1564823096 | 2024-12-27T15:56:45.988714
22 /
tcp
SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
Key type: ecdsa-sha2-nistp256
Key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIGsJhfcoMuv9atky8SPyUsv
d1U/Htt1R/CU6ZmpBhtZgdeJ6vZIMs50F8qq+rsJNHjjusV2m/Af1pZ++caFM7s=
Fingerprint: 1d:0e:ad:ca:29:c3:9a:d9:a0:86:4f:e4:79:da:95:fb
Kex Algorithms:
curve25519-sha256
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
sntrup761x25519-sha512@openssh.com
diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group14-sha256
kex-strict-s-v00@openssh.com
Server Host Key Algorithms:
rsa-sha2-512
rsa-sha2-256
ecdsa-sha2-nistp256
ssh-ed25519
Encryption Algorithms:
chacha20-poly1305@openssh.com
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
MAC Algorithms:
umac-64-etm@openssh.com
umac-128-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha1-etm@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1
Compression Algorithms:
none
zlib@openssh.com
-904773297 | 2024-12-26T12:30:35.554955
443 /
tcp
HTTP/1.1 404 Not Found
Date: Thu, 26 Dec 2024 12:30:35 GMT
Server: Apache-Coyote/1.1
Content-Type: text/plain
Brightspot-Id: 00000459-72af-a783-feef2189
Cache-Control: max-age=27039580
X-Content-Type-Options: nosniff
X-Powered-By: Brightspot
Vary: Accept-Encoding
Connection: close
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTPS
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Host: www.baidu.com
Accept: */*
Accept-Language: en-US
Connection: close
_
http-get.uri: 87.120.115.8,/siie=utf-8&f=8&rsv_bp=1&rsv_idx=1&ch=&tn=baidu&bar=&wd=
http-get.verb: GET
http-post.client:
Host: pss.bdstatic.com
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Accept: */*
Accept-Language: en
Connection: close
includeCoorganizers
http-post.uri: /r/www/static/assets/mirror-san/app/miaodong-logo_d5aa8ae.png
http-post.verb: POST
jitter: 25
maxgetsize: 3146759
port: 443
post-ex.spawnto_x64: %windir%\sysnative\secinit.exe
post-ex.spawnto_x86: %windir%\syswow64\RmClient.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: 40ed048138df0b3e23a0ef24dc5efa1a
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 66cac9860bdc449bdfb210dccb024389
sleeptime: 50000
stage.cleanup: 1
useragent_header: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 OPR/111.0.0.0 (Edition Yx 03)
watermark: 666666666
x64:
beacon_type: HTTPS
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Host: www.baidu.com
Accept: */*
Accept-Language: en-US
Connection: close
_
http-get.uri: 87.120.115.8,/siie=utf-8&f=8&rsv_bp=1&rsv_idx=1&ch=&tn=baidu&bar=&wd=
http-get.verb: GET
http-post.client:
Host: pss.bdstatic.com
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Accept: */*
Accept-Language: en
Connection: close
includeCoorganizers
http-post.uri: /r/www/static/assets/mirror-san/app/miaodong-logo_d5aa8ae.png
http-post.verb: POST
jitter: 25
maxgetsize: 3146759
port: 443
post-ex.spawnto_x64: %windir%\sysnative\secinit.exe
post-ex.spawnto_x86: %windir%\syswow64\RmClient.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: 40ed048138df0b3e23a0ef24dc5efa1a
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 66cac9860bdc449bdfb210dccb024389
sleeptime: 50000
stage.cleanup: 1
useragent_header: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 OPR/111.0.0.0 (Edition Yx 03)
watermark: 666666666
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b0:90:64:0d:01:25:c7:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=There, ST=Over, L=Around, O=Pwn3rs, OU=AdvancedReversing, CN=Pwn3rs Striked
Validity
Not Before: Dec 17 08:01:41 2024 GMT
Not After : Mar 17 08:01:41 2025 GMT
Subject: C=There, ST=Over, L=Around, O=Pwn3rs, OU=AdvancedReversing, CN=Pwn3rs Striked
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9d:99:12:cb:56:5c:f9:7c:15:47:35:4f:ce:04:
ab:29:bf:cc:37:b4:6d:1f:f8:70:1c:6e:36:89:6e:
36:96:37:f8:34:57:d0:74:ec:7e:64:3d:c2:e7:4d:
b9:0a:4d:e9:1b:7b:22:39:4c:3a:a3:25:64:0c:d3:
88:10:91:9d:66:a5:70:75:e3:96:86:3d:4a:08:54:
