MichaelKoczwara · April 20, 2021 09:55
diff --git a/Cobalt Strike - Office-C2 b/Cobalt Strike - Office-C2
 139.60.161.62 

 {"x64": {"md5": "76ea371a846882c14e1203da09dc6e11", "sha1": "208e53753c6435dcb02001d8a8c8f62fbb4ce79c", "time": 1618902720340.7, "config": {"DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "C2 Server": "a.officecalendar.biz,\/owa\/", "Port": 443, "Beacon Type": "8 (HTTPS)", "Method 2": "GET", "Jitter": 20, "Header 2": "", "DNS Idle": "8.8.8.8", "HTTP Method Path 2": "\/OWA\/", "Max DNS": 235, "Header 1": "", "Method 1": "GET", "User Agent": "Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.36 (KHTML, like Gecko)", "Polling": 30000, "Pipe Name": ""}, "sha256": "2f256a1b4af0453ae3b7468528e9a21bd767d1b4c8fd86f655e29b5f177215bb"}, "x86": {"md5": "8082ddcf750b84602c0ad0eeff6625c3", "sha1": "f9b4bb659d6c348d1fe8f6c5155831d4b91b8bce", "time": 1618902717665.6, "config": {"DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "C2 Server": "a.officecalendar.biz,\/owa\/", "Port": 443, "Beacon Type": "8 (HTTPS)", "Method 2": "GET", "Jitter": 20, "Header 2": "", "DNS Idle": "8.8.8.8", "HTTP Method Path 2": "\/OWA\/", "Max DNS": 235, "Header 1": "", "Method 1": "GET", "User Agent": "Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.36 (KHTML, like Gecko)", "Polling": 30000, "Pipe Name": ""}, "sha256": "02b3aebc945dd78c467f77abc0faf018a78bedeffcca46a89c71bef42a19d3fc"}}


 51.81.153.37

 {"x86": {"sha1": "e9f317e15d8162377ae77f6565579e2b384b648a", "md5": "b639edad1efd34ed292212bd27a6d586", "sha256": "d6f3c450048135e5e5f6dfa7aa409e182b81b060b2d88220ada1dfb2752a42f8", "time": 1618911737185.8, "config": {"Polling": 7514, "Beacon Type": "8 (HTTPS)", "Spawn To x86": "%windir%\\syswow64\\gpupdate.exe", "Port": 443, "Jitter": 66, "C2 Server": "office3949in.com,\/vision", "HTTP Method Path 2": "\/valid", "Method 2": "POST", "Method 1": "GET", "Spawn To x64": "%windir%\\sysnative\\gpupdate.exe"}}, "x64": {"sha1": "3d1cf27b77399271d56b245ed6e335ab09246b36", "md5": "109c78c3caf8b9ae611eac6a541d36eb", "sha256": "f53fb4762397167e4eb4821e7f241d9832c47930215b7c180eed6530e1ea3a7e", "time": 1618911742116.6, "config": {"Polling": 7514, "Beacon Type": "8 (HTTPS)", "Spawn To x86": "%windir%\\syswow64\\gpupdate.exe", "Port": 443, "Jitter": 66, "C2 Server": "office3949in.com,\/vision", "HTTP Method Path 2": "\/valid", "Method 2": "POST", "Method 1": "GET", "Spawn To x64": "%windir%\\sysnative\\gpupdate.exe"}}}


 3.137.139.119

 "x64": {"md5": "84932ae2a93dc958127b32c37cb5a093", "sha1": "999e6d37bf523bbc16b8bf649025d86d8326235e", "time": 1618911904876.8, "config": {"HTTP Method Path 2": "\/submit.php", "Max DNS": 255, "Polling": 60000, "Header 2": "", "Method 2": "POST", "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; BOIE9;ENUSMSE)", "Pipe Name": "", "C2 Server": "service.office247.tech,\/dot.gif", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "8 (HTTPS)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "DNS Sleep": 0, "Port": 443, "Method 1": "GET", "Header 1": "", "Jitter": 0}, "sha256": "5b27ff090f17448f25bf508538378f7f0201a192950b78a5027eee3ae639460c"}, "x86": {"md5": "36dd6df83769971ce8c64617cd07a418", "sha1": "f68cc384314a37fae9319dd9ca22acc8c126e5f0", "time": 1618911898136.2, "config": {"HTTP Method Path 2": "\/submit.php", "Max DNS": 255, "Polling": 60000, "Header 2": "", "Method 2": "POST", "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident\/5.0; MALCJS)", "Pipe Name": "", "C2 Server": "service.office247.tech,\/ga.js", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "8 (HTTPS)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "DNS Sleep": 0, "Port": 443, "Method 1": "GET", "Header 1": "", "Jitter": 0}, "sha256": "2ac85d0212f1de06db5b687bcf90691d60c8a9c70550b3846028883de436e69e"}}
	139.60.161.62

