ThreatFox IOC Database
You are viewing the ThreatFox database entry for url http://23.236.67.17:8698/ca.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2025-12-15 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 1091987 |
|---|---|
| IOC: | http://23.236.67.17:8698/ca |
| IOC Type : | url |
| Threat Type : | botnet_cc |
| Malware: | Cobalt Strike |
| Malware alias: | Agentemis, BEACON, CobaltStrike, cobeacon |
| Confidence Level : | Confidence level is high (100%) |
| ASN: | AS6134 XNNET |
| Country: |  US |
| First seen: | 2023-03-20 12:25:45 UTC |
| Last seen: | never |
| UUID: | 56a5a67d-c71a-11ed-928d-42010aa4000a |
| Reporter | Anonymous |
| Reward | 5 credits from ThreatFox |
| Tags: | 305419896 Beacon Cobalt Strike CobaltStriike |
| Reference: | https://www.virustotal.com/gui/file/d605e23c8c76b6972e193951adb3930aff283cbad7e13cd54199e5881839fbab/behavior |
Anonymous
BeaconType - HTTPPort - 8698
SleepTime - 60000
MaxGetSize - 1048576
Jitter - 0
MaxDNS - 255
PublicKey_MD5 - 807b719f3ea3c73901a611fdcd26d387
C2Server - 0.0.0.0,/dot.gif,23.236.67.17,/ca
UserAgent - Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)
HttpPostUri - /submit.php
Malleable_C2_Instructions - Empty
HttpGet_Metadata - Metadata
base64
header "Cookie"
HttpPost_Metadata - ConstHeaders
Content-Type: application/octet-stream
SessionId
parameter "id"
Output
PipeName -
DNS_Idle - 0.0.0.0
DNS_Sleep - 0
SSH_Host - Not Found
SSH_Port - Not Found
SSH_Username - Not Found
SSH_Password_Plaintext - Not Found
SSH_Password_Pubkey - Not Found
SSH_Banner -
HttpGet_Verb - GET
HttpPost_Verb - POST
HttpPostChunk - 0
Spawnto_x86 - %windir%\syswow64\rundll32.exe
Spawnto_x64 - %windir%\sysnative\rundll32.exe
CryptoScheme - 0
Proxy_Config - Not Found
Proxy_User - Not Found
Proxy_Password - Not Found
Proxy_Behavior - Use IE settings
Watermark_Hash - Not Found
Watermark - 305419896
bStageCleanup - False
bCFGCaution - False
KillDate - 0
bProcInject_StartRWX - True
bProcInject_UseRWX - True
bProcInject_MinAllocSize - 0
ProcInject_PrependAppend_x86 - Empty
ProcInject_PrependAppend_x64 - Empty
ProcInject_Execute - CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
ProcInject_AllocationMethod - VirtualAllocEx
bUsesCookies - True
HostHeader -
headersToRemove - Not Found
DNS_Beaconing - Not Found
DNS_get_TypeA - Not Found
DNS_get_TypeAAAA - Not Found
DNS_get_TypeTXT - Not Found
DNS_put_metadata - Not Found
DNS_put_output - Not Found
DNS_resolver - Not Found
DNS_strategy - Not Found
DNS_strategy_rotate_seconds - Not Found
DNS_strategy_fail_x - Not Found
DNS_strategy_fail_seconds - Not Found
Retry_Max_Attempts - Not Found
Retry_Increase_Attempts - Not Found
Retry_Duration - Not Found