ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://121.199.25.133:8081/submit.php.

Database Entry


IOC ID:851186
IOC: http://121.199.25.133:8081/submit.php
IOC Type :url
Threat Type :botnet_cc
Malware: Cobalt Strike
Malware alias:Agentemis, BEACON, CobaltStrike, cobeacon
Confidence Level : Confidence level is high (100%)
First seen:2022-09-22 23:13:04 UTC
Last seen:never
UUID:1cd20f57-3acc-11ed-ae73-42010aa4000a
Reporter @AndreGironda
Reward 5 credits from ThreatFox
Tags:Beacon Cobalt Strike CobaltStrike
Reference: https://www.virustotal.com/gui/file/d6cc2e99d6635551d4ac66cd83f22b14a6771e479b541bca7713fb9c6e2585e8

Twitter
@AndreGironda
BeaconType - HTTP
Port - 8081
SleepTime - 60000
MaxGetSize - 1048576
Jitter - 0
PublicKey_MD5 - 22727cd35c5b855143e122918a40f584
C2Server - 121.199.25.133,/cm
UserAgent - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)
HttpPostUri - /submit.php
Malleable_C2_Instructions - Empty
HttpGet_Metadata - Metadata
base64
header "Cookie"
HttpPost_Metadata - ConstHeaders
Content-Type: application/octet-stream
SessionId
parameter "id"
Output
print
SSH_Banner -
HttpGet_Verb - GET
HttpPost_Verb - POST
HttpPostChunk - 0
Spawnto_x86 - %windir%\syswow64\rundll32.exe
Spawnto_x64 - %windir%\sysnative\rundll32.exe
CryptoScheme - 0
Proxy_Behavior - Use IE settings
Watermark - 426352781
bStageCleanup - False
bCFGCaution - False
KillDate - 0
bProcInject_StartRWX - True
bProcInject_UseRWX - True
bProcInject_MinAllocSize - 0
ProcInject_PrependAppend_x86 - Empty
ProcInject_PrependAppend_x64 - Empty
ProcInject_Execute - CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
ProcInject_AllocationMethod - VirtualAllocEx
bUsesCookies - True
HostHeader -
DNS_strategy - round-robin
DNS_strategy_rotate_seconds - -1
DNS_strategy_fail_x - -1
DNS_strategy_fail_seconds - -1