eb:3a:f8:8a:24:2b:70:84:c4:54:e7:96:eb:19:8f:
73:f1:ee:be:1a:23:02:b4:dd:dc:ec:44:50:5d:ba:
ae:d5:ca:32:75:fe:ef:28:50:d4:b7:bd:3c:41:03:
e5:6e:3b:16:35:65:ce:cd:9e:9f:c4:4a:0d:94:2a:
18:06:06:c8:09:dd:7a:f8:6a:f0:9a:12:54:1a:45:
fb:09:32:2c:e3:6f:da:f4:04:10:8a:88:d5:f0:56:
c5:69:0b:96:20:cd:86:bf:67:87:b5:9d:4f:7a:ad:
c0:9b:8f:a5:b3:0a:8d:eb:20:a2:d9:02:db:51:4d:
08:8c:fe:0a:20:51:1c:9b:bd:1a:82:9b:72:bf:f0:
9e:ad:57:6c:06:79:74:82:3a:41:39:5d:3c:2c:d6:
26:45:7d:a8:53:da:56:b8:82:29:22:cf:4f:06:aa:
84:d7:2f:bb:ba:83:a5:18:75:d0:7a:37:87:2b:85:
8b:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:2E:2A:86:13:66:AB:BA:4E:BA:CC:EA:BE:91:12:2C:B3:FE:0E:8E
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
0d:61:9b:93:3a:cf:ca:45:c4:12:dc:a1:36:c3:37:e9:23:cb:
f9:99:71:f0:09:89:b1:80:a6:e4:8b:24:ca:59:54:1f:9d:61:
02:21:27:0a:7c:b2:7a:11:1c:5d:dd:65:6b:73:a7:70:80:44:
61:86:21:30:2a:b2:37:69:7a:93:a6:d1:a1:cc:20:74:a8:e9:
bd:a1:bd:f3:41:4b:cc:c0:41:a0:62:8a:36:64:07:61:95:ac:
d5:99:0c:f4:33:d8:d6:18:5d:c7:be:72:a0:5d:83:a6:6f:84:
44:65:bf:61:e5:e9:88:24:06:c2:16:6e:66:f5:62:b9:3f:ee:
34:4b:ba:77:b0:39:90:9d:75:24:e6:10:b5:7a:0b:b4:2e:e2:
8a:0b:e2:be:14:22:82:d8:34:be:0b:2a:8d:91:b0:8c:2a:12:
b2:e3:b7:2d:3d:48:4f:4b:f4:15:80:b7:25:5e:20:50:38:2c:
43:4d:66:c0:5c:6f:79:ec:13:67:2a:83:5a:6c:b0:e3:97:aa:
f4:9e:3f:9e:b7:3b:64:bf:98:92:c7:37:bb:d6:89:76:71:02:
48:79:4c:38:e5:85:83:c6:2a:1f:e2:32:b4:fc:d3:81:0b:98:
19:f0:52:31:dc:a4:94:a2:43:da:04:e5:8c:a2:80:dd:ae:44:
01:f6:ef:8b
419477611 | 2024-12-21T13:45:21.772570
1433 /
tcp
\x15\x03\x03\x00\x02\x02\n
-910481265 | 2024-12-25T05:39:30.567332
3306 /
tcp
HTTP/1.1 404 Not Found
Date: Wed, 25 Dec 2024 05:39:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/plain
Brightspot-Id: 00000459-72af-a783-feef2189
Cache-Control: max-age=27039580
X-Content-Type-Options: nosniff
X-Powered-By: Brightspot
Vary: Accept-Encoding
Connection: close
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Host: www.baidu.com
Accept: */*
Accept-Language: en-US
Connection: close
_
http-get.uri: 87.120.115.8,/siie=utf-8&f=8&rsv_bp=1&rsv_idx=1&ch=&tn=baidu&bar=&wd=
http-get.verb: GET
http-post.client:
Host: pss.bdstatic.com
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Accept: */*
Accept-Language: en
Connection: close
includeCoorganizers
http-post.uri: /r/www/static/assets/mirror-san/app/miaodong-logo_d5aa8ae.png
http-post.verb: POST
jitter: 25
maxgetsize: 3146759
port: 3306
post-ex.spawnto_x64: %windir%\sysnative\secinit.exe
post-ex.spawnto_x86: %windir%\syswow64\RmClient.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: 40ed048138df0b3e23a0ef24dc5efa1a
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 66cac9860bdc449bdfb210dccb024389
sleeptime: 50000
stage.cleanup: 1
useragent_header: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 OPR/111.0.0.0 (Edition Yx 03)
watermark: 666666666
x64:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Host: www.baidu.com
Accept: */*
Accept-Language: en-US
Connection: close
_
http-get.uri: 87.120.115.8,/siie=utf-8&f=8&rsv_bp=1&rsv_idx=1&ch=&tn=baidu&bar=&wd=
http-get.verb: GET
http-post.client:
Host: pss.bdstatic.com
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Accept: */*
Accept-Language: en
Connection: close
includeCoorganizers
http-post.uri: /r/www/static/assets/mirror-san/app/miaodong-logo_d5aa8ae.png
http-post.verb: POST
jitter: 25
maxgetsize: 3146759
port: 3306
post-ex.spawnto_x64: %windir%\sysnative\secinit.exe
post-ex.spawnto_x86: %windir%\syswow64\RmClient.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: 40ed048138df0b3e23a0ef24dc5efa1a
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 66cac9860bdc449bdfb210dccb024389
sleeptime: 50000
stage.cleanup: 1
useragent_header: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 OPR/111.0.0.0 (Edition Yx 03)
watermark: 666666666
1107662018 | 2024-12-26T01:22:42.397103
3389 /
tcp
Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\x01\x08\x00\x01\x00\x00\x00
