-san/app/miaodong-logo_d5aa8ae.png
http-post.verb: POST
jitter: 25
maxgetsize: 3146759
port: 3306
post-ex.spawnto_x64: %windir%\sysnative\secinit.exe
post-ex.spawnto_x86: %windir%\syswow64\RmClient.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: 40ed048138df0b3e23a0ef24dc5efa1a
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 66cac9860bdc449bdfb210dccb024389
sleeptime: 50000
stage.cleanup: 1
useragent_header: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 OPR/111.0.0.0 (Edition Yx 03)
watermark: 666666666
1107662018 | 2025-01-14T16:19:25.808332
3389 /
tcp
Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\x01\x08\x00\x01\x00\x00\x00
0 | 2025-01-14T22:01:44.780189
4444 /
tcp
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c5:47:d2:22:18:56:65:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=There, ST=Over, L=Around, O=Pwn3rs, OU=AdvancedReversing, CN=Pwn3rs Striked
Validity
Not Before: Jan 11 09:01:02 2025 GMT
Not After : Apr 11 09:01:02 2025 GMT
Subject: C=There, ST=Over, L=Around, O=Pwn3rs, OU=AdvancedReversing, CN=Pwn3rs Striked
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:87:3e:2a:6d:56:4f:1b:75:55:b8:8e:b5:84:6d:
a4:66:99:e2:a1:73:08:ff:d0:d1:48:73:17:b9:a2:
23:e8:7f:6c:cd:7c:a9:08:dc:0d:33:a6:34:0c:36:
0a:c0:53:8e:77:1f:c6:e6:a2:98:98:e0:9c:c2:14:
4f:bc:ea:b6:99:dd:fd:d5:62:2c:7f:a8:6d:77:20:
fa:48:ca:45:57:f7:c8:81:d1:35:cf:be:97:fe:54:
4e:88:e4:4a:89:35:6f:66:d9:7f:3e:c0:6a:21:b1:
91:1a:2d:74:d8:d3:7d:0d:06:4c:60:73:f9:d1:8a:
7e:5c:d3:47:17:b1:92:0a:07:a6:e5:97:be:2d:9c:
56:17:5c:00:21:96:19:d1:c8:93:bf:34:92:f1:7b:
c9:1d:73:79:6b:56:2e:26:78:6c:ff:80:f2:26:98:
54:44:62:3c:26:21:c9:a0:e1:04:1a:19:09:6b:17:
75:6a:da:f8:9c:1f:4c:b5:83:b8:ac:c8:87:c2:0f:
71:9b:43:c7:94:e6:01:a7:f8:a1:55:44:8d:64:08:
7e:e7:94:7c:ee:2e:15:ed:b9:15:c7:34:bb:f2:ab:
39:c2:f7:c0:2e:0c:31:5d:4b:27:3f:7c:26:89:a6:
ba:b1:f4:0c:de:91:ad:14:18:0c:f3:b6:af:7f:b2:
e3:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:65:37:6C:E6:FC:0A:01:45:81:92:F2:61:0D:63:85:B6:8A:5F:F7
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
28:0c:6d:8d:2e:d0:41:be:b7:6d:23:30:4c:92:23:e7:9f:6e:
b2:fd:be:f5:88:4d:44:f4:a6:5a:7e:c5:45:81:e3:7e:44:fb:
4b:9e:b8:59:3d:e9:0e:55:68:94:e2:31:b4:40:39:3c:2e:1e:
b7:69:48:50:82:5b:36:bd:61:20:ef:6b:ef:3c:22:22:e3:fd:
bf:ef:77:59:e1:ec:3b:ab:20:ce:a2:17:97:7f:45:60:e7:32:
a0:76:e5:e1:21:2f:ef:d5:51:7c:68:cc:c8:af:e9:ef:79:90:
67:76:43:6d:1c:4b:99:37:1c:2c:03:3a:e1:b2:95:33:1e:b6:
7d:6c:8b:17:a2:57:62:a2:9f:af:94:e0:a7:e1:a8:f1:8d:cc:
26:89:4b:1e:02:f9:55:a3:39:dc:0a:b8:94:22:c8:40:55:3f:
f8:39:2c:a3:4d:ea:89:5c:a9:93:4c:a7:20:ff:ad:d0:e9:71:
fc:ec:4e:d5:e5:bd:3d:29:65:60:b3:53:17:6c:a8:26:b2:a7:
65:7a:47:b1:fd:ff:8f:b0:6a:9c:c6:42:e6:08:d5:0f:eb:34:
fe:8a:28:4f:2b:7c:a8:b6:a9:40:f6:fd:04:44:68:5b:23:23:
0e:74:17:25:da:d0:97:76:4f:63:24:99:ec:4f:f9:62:aa:7a:
9b:62:82:c5
-1186382547 | 2025-01-15T00:14:29.731034
7777 /
tcp
HTTP/1.1 404 Not Found
Date: Wed, 15 Jan 2025 00:14:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/plain
Brightspot-Id: 00000459-72af-a783-feef2189
Cache-Control: max-age=27039580
X-Content-Type-Options: nosniff
X-Powered-By: Brightspot
Vary: Accept-Encoding
Connection: close
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Host: www.baidu.com
Accept: */*
Accept-Language: en-US
Connection: close
_
http-get.uri: 87.120.115.8,/siie=utf-8&f=8&rsv_bp=1&rsv_idx=1&ch=&tn=baidu&bar=&wd=
http-get.verb: GET
http-post.client:
Host: pss.bdstatic.com
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Accept: */*
Accept-Language: en
Connection: close
includeCoorganizers
http-post.uri: /r/www/static/assets/mirror-san/app/miaodong-logo_d5aa8ae.png
http-post.verb: POST
jitter: 25
maxgetsize: 3146759
port: 7777
post-ex.spawnto_x64: %windir%\sysnative\secinit.exe
post-ex.spawnto_x86: %windir%\syswow64\RmClient.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: 40ed048138df0b3e23a0ef24dc5efa1a
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 2ea0dc27f2fe53a7ec6d7fc2780cdc93
sleeptime: 50000
stage.cleanup: 1
useragent_header: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 OPR/111.0.0.0 (Edition Yx 03)
watermark: 666666666
x64:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Host: www.baidu.com
Accept: */*
Accept-Language: en-US
Connection: close
_
http-get.uri: 87.120.115.8,/siie=utf-8&f=8&rsv_bp=1&rsv_idx=1&ch=&tn=baidu&bar=&wd=
http-get.verb: GET
http-post.client:
Host: pss.bdstatic.com
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Accept: */*
Accept-Language: en
Connection: close
includeCoorganizers
http-post.uri: /r/www/static/assets/mirror-san/app/miaodong-logo_d5aa8ae.png
http-post.verb: POST
jitter: 25
maxgetsize: 3146759
port: 7777
post-ex.spawnto_x64: %windir%\sysnative\secinit.exe
post-ex.spawnto_x86: %windir%\syswow64\RmClient.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: 40ed048138df0b3e23a0ef24dc5efa1a
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 2ea0dc27f2fe53a7ec6d7fc2780cdc93
sleeptime: 50000
stage.cleanup: 1
useragent_header: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 OPR/111.0.0.0 (Edition Yx 03)
watermark: 666666666