Threat Intelligence – Cobalt Strike Servers April 13-April 15 Latest IOCs

20

Credits :Jquinn147

Indicators of compromise

"ip","port","beacon_type","dns_idle","jitter","license_id","http_get_uri","http_post_uri","get_verb","post_verb","pipe_name","spawn_to_x64","spawn_to_x86","user_agent","time_first_seen","time_last_seen","duration","confighash"
"173.199.115.116","80","0 (HTTP)",,"0","0","173.199.115.116,/load","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C; .NET4.0E)","2021-04-15 20:05:31.961635","2021-04-15 20:05:39.513777","00:00:07.552142",
"173.199.115.116","80","0 (HTTP)",,"0","0","173.199.115.116,/pixel.gif","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM; MANM)","2021-04-15 20:05:31.961635","2021-04-15 20:05:39.513777","00:00:07.552142",
"173.199.115.116","443","8 (HTTPS)",,"0","0","173.199.115.116,/cm","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)","2021-04-15 20:05:31.961635","2021-04-15 20:05:39.513777","00:00:07.552142",
"173.199.115.116","443","8 (HTTPS)",,"0","0","173.199.115.116,/fwlink","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)","2021-04-15 20:05:31.961635","2021-04-15 20:05:39.513777","00:00:07.552142",
"149.248.1.200","443","8 (HTTPS)","0.0.0.0","0","0","149.248.1.200,/ptj","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)","2021-04-15 20:05:16.380677","2021-04-15 20:05:19.918565","00:00:03.537888",
"149.248.1.200","443","8 (HTTPS)","0.0.0.0","0","0","149.248.1.200,/load","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MANM)","2021-04-15 20:05:16.380677","2021-04-15 20:05:19.918565","00:00:03.537888",
"45.32.102.31","80","0 (HTTP)",,"0","1359593325","45.32.102.31,/pixel","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENCA)","2021-04-15 20:04:56.600879","2021-04-15 20:05:08.336455","00:00:11.735576",
"45.32.102.31","80","0 (HTTP)",,"0","1359593325","45.32.102.31,/dot.gif","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)","2021-04-15 20:04:56.600879","2021-04-15 20:05:08.336455","00:00:11.735576",
"45.32.102.31","443","8 (HTTPS)",,"0","1359593325","45.32.102.31,/j.ad","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; MASPJS)","2021-04-15 20:04:56.600879","2021-04-15 20:05:08.336455","00:00:11.735576",
"45.32.102.31","443","8 (HTTPS)",,"0","1359593325","45.32.102.31,/en_US/all.js","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)","2021-04-15 20:04:56.600879","2021-04-15 20:05:08.336455","00:00:11.735576",
"139.180.203.22","443","8 (HTTPS)",,"0","0","139.180.203.22,/fwlink","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MASP)","2021-04-15 20:04:21.634818","2021-04-15 20:04:27.876298","00:00:06.24148",
"139.180.203.22","443","8 (HTTPS)",,"0","0","139.180.203.22,/push","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E)","2021-04-15 20:04:21.634818","2021-04-15 20:04:27.876298","00:00:06.24148",
"195.206.181.210","80","0 (HTTP)",,"0","0","195.206.181.210,/cx","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)","2021-04-15 20:01:53.103941","2021-04-15 20:01:58.801171","00:00:05.69723",
"195.206.181.210","443","8 (HTTPS)",,"0","0"," citrixsecurityy.com,/load","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1)","2021-04-15 20:01:53.103941","2021-04-15 20:01:58.801171","00:00:05.69723",
"195.206.181.210","80","0 (HTTP)",,"0","0","195.206.181.210,/ga.js","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS)","2021-04-15 20:01:53.103941","2021-04-15 20:01:58.801171","00:00:05.69723",
"195.206.181.210","443","8 (HTTPS)",,"0","0"," citrixsecurityy.com,/updates.rss","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","2021-04-15 20:01:53.103941","2021-04-15 20:01:58.801171","00:00:05.69723",
"195.206.181.208","443","8 (HTTPS)",,"37","1359593325","itsuppport.com,/adminhtml","/xmlconnect","GET","POST",,"%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202","2021-04-15 20:01:47.265133","2021-04-15 20:01:47.265139",,
"195.206.181.208","80","0 (HTTP)",,"37","1359593325","195.206.181.208,/d_config","/xmlconnect","GET","POST",,"%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202","2021-04-15 20:01:47.265133","2021-04-15 20:01:47.265139",,
