ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://185.186.142.101:443/g.pixel.

Database Entry


IOC ID:295202
IOC: https://185.186.142.101:443/g.pixel
IOC Type :url
Threat Type :botnet_cc
Malware: Cobalt Strike
Malware alias:Agentemis, BEACON, CobaltStrike
Confidence Level : Confidence level is moderate (50%)
First seen:2022-01-14 11:57:47 UTC
Last seen:never
UUID:30d4ca59-7531-11ec-8ab6-42010aa4000a
Reporter @HarioMenkel
Reward 10 credits from anonymous
Tags:CobaltStrike

Twitter
@HarioMenkel
[ Download URL of Beacon ]
https://185.186.142.101/
[ Extracted Beacon Config ]
BeaconType: ['HTTPS']
Port: 443
SleepTime: 60000
MaxGetSize: 1048576
Jitter: 0
MaxDNS: 255
PublicKey: b'0\x81\x9f0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x81\x8d\x000\x81\x89\x02\x81\x81\x00\x8b\xe3Z\xa3\x0b\xb2(\xc2\x08\xf9\xd8\x0b\xaf\x19\xdb\x03\xd2\xbe}Z\xf2\xa7\x9a\xc1\xef\xe6\xad\xe8>\xaay\x9e\x85Eb\xf3\xc7$g\xa5\xdamA\xf0\xe7:\xa9:-\xe7\xc8\xda\xf8\xeb\x98\x9e\x9c\xcc^\x90\x1cB\xf1l\xb0\xb67{\xf9\xdf\x98z/P.\xa6\xb4\x18\xb6\xfa\x9f\xc3e>!\x1b?\xdfp\xdd\xfb\xa0\x9cO\xc8\xe8Y%\x11\xe0\x0c\xe2\x9ch\x07D\xb0\xcft\xe3\x9d>\xa3\xdbH\xd1\xe8\xefq\x0c\xd7\x1b7C;9U\xf5\x02\x03\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
PublicKey_MD5: cc2ca0ce95043b001056d7a840e2c154
C2Server: 185.186.142.101,/g.pixel
UserAgent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;SVSE)
HttpPostUri: /submit.php
Malleable_C2_Instructions: []
HttpGet_Metadata: {'ConstHeaders': [], 'ConstParams': [], 'Metadata': ['base64', 'header "Cookie"'], 'SessionId': [], 'Output': []}
HttpPost_Metadata: {'ConstHeaders': ['Content-Type: application/octet-stream'], 'ConstParams': [], 'Metadata': [], 'SessionId': ['parameter "id"'], 'Output': ['print']}
SpawnTo: Not Found
PipeName:
DNS_Idle: 0.0.0.0
DNS_Sleep: 0
SSH_Host: Not Found
SSH_Port: Not Found
SSH_Username: Not Found
SSH_Password_Plaintext: Not Found
SSH_Password_Pubkey: Not Found
SSH_Banner: Not Found
HttpGet_Verb: GET
HttpPost_Verb: POST
HttpPostChunk: 0
Spawnto_x86: %windir%\syswow64\rundll32.exe
Spawnto_x64: %windir%\sysnative\rundll32.exe
CryptoScheme: 0
Proxy_Config: Not Found
Proxy_User: Not Found
Proxy_Password: Not Found
Proxy_Behavior: Use IE settings
Watermark: 1
bStageCleanup: False
bCFGCaution: False
KillDate: 0
bProcInject_StartRWX: True
bProcInject_UseRWX: True
bProcInject_MinAllocSize: 0
ProcInject_PrependAppend_x86: Empty
ProcInject_PrependAppend_x64: Empty
ProcInject_Execute: Not Found
ProcInject_AllocationMethod: Not Found
ProcInject_Stub: Not Found
bUsesCookies: Not Found
HostHeader: Not Found
smbFrameHeader: Not Found
tcpFrameHeader: Not Found
headersToRemove: Not Found
DNS_Beaconing: Not Found
DNS_get_TypeA: Not Found
DNS_get_TypeAAAA: Not Found
DNS_get_TypeTXT: Not Found
DNS_put_metadata: Not Found
DNS_put_output: Not Found
DNS_resolver: Not Found
DNS_strategy: Not Found
DNS_strategy_rotate_seconds: Not Found
DNS_strategy_fail_x: Not Found
DNS_strategy_fail_seconds: Not Found