ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://1.1.1.1:2222/ptj.

Database Entry


IOC ID:295126
IOC: http://1.1.1.1:2222/ptj
IOC Type :url
Threat Type :botnet_cc
Malware: Cobalt Strike
Malware alias:Agentemis, BEACON, CobaltStrike
Confidence Level : Confidence level is moderate (50%)
First seen:2022-01-14 08:30:31 UTC
Last seen:never
UUID:3ca27d02-7514-11ec-8ab6-42010aa4000a
Reporter @HarioMenkel
Reward 10 credits from anonymous
Tags:CobaltStrike

Twitter
@HarioMenkel
[ Download URL of Beacon ]
http://47.90.202.152:2222/
[ Extracted Beacon Config ]
BeaconType: ['HTTP']
Port: 2222
SleepTime: 60000
MaxGetSize: 1048576
Jitter: 0
MaxDNS: 255
PublicKey: b'0\x81\x9f0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x81\x8d\x000\x81\x89\x02\x81\x81\x00\xa7\t\x91\xd6\x9d\x81j`\x1f\xfa\x80\x97ds\x83\x0f\r;A\'m\'\x90@\x1d\xde\xdb\x18\xe2\xd3\xca\xb3\xc3\x15\xe3"#%\xbeB\xb6Z\xdb(x\xf3?Z\x03\xffP\x10\xb2>\x84*Q\x0c\x14\x82\xadjB\xf1\xe7\xe5rn\xb3\x18\x13\xe7Cv@\xedxy\x95_@\x1e\x17,4\xd3QrAYm\xd4\x1f\x8eH\xd3\xd1\xb1\xc2\x88\xe6\xc8u/\xf6]\xc2z\xcc\xcb\xa4\xba\x9c\xd6\xd0\xe4\xdea\x96\xce\xa4\xdaH\r;\x99\xd0\xed\x02\x03\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
PublicKey_MD5: defb5d95ce99e1ebbf421a1a38d9cb64
C2Server: 1.1.1.1,/ptj
UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
HttpPostUri: /submit.php
Malleable_C2_Instructions: []
HttpGet_Metadata: {'ConstHeaders': [], 'ConstParams': [], 'Metadata': ['base64', 'header "Cookie"'], 'SessionId': [], 'Output': []}
HttpPost_Metadata: {'ConstHeaders': ['Content-Type: application/octet-stream'], 'ConstParams': [], 'Metadata': [], 'SessionId': ['parameter "id"'], 'Output': ['print']}
SpawnTo: b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
PipeName:
DNS_Idle: 0.0.0.0
DNS_Sleep: 0
SSH_Host: Not Found
SSH_Port: Not Found
SSH_Username: Not Found
SSH_Password_Plaintext: Not Found
SSH_Password_Pubkey: Not Found
SSH_Banner:
HttpGet_Verb: GET
HttpPost_Verb: POST
HttpPostChunk: 0
Spawnto_x86: %windir%\syswow64\rundll32.exe
Spawnto_x64: %windir%\sysnative\rundll32.exe
CryptoScheme: 0
Proxy_Config: Not Found
Proxy_User: Not Found
Proxy_Password: Not Found
Proxy_Behavior: Use IE settings
Watermark: 305419896
bStageCleanup: False
bCFGCaution: False
KillDate: 0
bProcInject_StartRWX: True
bProcInject_UseRWX: True
bProcInject_MinAllocSize: 0
ProcInject_PrependAppend_x86: Empty
ProcInject_PrependAppend_x64: Empty
ProcInject_Execute: ['CreateThread', 'SetThreadContext', 'CreateRemoteThread', 'RtlCreateUserThread']
ProcInject_AllocationMethod: VirtualAllocEx
ProcInject_Stub: b'\xa5l\x818d\xaf\x87\x8aL\x10\x08<\xa1W\x8e\n'
bUsesCookies: True
HostHeader:
smbFrameHeader: Not Found
tcpFrameHeader: Not Found
headersToRemove: Not Found
DNS_Beaconing: Not Found
DNS_get_TypeA: Not Found
DNS_get_TypeAAAA: Not Found
DNS_get_TypeTXT: Not Found
DNS_put_metadata: Not Found
DNS_put_output: Not Found
DNS_resolver: Not Found
DNS_strategy: Not Found
DNS_strategy_rotate_seconds: Not Found
DNS_strategy_fail_x: Not Found
DNS_strategy_fail_seconds: Not Found