Threat Intelligence – Cobalt Strike Servers April 13-April 15 Latest IOCs

20

Credits :Jquinn147


Indicators of compromise

"ip","port","beacon_type","dns_idle","jitter","license_id","http_get_uri","http_post_uri","get_verb","post_verb","pipe_name","spawn_to_x64","spawn_to_x86","user_agent","time_first_seen","time_last_seen","duration","confighash"
"173.199.115.116","80","0 (HTTP)",,"0","0","173.199.115.116,/load","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C; .NET4.0E)","2021-04-15 20:05:31.961635","2021-04-15 20:05:39.513777","00:00:07.552142",
"173.199.115.116","80","0 (HTTP)",,"0","0","173.199.115.116,/pixel.gif","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM; MANM)","2021-04-15 20:05:31.961635","2021-04-15 20:05:39.513777","00:00:07.552142",
"173.199.115.116","443","8 (HTTPS)",,"0","0","173.199.115.116,/cm","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)","2021-04-15 20:05:31.961635","2021-04-15 20:05:39.513777","00:00:07.552142",
"173.199.115.116","443","8 (HTTPS)",,"0","0","173.199.115.116,/fwlink","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)","2021-04-15 20:05:31.961635","2021-04-15 20:05:39.513777","00:00:07.552142",
"149.248.1.200","443","8 (HTTPS)","0.0.0.0","0","0","149.248.1.200,/ptj","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)","2021-04-15 20:05:16.380677","2021-04-15 20:05:19.918565","00:00:03.537888",
"149.248.1.200","443","8 (HTTPS)","0.0.0.0","0","0","149.248.1.200,/load","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MANM)","2021-04-15 20:05:16.380677","2021-04-15 20:05:19.918565","00:00:03.537888",
"45.32.102.31","80","0 (HTTP)",,"0","1359593325","45.32.102.31,/pixel","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENCA)","2021-04-15 20:04:56.600879","2021-04-15 20:05:08.336455","00:00:11.735576",
"45.32.102.31","80","0 (HTTP)",,"0","1359593325","45.32.102.31,/dot.gif","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)","2021-04-15 20:04:56.600879","2021-04-15 20:05:08.336455","00:00:11.735576",
"45.32.102.31","443","8 (HTTPS)",,"0","1359593325","45.32.102.31,/j.ad","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; MASPJS)","2021-04-15 20:04:56.600879","2021-04-15 20:05:08.336455","00:00:11.735576",
"45.32.102.31","443","8 (HTTPS)",,"0","1359593325","45.32.102.31,/en_US/all.js","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)","2021-04-15 20:04:56.600879","2021-04-15 20:05:08.336455","00:00:11.735576",
"139.180.203.22","443","8 (HTTPS)",,"0","0","139.180.203.22,/fwlink","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASP)","2021-04-15 20:04:21.634818","2021-04-15 20:04:27.876298","00:00:06.24148",
"139.180.203.22","443","8 (HTTPS)",,"0","0","139.180.203.22,/push","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E)","2021-04-15 20:04:21.634818","2021-04-15 20:04:27.876298","00:00:06.24148",
"195.206.181.210","80","0 (HTTP)",,"0","0","195.206.181.210,/cx","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)","2021-04-15 20:01:53.103941","2021-04-15 20:01:58.801171","00:00:05.69723",
"195.206.181.210","443","8 (HTTPS)",,"0","0"," citrixsecurityy.com,/load","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1)","2021-04-15 20:01:53.103941","2021-04-15 20:01:58.801171","00:00:05.69723",
"195.206.181.210","80","0 (HTTP)",,"0","0","195.206.181.210,/ga.js","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS)","2021-04-15 20:01:53.103941","2021-04-15 20:01:58.801171","00:00:05.69723",
"195.206.181.210","443","8 (HTTPS)",,"0","0"," citrixsecurityy.com,/updates.rss","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","2021-04-15 20:01:53.103941","2021-04-15 20:01:58.801171","00:00:05.69723",
"195.206.181.208","443","8 (HTTPS)",,"37","1359593325","itsuppport.com,/adminhtml","/xmlconnect","GET","POST",,"%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202","2021-04-15 20:01:47.265133","2021-04-15 20:01:47.265139",,