"195.206.181.208","80","0 (HTTP)",,"37","1359593325","195.206.181.208,/adminhtml","/search","GET","POST",,"%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202","2021-04-15 20:01:47.265133","2021-04-15 20:01:47.265139",,
"195.206.181.208","443","8 (HTTPS)",,"37","1359593325","itsuppport.com,/adminhtml","/search","GET","POST",,"%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202","2021-04-15 20:01:47.265133","2021-04-15 20:01:47.265139",,
"195.206.181.141","80","0 (HTTP)",,"43","1359593325","195.206.181.141,/mobile-android.css","/mg","GET","POST",,"%windir%\sysnative\runonce.exe","%windir%\syswow64\runonce.exe","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9","2021-04-15 20:01:41.040594","2021-04-15 20:01:41.040598",,
"195.206.181.141","443","8 (HTTPS)",,"43","1359593325","blueteamm.com,/styles.css","/mg","GET","POST",,"%windir%\sysnative\runonce.exe","%windir%\syswow64\runonce.exe","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9","2021-04-15 20:01:41.040594","2021-04-15 20:01:41.040598",,
"195.206.181.141","443","8 (HTTPS)",,"43","1359593325","blueteamm.com,/groupcp.css","/av","GET","POST",,"%windir%\sysnative\runonce.exe","%windir%\syswow64\runonce.exe","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9","2021-04-15 20:01:41.040594","2021-04-15 20:01:41.040598",,
"195.206.181.141","80","0 (HTTP)",,"43","1359593325","195.206.181.141,/mobile-android.css","/mg","GET","POST",,"%windir%\sysnative\runonce.exe","%windir%\syswow64\runonce.exe","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9","2021-04-15 20:01:41.040594","2021-04-15 20:01:41.040598",,
"185.250.151.48","443","8 (HTTPS)",,"0","1580103814","185.250.151.48,/visit.js","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MAAU; NP08)","2021-04-15 20:01:26.237366","2021-04-15 20:01:28.727433","00:00:02.490067",
"185.250.151.48","443","8 (HTTPS)",,"0","1580103814","185.250.151.48,/g.pixel","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1)","2021-04-15 20:01:26.237366","2021-04-15 20:01:28.727433","00:00:02.490067",
"185.14.28.131","443","8 (HTTPS)",,"0","1580103814","185.14.28.131,/updates.rss","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MDDCJS)","2021-04-15 20:01:09.122206","2021-04-15 20:01:12.72889","00:00:03.606684",
"185.14.28.131","443","8 (HTTPS)",,"0","1580103814","185.14.28.131,/pixel.gif","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ESES)","2021-04-15 20:01:09.122206","2021-04-15 20:01:12.72889","00:00:03.606684",
"185.162.235.35","443","8 (HTTPS)","0.0.0.0","0","16777216","185.162.235.35,/fwlink","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox)","2021-04-15 20:00:19.935436","2021-04-15 20:00:19.935441",,
"185.162.235.35","443","8 (HTTPS)","0.0.0.0","0","16777216","185.162.235.35,/cx","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)","2021-04-15 19:59:48.892943","2021-04-15 19:59:48.892947",,
"185.162.235.35","443","8 (HTTPS)","0.0.0.0","0","16777216","185.162.235.35,/fwlink","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; Xbox)","2021-04-15 19:59:48.892943","2021-04-15 19:59:48.892947",,
"45.141.84.30","443","8 (HTTPS)",,"0","0","45.141.84.30,/j.ad","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)","2021-04-15 19:30:25.113478","2021-04-15 19:54:13.458891","00:23:48.345413",
"45.141.84.30","443","8 (HTTPS)",,"0","0","45.141.84.30,/en_US/all.js","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP02)","2021-04-15 19:30:25.113478","2021-04-15 19:54:13.458891","00:23:48.345413",
"45.141.84.30","80","0 (HTTP)",,"0","0","45.141.84.30,/ca","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)","2021-04-15 19:30:25.113478","2021-04-15 19:54:13.458891","00:23:48.345413",
"45.141.84.30","80","0 (HTTP)",,"0","0","45.141.84.30,/pixel.gif","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)","2021-04-15 19:30:25.113478","2021-04-15 19:54:13.458891","00:23:48.345413",
