OpenSSH8.9p1 Ubuntu-3ubuntu0.10

SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
Key type: ecdsa-sha2-nistp256
Key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD7t9JP72PbL6RcDxEE9BXbF
x/xk0N1u0aUywR2TahvoDTGAik0djLeSEuJRMJlF9oSeV1bkK9C1wJ2ugsYBY4Y=
Fingerprint: 2b:9e:c8:a8:e5:2c:3e:a4:53:9c:cd:6c:45:dd:b0:ce

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	sntrup761x25519-sha512@openssh.com
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

Cobalt Strike Beacon

HTTP/1.1 404 Not Found
Date: Mon, 8 Jul 2024 15:30:04 GMT
Content-Type: text/plain
Content-Length: 0
Server: Pagely Gateway/1.5.1


Cobalt Strike Beacon:
  x86:
    beacon_type: HTTP
    dns-beacon.strategy_fail_seconds: -1
    dns-beacon.strategy_fail_x: -1
    dns-beacon.strategy_rotate_seconds: -1
    http-get.client:
      Host: 79.110.49.175
      Connection: close
      wp_woocommerce_session_=
      Cookie
      fullname=true
    http-get.uri: upshare.wimscp.net,/bg
    http-get.verb: GET
    http-post.client:
      Host: 79.110.49.175
      Connection: close
      Content-Type: text/plain
      __session__id=
      Cookie
    http-post.uri: /posting
    http-post.verb: POST
    jitter: 41
    maxgetsize: 1864736
    port: 80
    post-ex.spawnto_x64: %windir%\sysnative\svchost.exe
    post-ex.spawnto_x86: %windir%\syswow64\svchost.exe
    process-inject.execute:
      CreateThread
      RtlCreateUserThread
      CreateRemoteThread
    process-inject.min_alloc: 26326
    process-inject.startrwx: 4
    process-inject.stub: ae5afcfee8026674dc8f3b4f2da46c7f
    process-inject.userwx: 32
    proxy.behavior: 2 (Use IE settings)
    server.publickey_md5: bc73fe103d6a02dad4435e4941f1ef9d
    sleeptime: 60152
    stage.cleanup: 1
    useragent_header: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
    uses_cookies: 1
    watermark: 987654321
  x64:
    beacon_type: HTTP
    dns-beacon.strategy_fail_seconds: -1
    dns-beacon.strategy_fail_x: -1
    dns-beacon.strategy_rotate_seconds: -1
    http-get.client:
      Host: 79.110.49.175
      Connection: close
      wp_woocommerce_session_=
      Cookie
      fullname=true
    http-get.uri: upshare.wimscp.net,/bg
    http-get.verb: GET
    http-post.client:
      Host: 79.110.49.175
      Connection: close
      Content-Type: text/plain
      __session__id=
      Cookie
    http-post.uri: /posting
    http-post.verb: POST
    jitter: 41
    maxgetsize: 1864736
    port: 80
    post-ex.spawnto_x64: %windir%\sysnative\svchost.exe
    post-ex.spawnto_x86: %windir%\syswow64\svchost.exe
    process-inject.execute:
      CreateThread
      RtlCreateUserThread
      CreateRemoteThread
    process-inject.min_alloc: 26326
    process-inject.startrwx: 4
    process-inject.stub: ae5afcfee8026674dc8f3b4f2da46c7f
    process-inject.userwx: 32
    proxy.behavior: 2 (Use IE settings)
    server.publickey_md5: bc73fe103d6a02dad4435e4941f1ef9d
    sleeptime: 60152
    stage.cleanup: 1
    useragent_header: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
    uses_cookies: 1
    watermark: 987654321

Cobalt Strike Beacon

HTTP/1.1 404 Not Found
Date: Mon, 8 Jul 2024 12:49:52 GMT
Content-Type: text/plain
Content-Length: 0
Server: Pagely Gateway/1.5.1


Cobalt Strike Beacon:
  x86:
    beacon_type: HTTPS
    dns-beacon.strategy_fail_seconds: -1
    dns-beacon.strategy_fail_x: -1
    dns-beacon.strategy_rotate_seconds: -1
    http-get.client:
      Host: 79.110.49.175
      Connection: close
      Accept-Language: en-GB;q=0.9, *;q=0.7
      woocommerce_cart_hash=
      Cookie
      lid=true
    http-get.uri: upshare.wimscp.net,/eo
    http-get.verb: GET
    http-post.client:
      Host: 79.110.49.175
      Connection: close
      Content-Type: text/plain
      __session__id=
      Cookie
    http-post.uri: /hr
    http-post.verb: POST
    jitter: 41
    maxgetsize: 1398446
    port: 443
    post-ex.spawnto_x64: %windir%\sysnative\svchost.exe
    post-ex.spawnto_x86: %windir%\syswow64\svchost.exe
    process-inject.execute:
      CreateThread
      RtlCreateUserThread
      CreateRemoteThread
    process-inject.min_alloc: 26326
    process-inject.startrwx: 4
    process-inject.stub: ae5afcfee8026674dc8f3b4f2da46c7f
    process-inject.userwx: 32
    proxy.behavior: 2 (Use IE settings)
    server.publickey_md5: bc73fe103d6a02dad4435e4941f1ef9d
    sleeptime: 60152
    stage.cleanup: 1
    useragent_header: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
    uses_cookies: 1
    watermark: 987654321
  x64:
    beacon_type: HTTPS
    dns-beacon.strategy_fail_seconds: -1
    dns-beacon.strategy_fail_x: -1
    dns-beacon.strategy_rotate_seconds: -1
    http-get.client:
      Host: 79.110.49.175
      Connection: close
      Accept-Language: en-GB;q=0.9, *;q=0.7
      woocommerce_cart_hash=
      Cookie
      lid=true
    http-get.uri: upshare.wimscp.net,/tab_home_active
    http-get.verb: GET
    http-post.client:
      Host: 79.110.49.175
      Connection: close
      Content-Type: text/plain
      __session__id=
      Cookie
    http-post.uri: /mt
    http-post.verb: POST
    jitter: 41
    maxgetsize: 1398446
    port: 443
    post-ex.spawnto_x64: %windir%\sysnative\svchost.exe
    post-ex.spawnto_x86: %windir%\syswow64\svchost.exe
    process-inject.execute:
      CreateThread
      RtlCreateUserThread
      CreateRemoteThread
    process-inject.min_alloc: 26326
    process-inject.startrwx: 4
    process-inject.stub: ae5afcfee8026674dc8f3b4f2da46c7f
    process-inject.userwx: 32
    proxy.behavior: 2 (Use IE settings)
    server.publickey_md5: bc73fe103d6a02dad4435e4941f1ef9d
    sleeptime: 60152
    stage.cleanup: 1
    useragent_header: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
    uses_cookies: 1
    watermark: 987654321