"195.206.181.208","80","0 (HTTP)",,"37","1359593325","195.206.181.208,/d_config","/xmlconnect","GET","POST",,"%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202","2021-04-15 20:01:47.265133","2021-04-15 20:01:47.265139",,
"195.206.181.208","80","0 (HTTP)",,"37","1359593325","195.206.181.208,/adminhtml","/search","GET","POST",,"%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202","2021-04-15 20:01:47.265133","2021-04-15 20:01:47.265139",,
"195.206.181.208","443","8 (HTTPS)",,"37","1359593325","itsuppport.com,/adminhtml","/search","GET","POST",,"%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202","2021-04-15 20:01:47.265133","2021-04-15 20:01:47.265139",,
"195.206.181.141","80","0 (HTTP)",,"43","1359593325","195.206.181.141,/mobile-android.css","/mg","GET","POST",,"%windir%\sysnative\runonce.exe","%windir%\syswow64\runonce.exe","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9","2021-04-15 20:01:41.040594","2021-04-15 20:01:41.040598",,
"195.206.181.141","443","8 (HTTPS)",,"43","1359593325","blueteamm.com,/styles.css","/mg","GET","POST",,"%windir%\sysnative\runonce.exe","%windir%\syswow64\runonce.exe","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9","2021-04-15 20:01:41.040594","2021-04-15 20:01:41.040598",,
"195.206.181.141","443","8 (HTTPS)",,"43","1359593325","blueteamm.com,/groupcp.css","/av","GET","POST",,"%windir%\sysnative\runonce.exe","%windir%\syswow64\runonce.exe","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9","2021-04-15 20:01:41.040594","2021-04-15 20:01:41.040598",,
"195.206.181.141","80","0 (HTTP)",,"43","1359593325","195.206.181.141,/mobile-android.css","/mg","GET","POST",,"%windir%\sysnative\runonce.exe","%windir%\syswow64\runonce.exe","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9","2021-04-15 20:01:41.040594","2021-04-15 20:01:41.040598",,
"185.250.151.48","443","8 (HTTPS)",,"0","1580103814","185.250.151.48,/visit.js","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAAU; NP08)","2021-04-15 20:01:26.237366","2021-04-15 20:01:28.727433","00:00:02.490067",
"185.250.151.48","443","8 (HTTPS)",,"0","1580103814","185.250.151.48,/g.pixel","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1)","2021-04-15 20:01:26.237366","2021-04-15 20:01:28.727433","00:00:02.490067",
"185.14.28.131","443","8 (HTTPS)",,"0","1580103814","185.14.28.131,/updates.rss","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MDDCJS)","2021-04-15 20:01:09.122206","2021-04-15 20:01:12.72889","00:00:03.606684",
"185.14.28.131","443","8 (HTTPS)",,"0","1580103814","185.14.28.131,/pixel.gif","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ESES)","2021-04-15 20:01:09.122206","2021-04-15 20:01:12.72889","00:00:03.606684",
"185.162.235.35","443","8 (HTTPS)","0.0.0.0","0","16777216","185.162.235.35,/fwlink","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox)","2021-04-15 20:00:19.935436","2021-04-15 20:00:19.935441",,
"185.162.235.35","443","8 (HTTPS)","0.0.0.0","0","16777216","185.162.235.35,/cx","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)","2021-04-15 19:59:48.892943","2021-04-15 19:59:48.892947",,
"185.162.235.35","443","8 (HTTPS)","0.0.0.0","0","16777216","185.162.235.35,/fwlink","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox)","2021-04-15 19:59:48.892943","2021-04-15 19:59:48.892947",,
"45.141.84.30","443","8 (HTTPS)",,"0","0","45.141.84.30,/j.ad","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)","2021-04-15 19:30:25.113478","2021-04-15 19:54:13.458891","00:23:48.345413",
"45.141.84.30","443","8 (HTTPS)",,"0","0","45.141.84.30,/en_US/all.js","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP02)","2021-04-15 19:30:25.113478","2021-04-15 19:54:13.458891","00:23:48.345413",