"45.141.84.30","80","0 (HTTP)",,"0","0","45.141.84.30,/ca","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)","2021-04-15 19:30:25.113478","2021-04-15 19:30:25.113481",,
"45.141.84.30","443","8 (HTTPS)",,"0","0","45.141.84.30,/en_US/all.js","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP02)","2021-04-15 19:30:25.113478","2021-04-15 19:30:25.113481",,
"45.141.84.30","443","8 (HTTPS)",,"0","0","45.141.84.30,/j.ad","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)","2021-04-15 19:30:25.113478","2021-04-15 19:30:25.113481",,
"45.141.84.30","80","0 (HTTP)",,"0","0","45.141.84.30,/pixel.gif","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)","2021-04-15 19:30:25.113478","2021-04-15 19:30:25.113481",,
"213.252.247.132","443","8 (HTTPS)","101.217.104.38","43","0","fastpighostmerch.com,/html","/bm","GET","POST","","%windir%\sysnative\WUAUCLT.exe","%windir%\syswow64\WUAUCLT.exe","Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36","2021-04-15 19:29:49.431381","2021-04-15 19:29:49.431385",,
"213.252.247.132","443","8 (HTTPS)","101.217.104.38","43","0","fastpighostmerch.com,/html","/bm","GET","POST","","%windir%\sysnative\WUAUCLT.exe","%windir%\syswow64\WUAUCLT.exe","Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36","2021-04-15 19:29:49.431381","2021-04-15 19:29:49.431385",,
"213.252.245.19","80","0 (HTTP)","198.196.153.195","43","0","213.252.245.19,/ab","/RELEASES","GET","POST","","%windir%\sysnative\runonce.exe","%windir%\syswow64\runonce.exe","Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-15 19:29:41.997333","2021-04-15 19:29:41.997337",,
"213.252.245.19","443","8 (HTTPS)","198.196.153.195","43","0","presidentofschool14.com,/ab","/FAQ","GET","POST","","%windir%\sysnative\runonce.exe","%windir%\syswow64\runonce.exe","Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-15 19:29:41.997333","2021-04-15 19:29:41.997337",,
"213.252.245.19","443","8 (HTTPS)","198.196.153.195","43","0","presidentofschool14.com,/ab","/RELEASES","GET","POST","","%windir%\sysnative\runonce.exe","%windir%\syswow64\runonce.exe","Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-15 19:29:41.997333","2021-04-15 19:29:41.997337",,
"213.252.245.19","80","0 (HTTP)","198.196.153.195","43","0","213.252.245.19,/ab","/FAQ","GET","POST","","%windir%\sysnative\runonce.exe","%windir%\syswow64\runonce.exe","Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-15 19:29:41.997333","2021-04-15 19:29:41.997337",,
"195.206.181.213","80","0 (HTTP)",,"43","1359593325","195.206.181.213,/ee.html","/ak","GET","POST",,"%windir%\sysnative\WUAUCLT.exe","%windir%\syswow64\WUAUCLT.exe","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246","2021-04-15 19:22:30.393263","2021-04-15 19:22:30.393279",,
"195.206.181.213","443","8 (HTTPS)",,"43","1359593325","antivirusmallware.com,/ee.html","/ak","GET","POST",,"%windir%\sysnative\WUAUCLT.exe","%windir%\syswow64\WUAUCLT.exe","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246","2021-04-15 19:22:30.393263","2021-04-15 19:22:30.393279",,
"195.206.181.213","443","8 (HTTPS)",,"43","1359593325","antivirusmallware.com,/cr.html","/ak","GET","POST",,"%windir%\sysnative\WUAUCLT.exe","%windir%\syswow64\WUAUCLT.exe","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246","2021-04-15 19:22:30.393263","2021-04-15 19:22:30.393279",,
"195.206.181.213","80","0 (HTTP)",,"43","1359593325","195.206.181.213,/ak.html","/ak","GET","POST",,"%windir%\sysnative\WUAUCLT.exe","%windir%\syswow64\WUAUCLT.exe","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246","2021-04-15 19:22:30.393263","2021-04-15 19:22:30.393279",,
"185.25.51.67","443","8 (HTTPS)","169.190.77.2","41","0","fastpic-domain.com,/logo.js,185.25.51.67,/na.js","/modcp","GET","POST","","%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-13 19:22:58.871982","2021-04-15 19:30:12.774909","2 days 00:07:13.902927",
"185.25.51.67","443","8 (HTTPS)","169.190.77.2","41","0","fastpic-domain.com,/na.js,185.25.51.67,/logo.js","/modcp","GET","POST","","%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-13 19:22:58.871982","2021-04-15 19:30:12.774909","2 days 00:07:13.902927",