	{"x64": {"md5": "76ea371a846882c14e1203da09dc6e11", "sha1": "208e53753c6435dcb02001d8a8c8f62fbb4ce79c", "time": 1618902720340.7, "config": {"DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "C2 Server": "a.officecalendar.biz,\/owa\/", "Port": 443, "Beacon Type": "8 (HTTPS)", "Method 2": "GET", "Jitter": 20, "Header 2": "", "DNS Idle": "8.8.8.8", "HTTP Method Path 2": "\/OWA\/", "Max DNS": 235, "Header 1": "", "Method 1": "GET", "User Agent": "Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.36 (KHTML, like Gecko)", "Polling": 30000, "Pipe Name": ""}, "sha256": "2f256a1b4af0453ae3b7468528e9a21bd767d1b4c8fd86f655e29b5f177215bb"}, "x86": {"md5": "8082ddcf750b84602c0ad0eeff6625c3", "sha1": "f9b4bb659d6c348d1fe8f6c5155831d4b91b8bce", "time": 1618902717665.6, "config": {"DNS Sleep": 0, "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "C2 Server": "a.officecalendar.biz,\/owa\/", "Port": 443, "Beacon Type": "8 (HTTPS)", "Method 2": "GET", "Jitter": 20, "Header 2": "", "DNS Idle": "8.8.8.8", "HTTP Method Path 2": "\/OWA\/", "Max DNS": 235, "Header 1": "", "Method 1": "GET", "User Agent": "Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.36 (KHTML, like Gecko)", "Polling": 30000, "Pipe Name": ""}, "sha256": "02b3aebc945dd78c467f77abc0faf018a78bedeffcca46a89c71bef42a19d3fc"}}


	51.81.153.37

	{"x86": {"sha1": "e9f317e15d8162377ae77f6565579e2b384b648a", "md5": "b639edad1efd34ed292212bd27a6d586", "sha256": "d6f3c450048135e5e5f6dfa7aa409e182b81b060b2d88220ada1dfb2752a42f8", "time": 1618911737185.8, "config": {"Polling": 7514, "Beacon Type": "8 (HTTPS)", "Spawn To x86": "%windir%\\syswow64\\gpupdate.exe", "Port": 443, "Jitter": 66, "C2 Server": "office3949in.com,\/vision", "HTTP Method Path 2": "\/valid", "Method 2": "POST", "Method 1": "GET", "Spawn To x64": "%windir%\\sysnative\\gpupdate.exe"}}, "x64": {"sha1": "3d1cf27b77399271d56b245ed6e335ab09246b36", "md5": "109c78c3caf8b9ae611eac6a541d36eb", "sha256": "f53fb4762397167e4eb4821e7f241d9832c47930215b7c180eed6530e1ea3a7e", "time": 1618911742116.6, "config": {"Polling": 7514, "Beacon Type": "8 (HTTPS)", "Spawn To x86": "%windir%\\syswow64\\gpupdate.exe", "Port": 443, "Jitter": 66, "C2 Server": "office3949in.com,\/vision", "HTTP Method Path 2": "\/valid", "Method 2": "POST", "Method 1": "GET", "Spawn To x64": "%windir%\\sysnative\\gpupdate.exe"}}}


	3.137.139.119

	"x64": {"md5": "84932ae2a93dc958127b32c37cb5a093", "sha1": "999e6d37bf523bbc16b8bf649025d86d8326235e", "time": 1618911904876.8, "config": {"HTTP Method Path 2": "\/submit.php", "Max DNS": 255, "Polling": 60000, "Header 2": "", "Method 2": "POST", "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0; BOIE9;ENUSMSE)", "Pipe Name": "", "C2 Server": "service.office247.tech,\/dot.gif", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "8 (HTTPS)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "DNS Sleep": 0, "Port": 443, "Method 1": "GET", "Header 1": "", "Jitter": 0}, "sha256": "5b27ff090f17448f25bf508538378f7f0201a192950b78a5027eee3ae639460c"}, "x86": {"md5": "36dd6df83769971ce8c64617cd07a418", "sha1": "f68cc384314a37fae9319dd9ca22acc8c126e5f0", "time": 1618911898136.2, "config": {"HTTP Method Path 2": "\/submit.php", "Max DNS": 255, "Polling": 60000, "Header 2": "", "Method 2": "POST", "DNS Idle": "0.0.0.0", "User Agent": "Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident\/5.0; MALCJS)", "Pipe Name": "", "C2 Server": "service.office247.tech,\/ga.js", "Spawn To x86": "%windir%\\syswow64\\rundll32.exe", "Beacon Type": "8 (HTTPS)", "Spawn To x64": "%windir%\\sysnative\\rundll32.exe", "DNS Sleep": 0, "Port": 443, "Method 1": "GET", "Header 1": "", "Jitter": 0}, "sha256": "2ac85d0212f1de06db5b687bcf90691d60c8a9c70550b3846028883de436e69e"}}