"45.141.84.30","80","0 (HTTP)",,"0","0","45.141.84.30,/ca","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)","2021-04-15 19:30:25.113478","2021-04-15 19:54:13.458891","00:23:48.345413",
"45.141.84.30","80","0 (HTTP)",,"0","0","45.141.84.30,/pixel.gif","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)","2021-04-15 19:30:25.113478","2021-04-15 19:54:13.458891","00:23:48.345413",
"45.141.84.30","80","0 (HTTP)",,"0","0","45.141.84.30,/ca","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)","2021-04-15 19:30:25.113478","2021-04-15 19:30:25.113481",,
"45.141.84.30","443","8 (HTTPS)",,"0","0","45.141.84.30,/en_US/all.js","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP02)","2021-04-15 19:30:25.113478","2021-04-15 19:30:25.113481",,
"45.141.84.30","443","8 (HTTPS)",,"0","0","45.141.84.30,/j.ad","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)","2021-04-15 19:30:25.113478","2021-04-15 19:30:25.113481",,
"45.141.84.30","80","0 (HTTP)",,"0","0","45.141.84.30,/pixel.gif","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)","2021-04-15 19:30:25.113478","2021-04-15 19:30:25.113481",,
"213.252.247.132","443","8 (HTTPS)","101.217.104.38","43","0","fastpighostmerch.com,/html","/bm","GET","POST","","%windir%\sysnative\WUAUCLT.exe","%windir%\syswow64\WUAUCLT.exe","Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36","2021-04-15 19:29:49.431381","2021-04-15 19:29:49.431385",,
"213.252.247.132","443","8 (HTTPS)","101.217.104.38","43","0","fastpighostmerch.com,/html","/bm","GET","POST","","%windir%\sysnative\WUAUCLT.exe","%windir%\syswow64\WUAUCLT.exe","Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36","2021-04-15 19:29:49.431381","2021-04-15 19:29:49.431385",,
"213.252.245.19","80","0 (HTTP)","198.196.153.195","43","0","213.252.245.19,/ab","/RELEASES","GET","POST","","%windir%\sysnative\runonce.exe","%windir%\syswow64\runonce.exe","Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-15 19:29:41.997333","2021-04-15 19:29:41.997337",,
"213.252.245.19","443","8 (HTTPS)","198.196.153.195","43","0","presidentofschool14.com,/ab","/FAQ","GET","POST","","%windir%\sysnative\runonce.exe","%windir%\syswow64\runonce.exe","Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-15 19:29:41.997333","2021-04-15 19:29:41.997337",,
"213.252.245.19","443","8 (HTTPS)","198.196.153.195","43","0","presidentofschool14.com,/ab","/RELEASES","GET","POST","","%windir%\sysnative\runonce.exe","%windir%\syswow64\runonce.exe","Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-15 19:29:41.997333","2021-04-15 19:29:41.997337",,
"213.252.245.19","80","0 (HTTP)","198.196.153.195","43","0","213.252.245.19,/ab","/FAQ","GET","POST","","%windir%\sysnative\runonce.exe","%windir%\syswow64\runonce.exe","Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-15 19:29:41.997333","2021-04-15 19:29:41.997337",,
"195.206.181.213","80","0 (HTTP)",,"43","1359593325","195.206.181.213,/ee.html","/ak","GET","POST",,"%windir%\sysnative\WUAUCLT.exe","%windir%\syswow64\WUAUCLT.exe","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246","2021-04-15 19:22:30.393263","2021-04-15 19:22:30.393279",,
"195.206.181.213","443","8 (HTTPS)",,"43","1359593325","antivirusmallware.com,/ee.html","/ak","GET","POST",,"%windir%\sysnative\WUAUCLT.exe","%windir%\syswow64\WUAUCLT.exe","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246","2021-04-15 19:22:30.393263","2021-04-15 19:22:30.393279",,
"195.206.181.213","443","8 (HTTPS)",,"43","1359593325","antivirusmallware.com,/cr.html","/ak","GET","POST",,"%windir%\sysnative\WUAUCLT.exe","%windir%\syswow64\WUAUCLT.exe","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246","2021-04-15 19:22:30.393263","2021-04-15 19:22:30.393279",,