"185.25.51.55","443","8 (HTTPS)",,"41","1359593325","greattxmsng-imgx.com,/copyright.js","/as","GET","POST",,"%windir%\sysnative\regsvr32.exe","%windir%\syswow64\regsvr32.exe","Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-13 19:22:52.54157","2021-04-15 19:30:07.919759","2 days 00:07:15.378189",
"185.25.51.55","443","8 (HTTPS)",,"41","1359593325","greattxmsng-imgx.com,/ak.js","/as","GET","POST",,"%windir%\sysnative\regsvr32.exe","%windir%\syswow64\regsvr32.exe","Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-13 19:22:52.54157","2021-04-15 19:30:07.919759","2 days 00:07:15.378189",
"185.25.51.55","80","0 (HTTP)",,"41","1359593325","185.25.51.55,/copyright.js","/as","GET","POST",,"%windir%\sysnative\regsvr32.exe","%windir%\syswow64\regsvr32.exe","Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-13 19:22:52.54157","2021-04-15 19:30:07.919759","2 days 00:07:15.378189",
"185.25.51.55","80","0 (HTTP)",,"41","1359593325","185.25.51.55,/copyright.js","/as","GET","POST",,"%windir%\sysnative\regsvr32.exe","%windir%\syswow64\regsvr32.exe","Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0","2021-04-13 19:22:52.54157","2021-04-15 19:30:07.919759","2 days 00:07:15.378189",
"5.34.178.43","443","8 (HTTPS)",,"37","0","liojikd.com,/fr.js","/ab","GET","POST",,"%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246","2021-04-13 14:41:36.292763","2021-04-13 14:41:36.292768",,
"5.34.178.43","80","0 (HTTP)",,"37","0","5.34.178.43,/posting.js","/ab","GET","POST",,"%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246","2021-04-13 14:41:36.292763","2021-04-13 14:41:36.292768",,
"5.34.178.43","80","0 (HTTP)",,"37","0","5.34.178.43,/posting.js","/ab","GET","POST",,"%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246","2021-04-13 14:41:36.292763","2021-04-13 14:41:36.292768",,
"5.34.178.43","443","8 (HTTPS)",,"37","0","liojikd.com,/RELEASE.js","/ab","GET","POST",,"%windir%\sysnative\svchost.exe","%windir%\syswow64\svchost.exe","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246","2021-04-13 14:41:36.292763","2021-04-13 14:41:36.292768",,
"185.14.28.232","80","0 (HTTP)","185.14.28.232","37","305419896","185.14.28.232,/jquery-3.3.1.min.js","/jquery-3.3.2.min.js","GET","POST","","%windir%\sysnative\dllhost.exe","%windir%\syswow64\dllhost.exe","Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko","2021-04-13 13:57:30.655508","2021-04-13 13:57:30.655515",,
"185.14.28.232","80","0 (HTTP)","185.14.28.232","37","305419896","185.14.28.232,/jquery-3.3.1.min.js","/jquery-3.3.2.min.js","GET","POST","","%windir%\sysnative\dllhost.exe","%windir%\syswow64\dllhost.exe","Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko","2021-04-13 13:57:30.655508","2021-04-13 13:57:30.655515",,
"185.14.28.232","443","8 (HTTPS)","185.14.28.232","37","305419896","njerseysports.com,/jquery-3.3.1.min.js","/jquery-3.3.2.min.js","GET","POST","","%windir%\sysnative\dllhost.exe","%windir%\syswow64\dllhost.exe","Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko","2021-04-13 13:57:30.655508","2021-04-13 13:57:30.655515",,
"185.82.219.249","443","8 (HTTPS)",,"37","1359593325","globalpressinfo.com,/jquery-3.3.1.min.js","/jquery-3.3.2.min.js","GET","POST",,"%windir%\sysnative\dllhost.exe","%windir%\syswow64\dllhost.exe","Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko","2021-04-13 13:14:47.715398","2021-04-13 13:14:47.715406",,
"185.82.219.249","443","8 (HTTPS)",,"37","1359593325","globalpressinfo.com,/jquery-3.3.1.min.js","/jquery-3.3.2.min.js","GET","POST",,"%windir%\sysnative\dllhost.exe","%windir%\syswow64\dllhost.exe","Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko","2021-04-13 13:14:47.715398","2021-04-13 13:14:47.715406",,
"139.180.206.75","443","8 (HTTPS)",,"0","1359593325","139.180.206.75,/cm","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)","2021-04-13 11:26:39.651539","2021-04-13 11:26:46.215293","00:00:06.563754",
"139.180.206.75","443","8 (HTTPS)",,"0","1359593325","139.180.206.75,/ptj","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)","2021-04-13 11:26:39.651539","2021-04-13 11:26:46.215293","00:00:06.563754",