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2020856090 (0x7873d11a)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=CA, L=New York, O=Mracon, OU=, CN=79.110.49.175
        Validity
            Not Before: Jul  8 07:34:28 2024 GMT
            Not After : Jul  8 07:34:28 2025 GMT
        Subject: C=US, ST=CA, L=New York, O=Mracon, OU=, CN=79.110.49.175
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ad:84:4e:30:34:92:20:d2:30:6f:47:68:71:89:
                    10:c2:47:a3:7b:d6:0e:a4:69:6b:54:5b:f2:32:5b:
                    44:fb:86:17:2c:e1:24:14:2c:54:cf:82:51:71:13:
                    2b:ca:fa:ed:20:9d:ce:51:5a:db:e2:82:e1:c3:8c:
                    ad:a4:28:95:3c:66:96:c9:d1:03:b4:07:a8:5f:4b:
                    c3:23:65:52:b6:9a:f7:a0:95:6f:2e:60:b6:da:48:
                    4d:88:88:6a:da:77:f0:e7:6e:d1:36:6c:e1:3e:78:
                    b6:21:27:82:85:74:b4:cc:bd:39:6a:9a:d4:9b:11:
                    17:dc:3e:c3:2b:b5:dc:9b:ef:38:fb:07:dd:85:ba:
                    d2:35:c0:8d:e9:61:46:64:41:c3:84:18:9a:80:d7:
                    8f:d7:c5:26:d5:91:e6:13:d1:70:15:c6:2f:47:2c:
                    43:d2:46:45:41:5c:05:d7:ee:29:a4:d3:af:3a:98:
                    85:37:c3:9d:e4:13:c0:5c:ff:ae:27:df:de:11:d1:
                    ec:ce:c4:89:40:6c:77:39:22:56:83:7f:be:ec:b8:
                    a5:85:4a:22:57:89:0b:33:6f:80:a9:a8:93:92:e7:
                    4d:dd:b6:83:d2:dc:6f:94:8b:e5:64:fc:38:3b:41:
                    3c:38:b8:4a:0b:a3:89:9d:eb:6b:a6:83:c3:d5:a4:
                    45:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                77:75:E3:00:28:C0:D0:E0:2B:D7:BD:8B:E7:9B:BC:A3:95:19:0C:B1
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        1a:f1:6c:82:cd:65:d3:c5:cb:9f:55:ef:5b:e5:7d:40:15:b5:
        de:de:32:7a:58:7b:9e:b4:2f:9a:d7:56:2b:8f:b4:1e:b5:36:
        7a:8b:2a:b4:fc:6f:66:df:e9:e7:01:b9:75:b9:00:92:35:e1:
        f1:7f:c8:3e:9a:2e:0a:3f:d4:9a:61:dd:d8:2a:ad:22:3b:69:
        59:74:da:81:df:75:81:03:59:36:05:69:b3:f0:ad:51:cb:b6:
        23:7a:b2:46:00:bf:29:c8:3e:cb:c7:85:22:a1:e2:22:b5:4f:
        b2:11:e7:b7:4d:35:57:3d:95:5c:4b:7c:f5:ff:57:03:ae:ce:
        ae:98:9c:0d:aa:80:fd:db:d0:f0:04:75:85:bf:37:24:7d:53:
        08:9e:fa:56:54:16:86:02:38:54:86:5b:7f:eb:a2:64:3a:bc:
        a4:e0:50:f0:78:d4:08:ed:9f:97:d8:81:4e:cc:62:51:cc:80:
        90:88:62:17:c1:fb:80:34:04:3b:64:b6:04:35:f0:05:0b:9d:
        bc:cc:7c:8d:cd:20:ee:92:ad:03:91:ee:fb:75:f4:a5:e5:0e:
        f6:78:bc:07:ae:30:54:84:52:9d:29:99:9b:a2:43:05:46:27:
        0c:ee:08:d8:cf:38:c9:83:68:d1:55:3b:0e:29:c0:39:53:2c:
        13:63:22:68