"195.206.181.213","80","0 (HTTP)",,"43","1359593325","195.206.181.213,/ak.html","/ak","GET","POST",,"%windir%\sysnative\WUAUCLT.exe","%windir%\syswow64\WUAUCLT.exe","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246","2021-04-15 19:22:30.393263","2021-04-15 19:22:30.393279",,
"185.25.51.67","443","8 (HTTPS)","169.190.77.2","41","0","fastpic-domain.com,/logo.js,185.25.51.67,/na.js","/modcp","GET","POST","","%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-13 19:22:58.871982","2021-04-15 19:30:12.774909","2 days 00:07:13.902927",
"185.25.51.67","443","8 (HTTPS)","169.190.77.2","41","0","fastpic-domain.com,/na.js,185.25.51.67,/logo.js","/modcp","GET","POST","","%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-13 19:22:58.871982","2021-04-15 19:30:12.774909","2 days 00:07:13.902927",
"185.25.51.55","443","8 (HTTPS)",,"41","1359593325","greattxmsng-imgx.com,/copyright.js","/as","GET","POST",,"%windir%\sysnative\regsvr32.exe","%windir%\syswow64\regsvr32.exe","Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-13 19:22:52.54157","2021-04-15 19:30:07.919759","2 days 00:07:15.378189",
"185.25.51.55","443","8 (HTTPS)",,"41","1359593325","greattxmsng-imgx.com,/ak.js","/as","GET","POST",,"%windir%\sysnative\regsvr32.exe","%windir%\syswow64\regsvr32.exe","Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-13 19:22:52.54157","2021-04-15 19:30:07.919759","2 days 00:07:15.378189",
"185.25.51.55","80","0 (HTTP)",,"41","1359593325","185.25.51.55,/copyright.js","/as","GET","POST",,"%windir%\sysnative\regsvr32.exe","%windir%\syswow64\regsvr32.exe","Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-13 19:22:52.54157","2021-04-15 19:30:07.919759","2 days 00:07:15.378189",
"185.25.51.55","80","0 (HTTP)",,"41","1359593325","185.25.51.55,/copyright.js","/as","GET","POST",,"%windir%\sysnative\regsvr32.exe","%windir%\syswow64\regsvr32.exe","Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-13 19:22:52.54157","2021-04-15 19:30:07.919759","2 days 00:07:15.378189",
"5.34.178.43","443","8 (HTTPS)",,"37","0","liojikd.com,/fr.js","/ab","GET","POST",,"%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246","2021-04-13 14:41:36.292763","2021-04-13 14:41:36.292768",,
"5.34.178.43","80","0 (HTTP)",,"37","0","5.34.178.43,/posting.js","/ab","GET","POST",,"%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246","2021-04-13 14:41:36.292763","2021-04-13 14:41:36.292768",,
"5.34.178.43","80","0 (HTTP)",,"37","0","5.34.178.43,/posting.js","/ab","GET","POST",,"%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246","2021-04-13 14:41:36.292763","2021-04-13 14:41:36.292768",,
"5.34.178.43","443","8 (HTTPS)",,"37","0","liojikd.com,/RELEASE.js","/ab","GET","POST",,"%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246","2021-04-13 14:41:36.292763","2021-04-13 14:41:36.292768",,
"185.14.28.232","80","0 (HTTP)","185.14.28.232","37","305419896","185.14.28.232,/jquery-3.3.1.min.js","/jquery-3.3.2.min.js","GET","POST","","%windir%\sysnative\dllhost.exe","%windir%\syswow64\dllhost.exe","Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko","2021-04-13 13:57:30.655508","2021-04-13 13:57:30.655515",,
"185.14.28.232","80","0 (HTTP)","185.14.28.232","37","305419896","185.14.28.232,/jquery-3.3.1.min.js","/jquery-3.3.2.min.js","GET","POST","","%windir%\sysnative\dllhost.exe","%windir%\syswow64\dllhost.exe","Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko","2021-04-13 13:57:30.655508","2021-04-13 13:57:30.655515",,
"185.14.28.232","443","8 (HTTPS)","185.14.28.232","37","305419896","njerseysports.com,/jquery-3.3.1.min.js","/jquery-3.3.2.min.js","GET","POST","","%windir%\sysnative\dllhost.exe","%windir%\syswow64\dllhost.exe","Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko","2021-04-13 13:57:30.655508","2021-04-13 13:57:30.655515",,