"149.28.233.123","443","8 (HTTPS)","0.0.0.0","0","1711276032","149.28.233.123,/match","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch)","2021-04-13 11:25:48.44221","2021-04-13 11:26:02.372944","00:00:13.930734",
"149.28.233.123","443","8 (HTTPS)","0.0.0.0","0","1711276032","149.28.233.123,/cm","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP)","2021-04-13 11:25:48.44221","2021-04-13 11:26:02.372944","00:00:13.930734",
"149.28.233.123","80","0 (HTTP)","0.0.0.0","0","1711276032","149.28.233.123,/__utm.gif","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MASAJS)","2021-04-13 11:25:48.44221","2021-04-13 11:26:02.372944","00:00:13.930734",
"149.28.233.123","80","0 (HTTP)","0.0.0.0","0","1711276032","149.28.233.123,/__utm.gif","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)","2021-04-13 11:25:48.44221","2021-04-13 11:26:02.372944","00:00:13.930734",
"158.247.210.24","443","8 (HTTPS)","0.0.0.0","0","305419896","158.247.210.24,/__utm.gif","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)","2021-04-13 11:25:34.302794","2021-04-13 11:25:34.302799",,
"167.179.79.212","443","8 (HTTPS)","0.0.0.0","0","305419896","167.179.79.212,/ptj","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)","2021-04-13 11:25:00.238651","2021-04-13 11:25:00.238698",,
"167.179.79.212","443","8 (HTTPS)","0.0.0.0","0","305419896","167.179.79.212,/ptj","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)","2021-04-13 11:24:48.582161","2021-04-13 11:24:48.582169",,
"167.179.79.212","443","8 (HTTPS)","0.0.0.0","0","305419896","167.179.79.212,/visit.js","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)","2021-04-13 11:24:48.582161","2021-04-13 11:24:48.582169",,
"202.182.125.249","443","8 (HTTPS)","0.0.0.0","0","171370754","202.182.125.249,/visit.js","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)","2021-04-13 11:24:07.352886","2021-04-13 11:24:07.352892",,
"202.182.125.249","443","8 (HTTPS)","0.0.0.0","0","171370754","202.182.125.249,/cm","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)","2021-04-13 11:24:07.352886","2021-04-13 11:24:07.352892",,
"202.182.125.249","443","8 (HTTPS)","0.0.0.0","0","171370754","202.182.125.249,/visit.js","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)","2021-04-13 11:23:57.726822","2021-04-13 11:23:57.726839",,
"141.164.34.81","80","0 (HTTP)","0.0.0.0","0","0","www.alibababaa.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books","/N4215/adj/amzn.us.sr.aps","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko","2021-04-13 11:23:37.775955","2021-04-13 11:23:49.320717","00:00:11.544762",
"141.164.34.81","443","8 (HTTPS)","0.0.0.0","0","0","www.alibababaa.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books","/N4215/adj/amzn.us.sr.aps","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko","2021-04-13 11:23:37.775955","2021-04-13 11:23:49.320717","00:00:11.544762",
"141.164.34.81","443","8 (HTTPS)","0.0.0.0","0","0","www.alibababaa.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books","/N4215/adj/amzn.us.sr.aps","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko","2021-04-13 11:23:37.775955","2021-04-13 11:23:49.320717","00:00:11.544762",
"141.164.34.81","80","0 (HTTP)","0.0.0.0","0","0","www.alibababaa.com,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books","/N4215/adj/amzn.us.sr.aps","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko","2021-04-13 11:23:37.775955","2021-04-13 11:23:49.320717","00:00:11.544762",
"141.164.39.206","443","8 (HTTPS)","0.0.0.0","0","305419896","141.164.39.206,/dot.gif","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Touch)","2021-04-13 11:23:18.942972","2021-04-13 11:23:26.79759","00:00:07.854618",
"141.164.39.206","443","8 (HTTPS)","0.0.0.0","0","305419896","141.164.39.206,/en_US/all.js","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MASAJS)","2021-04-13 11:23:18.942972","2021-04-13 11:23:26.79759","00:00:07.854618",