"185.82.219.249","443","8 (HTTPS)",,"37","1359593325","globalpressinfo.com,/jquery-3.3.1.min.js","/jquery-3.3.2.min.js","GET","POST",,"%windir%\sysnative\dllhost.exe","%windir%\syswow64\dllhost.exe","Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko","2021-04-13 13:14:47.715398","2021-04-13 13:14:47.715406",,
"185.82.219.249","443","8 (HTTPS)",,"37","1359593325","globalpressinfo.com,/jquery-3.3.1.min.js","/jquery-3.3.2.min.js","GET","POST",,"%windir%\sysnative\dllhost.exe","%windir%\syswow64\dllhost.exe","Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko","2021-04-13 13:14:47.715398","2021-04-13 13:14:47.715406",,
"139.180.206.75","443","8 (HTTPS)",,"0","1359593325","139.180.206.75,/cm","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)","2021-04-13 11:26:39.651539","2021-04-13 11:26:46.215293","00:00:06.563754",
"139.180.206.75","443","8 (HTTPS)",,"0","1359593325","139.180.206.75,/ptj","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)","2021-04-13 11:26:39.651539","2021-04-13 11:26:46.215293","00:00:06.563754",
"149.28.233.123","443","8 (HTTPS)","0.0.0.0","0","1711276032","149.28.233.123,/match","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch)","2021-04-13 11:25:48.44221","2021-04-13 11:26:02.372944","00:00:13.930734",
"149.28.233.123","443","8 (HTTPS)","0.0.0.0","0","1711276032","149.28.233.123,/cm","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP)","2021-04-13 11:25:48.44221","2021-04-13 11:26:02.372944","00:00:13.930734",
"149.28.233.123","80","0 (HTTP)","0.0.0.0","0","1711276032","149.28.233.123,/__utm.gif","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MASAJS)","2021-04-13 11:25:48.44221","2021-04-13 11:26:02.372944","00:00:13.930734",
"149.28.233.123","80","0 (HTTP)","0.0.0.0","0","1711276032","149.28.233.123,/__utm.gif","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)","2021-04-13 11:25:48.44221","2021-04-13 11:26:02.372944","00:00:13.930734",
"158.247.210.24","443","8 (HTTPS)","0.0.0.0","0","305419896","158.247.210.24,/__utm.gif","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)","2021-04-13 11:25:34.302794","2021-04-13 11:25:34.302799",,
"167.179.79.212","443","8 (HTTPS)","0.0.0.0","0","305419896","167.179.79.212,/ptj","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)","2021-04-13 11:25:00.238651","2021-04-13 11:25:00.238698",,
"167.179.79.212","443","8 (HTTPS)","0.0.0.0","0","305419896","167.179.79.212,/ptj","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)","2021-04-13 11:24:48.582161","2021-04-13 11:24:48.582169",,
"167.179.79.212","443","8 (HTTPS)","0.0.0.0","0","305419896","167.179.79.212,/visit.js","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)","2021-04-13 11:24:48.582161","2021-04-13 11:24:48.582169",,
"202.182.125.249","443","8 (HTTPS)","0.0.0.0","0","171370754","202.182.125.249,/visit.js","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)","2021-04-13 11:24:07.352886","2021-04-13 11:24:07.352892",,
"202.182.125.249","443","8 (HTTPS)","0.0.0.0","0","171370754","202.182.125.249,/cm","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)","2021-04-13 11:24:07.352886","2021-04-13 11:24:07.352892",,
"202.182.125.249","443","8 (HTTPS)","0.0.0.0","0","171370754","202.182.125.249,/visit.js","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)","2021-04-13 11:23:57.726822","2021-04-13 11:23:57.726839",,
"141.164.34.81","80","0 (HTTP)","0.0.0.0","0","0","www.alibababaa.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books","/N4215/adj/amzn.us.sr.aps","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko","2021-04-13 11:23:37.775955","2021-04-13 11:23:49.320717","00:00:11.544762",
"141.164.34.81","443","8 (HTTPS)","0.0.0.0","0","0","www.alibababaa.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books","/N4215/adj/amzn.us.sr.aps","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko","2021-04-13 11:23:37.775955","2021-04-13 11:23:49.320717","00:00:11.544762",
"141.164.34.81","443","8 (HTTPS)","0.0.0.0","0","0","www.alibababaa.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books","/N4215/adj/amzn.us.sr.aps","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko","2021-04-13 11:23:37.775955","2021-04-13 11:23:49.320717","00:00:11.544762",
"141.164.34.81","80","0 (HTTP)","0.0.0.0","0","0","www.alibababaa.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books","/N4215/adj/amzn.us.sr.aps","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko","2021-04-13 11:23:37.775955","2021-04-13 11:23:49.320717","00:00:11.544762",
"141.164.39.206","443","8 (HTTPS)","0.0.0.0","0","305419896","141.164.39.206,/dot.gif","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Touch)","2021-04-13 11:23:18.942972","2021-04-13 11:23:26.79759","00:00:07.854618",
"141.164.39.206","443","8 (HTTPS)","0.0.0.0","0","305419896","141.164.39.206,/en_US/all.js","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MASAJS)","2021-04-13 11:23:18.942972","2021-04-13 11:23:26.79759","00:00:07.854618",
"202.182.101.162","443","8 (HTTPS)","0.0.0.0","0","305419896","202.182.101.162,/match","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; InfoPath.2)","2021-04-13 11:23:07.129354","2021-04-13 11:23:07.129359",,
"45.76.194.120","443","8 (HTTPS)","64.199.21.101","39","0","45.76.194.120,/af","/mobile-android","GET","POST","","%windir%\sysnative\regsvr32.exe","%windir%\syswow64\regsvr32.exe","Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0","2021-04-13 11:22:54.366053","2021-04-13 14:41:42.114286","03:18:47.748233",
"45.76.194.120","443","8 (HTTPS)","64.199.21.101","39","0","45.76.194.120,/af","/mobile-android","GET","POST","","%windir%\sysnative\regsvr32.exe","%windir%\syswow64\regsvr32.exe","Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0","2021-04-13 11:22:54.366053","2021-04-13 14:41:42.114286","03:18:47.748233",
"45.76.202.78","443","8 (HTTPS)","0.0.0.0","0","305419896","10.48.92.66,/updates.rss","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)","2021-04-13 11:22:47.135931","2021-04-13 11:22:47.135935",,
"45.76.202.78","80","0 (HTTP)","0.0.0.0","0","305419896","10.48.92.66,/push","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP)","2021-04-13 11:22:47.135931","2021-04-13 11:22:47.135935",,
"45.76.202.78","80","0 (HTTP)","0.0.0.0","0","305419896","10.48.92.66,/g.pixel","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)","2021-04-13 11:22:47.135931","2021-04-13 11:22:47.135935",,
"45.76.202.78","443","8 (HTTPS)","0.0.0.0","0","305419896","10.48.92.66,/fwlink","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP09; NP09; MAAU)","2021-04-13 11:22:47.135931","2021-04-13 11:22:47.135935",,
"45.76.202.78","80","0 (HTTP)","0.0.0.0","0","305419896","10.48.92.66,/g.pixel","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)","2021-04-13 11:22:34.139522","2021-04-13 11:22:34.139528",,
"45.76.202.78","80","0 (HTTP)","0.0.0.0","0","305419896","10.48.92.66,/push","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP)","2021-04-13 11:22:34.139522","2021-04-13 11:22:34.139528",,
"155.138.215.103","443","8 (HTTPS)",,"0","305419776","155.138.215.103,/cm","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MAGWJS)","2021-04-13 11:22:06.266119","2021-04-13 11:22:09.734361","00:00:03.468242",
"155.138.215.103","443","8 (HTTPS)",,"0","305419776","155.138.215.103,/ca","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)","2021-04-13 11:22:06.266119","2021-04-13 11:22:09.734361","00:00:03.468242",
"45.76.194.120","443","8 (HTTPS)","64.199.21.101","39","0","45.76.194.120,/af","/mobile-android","GET","POST","","%windir%\sysnative\regsvr32.exe","%windir%\syswow64\regsvr32.exe","Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0","2021-04-13 11:13:49.163038","2021-04-13 11:13:49.163047",,