"202.182.101.162","443","8 (HTTPS)","0.0.0.0","0","305419896","202.182.101.162,/match","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; QQDownload 733; InfoPath.2)","2021-04-13 11:23:07.129354","2021-04-13 11:23:07.129359",,
"45.76.194.120","443","8 (HTTPS)","64.199.21.101","39","0","45.76.194.120,/af","/mobile-android","GET","POST","","%windir%\sysnative\regsvr32.exe","%windir%\syswow64\regsvr32.exe","Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0","2021-04-13 11:22:54.366053","2021-04-13 14:41:42.114286","03:18:47.748233",
"45.76.194.120","443","8 (HTTPS)","64.199.21.101","39","0","45.76.194.120,/af","/mobile-android","GET","POST","","%windir%\sysnative\regsvr32.exe","%windir%\syswow64\regsvr32.exe","Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0","2021-04-13 11:22:54.366053","2021-04-13 14:41:42.114286","03:18:47.748233",
"45.76.202.78","443","8 (HTTPS)","0.0.0.0","0","305419896","10.48.92.66,/updates.rss","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)","2021-04-13 11:22:47.135931","2021-04-13 11:22:47.135935",,
"45.76.202.78","80","0 (HTTP)","0.0.0.0","0","305419896","10.48.92.66,/push","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP)","2021-04-13 11:22:47.135931","2021-04-13 11:22:47.135935",,
"45.76.202.78","80","0 (HTTP)","0.0.0.0","0","305419896","10.48.92.66,/g.pixel","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)","2021-04-13 11:22:47.135931","2021-04-13 11:22:47.135935",,
"45.76.202.78","443","8 (HTTPS)","0.0.0.0","0","305419896","10.48.92.66,/fwlink","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP09; NP09; MAAU)","2021-04-13 11:22:47.135931","2021-04-13 11:22:47.135935",,
"45.76.202.78","80","0 (HTTP)","0.0.0.0","0","305419896","10.48.92.66,/g.pixel","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)","2021-04-13 11:22:34.139522","2021-04-13 11:22:34.139528",,
"45.76.202.78","80","0 (HTTP)","0.0.0.0","0","305419896","10.48.92.66,/push","/submit.php","GET","POST","","%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP)","2021-04-13 11:22:34.139522","2021-04-13 11:22:34.139528",,
"155.138.215.103","443","8 (HTTPS)",,"0","305419776","155.138.215.103,/cm","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MAGWJS)","2021-04-13 11:22:06.266119","2021-04-13 11:22:09.734361","00:00:03.468242",
"155.138.215.103","443","8 (HTTPS)",,"0","305419776","155.138.215.103,/ca","/submit.php","GET","POST",,"%windir%\sysnative\rundll32.exe","%windir%\syswow64\rundll32.exe","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)","2021-04-13 11:22:06.266119","2021-04-13 11:22:09.734361","00:00:03.468242",
"45.76.194.120","443","8 (HTTPS)","64.199.21.101","39","0","45.76.194.120,/af","/mobile-android","GET","POST","","%windir%\sysnative\regsvr32.exe","%windir%\syswow64\regsvr32.exe","Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0","2021-04-13 11:13:49.163038","2021-04-13 11:13:49.163047",,

apt Bazarcall bazarcall loader Bazarcall malware Bazar Call Malware Bazarcall malware ioc cyberchef malware analysis cyber threat intelligence event id 4625 event id 4648 event id 4672 event id 4688 event id 4697 event id 5145 event ids to monitor Hancitor hancitor 2021 hancitor malware hancitor malware analysis hancitor malware ioc hancitor ransomware hancitor threat actor incident response tools iocs latest iocs latest threat intel malware malware analysis malware analysis tool malware analyst MITRE phishing detection techniques siem soc soc analyst Threat Hunting threat hunting examples threat hunting tools threat hunting windows event logs threat intelligence windows event ids to monitor windows event id threat hunting Windows event log analysis windows event logs windows security

Previous articleThreat Intelligence – AGENT TESLA Latest IOCs
Next articleThreat Intelligence – Bazarcall Malware Latest IOCs
BalaGanesh
Balaganesh is a Incident Responder. Certified Ethical Hacker, Penetration Tester, Security blogger, Founder & Author of Soc Investigation.

LEAVE A REPLY

Please enter your comment!
Please enter your name here