agent tesla malware analysis agent tesla malware defence mechanism apt apt news Bazarcall bazarcall loader Bazarcall malware Bazar Call Malware Bazarcall malware ioc cobalt strike iocs cobalt strike ips cyber threat intelligence dridex malware analysis dridex malware ioc Hancitor hancitor 2021 hancitor malware hancitor malware analysis hancitor malware ioc hancitor ransomware hancitor threat actor kerberoasting attack latest threat intel malware malware analysis malware analysis tool MITRE network attack Network Traffic Analysis phishing detection techniques procmon procmon malware analysis siem soc Threat analysis Threat Hunting threat hunting dns threat intel feeds threat intelligence Trickbot trickbot ioc trickbot ioc 2021 Windows attack windows event logs windows utilities


Previous articleThreat Intelligence – AGENT TESLA Latest IOCs
Next articleThreat Intelligence – Bazarcall Malware Latest IOCs
Balaganesh is a Incident Responder. Certified Ethical Hacker, Penetration Tester, Security blogger, Founder & Author of Soc Investigation.

20 COMMENTS

  1. Excellent weblog right here! Additionally your site loads up fast!

    What web host are you using? Can I get your affiliate hyperlink on your host?
    I want my site loaded up as fast as yours lol

  2. I’m not sure where you’re getting your information, but
    great topic. I needs to spend some time learning more or understanding more.
    Thanks for fantastic information I was looking
    for this info for my mission.

  3. Its like you read my mind! You appear to know a lot about this, like you wrote the book
    in it or something. I think that you can do with some pics to drive the message
    home a bit, but other than that, this is excellent blog.
    An excellent read. I will certainly be back.

  4. Amazing blog! Do you have any recommendations for aspiring writers?
    I’m hoping to start my own blog soon but I’m a little lost on everything.
    Would you recommend starting with a free platform like WordPress or go for a paid option? There are so
    many options out there that I’m totally confused .. Any ideas?

    Cheers!

  5. Having read this I thought it was really enlightening. I appreciate you taking the
    time and effort to put this informative article together. I once again find myself spending
    way too much time both reading and posting comments.
    But so what, it was still worthwhile!

    Check out my homepage :: situs judi Slot online (friendsfollow.Com)

  6. Thanks for one’s marvelous posting! I truly enjoyed reading it, you could be
    a great author.I will remember to bookmark your blog and will
    come back at some point. I want to encourage that you continue your great
    posts, have a nice day!

  7. I think that what you posted made a ton of sense.
    But, think about this, what if you were to create a killer title?
    I am not suggesting your content is not solid, but suppose
    you added a title to maybe get folk’s attention? I mean Threat Intelligence – Cobalt Strike Servers April 13-April 15 Latest IOCs is kinda boring.
    You ought to glance at Yahoo’s front page and note how they write news headlines to get viewers interested.
    You might add a related video or a related pic or two
    to grab readers interested about what you’ve got to
    say. In my opinion, it might bring your blog a little bit more interesting.

  8. What’s Happening i’m new to this, I stumbled upon this I’ve found It positively useful and it has aided me
    out loads. I’m hoping to give a contribution & assist different customers like its aided me.
    Good job.

  9. I do not evеn know how I ended up here, but I thought this post was gooɗ.

    I don’t know who you are but certainly you’re going
    to a famous bloɡɡer if you are not already 😉 Cheers!

LEAVE A REPLY

Please enter your comment!
Please enter your name here