usualsuspect · April 21, 2022 12:26
diff --git a/cs_rebound_infotech_config.txt b/cs_rebound_infotech_config.txt
 BeaconType                       - Hybrid HTTP DNS
 Port                             - 1
 SleepTime                        - 3787
 MaxGetSize                       - 1864474
 Jitter                           - 59
 MaxDNS                           - 255
 PublicKey_MD5                    - 832667e06ab05f34cef55ad209504a2b
 C2Server                         - ns1.standwithukraine.space,/jp,dns.standwithukraine.space,/jp,ns1.costacancordia.com,/jp,dns.costacancordia.com,/jp
 UserAgent                        - Not Found
 HttpPostUri                      - Not Found
 Malleable_C2_Instructions        - Not Found
 HttpGet_Metadata                 - Not Found
 HttpPost_Metadata                - Not Found
 PipeName                         - Not Found
 DNS_Idle                         - 0.0.0.0
 DNS_Sleep                        - 0
 SSH_Host                         - Not Found
 SSH_Port                         - Not Found
 SSH_Username                     - Not Found
 SSH_Password_Plaintext           - Not Found
 SSH_Password_Pubkey              - Not Found
 SSH_Banner                       - 
 HttpGet_Verb                     - GET
 HttpPost_Verb                    - POST
 HttpPostChunk                    - 0
 Spawnto_x86                      - %windir%\system32\rundll32.exe
 Spawnto_x64                      - %windir%\system32\rundll32.exe
 CryptoScheme                     - 0
 Proxy_Config                     - Not Found
 Proxy_User                       - Not Found
 Proxy_Password                   - Not Found
 Proxy_Behavior                   - Use IE settings
 Watermark_Hash                   - xi1knfb/QiftN2EAhdtcyw==
 Watermark                        - 206546002
 bStageCleanup                    - True
 bCFGCaution                      - False
 KillDate                         - 0
 bProcInject_StartRWX             - False
 bProcInject_UseRWX               - False
 bProcInject_MinAllocSize         - 14029
 ProcInject_PrependAppend_x86     - b'\x90\x90\x90\x90\x90'
                                   Empty
 ProcInject_PrependAppend_x64     - b'\x90\x90\x90\x90\x90'
                                   Empty
 ProcInject_Execute               - CreateThread
                                   CreateRemoteThread
                                   RtlCreateUserThread
 ProcInject_AllocationMethod      - VirtualAllocEx
 bUsesCookies                     - True
 HostHeader                       - 
 headersToRemove                  - Not Found
 DNS_Beaconing                    - 
 DNS_get_TypeA                    - cdn.
 DNS_get_TypeAAAA                 - www6.
 DNS_get_TypeTXT                  - api.
 DNS_put_metadata                 - www.
 DNS_put_output                   - post.
 DNS_resolver                     - 
 DNS_strategy                     - round-robin
 DNS_strategy_rotate_seconds      - -1
 DNS_strategy_fail_x              - -1
 DNS_strategy_fail_seconds        - -1
 Retry_Max_Attempts               - 0
 Retry_Increase_Attempts          - 0
 Retry_Duration                   - 0
	BeaconType - Hybrid HTTP DNS
	Port - 1
	SleepTime - 3787
	MaxGetSize - 1864474
	Jitter - 59
	MaxDNS - 255
	PublicKey_MD5 - 832667e06ab05f34cef55ad209504a2b
	C2Server - ns1.standwithukraine.space,/jp,dns.standwithukraine.space,/jp,ns1.costacancordia.com,/jp,dns.costacancordia.com,/jp
	UserAgent - Not Found
	HttpPostUri - Not Found
	Malleable_C2_Instructions - Not Found
	HttpGet_Metadata - Not Found
	HttpPost_Metadata - Not Found
	PipeName - Not Found
	DNS_Idle - 0.0.0.0
	DNS_Sleep - 0
	SSH_Host - Not Found
	SSH_Port - Not Found
	SSH_Username - Not Found
	SSH_Password_Plaintext - Not Found
	SSH_Password_Pubkey - Not Found
	SSH_Banner -
	HttpGet_Verb - GET
	HttpPost_Verb - POST
	HttpPostChunk - 0
	Spawnto_x86 - %windir%\system32\rundll32.exe
	Spawnto_x64 - %windir%\system32\rundll32.exe
	CryptoScheme - 0
	Proxy_Config - Not Found
	Proxy_User - Not Found
	Proxy_Password - Not Found
	Proxy_Behavior - Use IE settings
	Watermark_Hash - xi1knfb/QiftN2EAhdtcyw==
	Watermark - 206546002
	bStageCleanup - True
	bCFGCaution - False
	KillDate - 0
	bProcInject_StartRWX - False
	bProcInject_UseRWX - False
	bProcInject_MinAllocSize - 14029
	ProcInject_PrependAppend_x86 - b'\x90\x90\x90\x90\x90'
	Empty
	ProcInject_PrependAppend_x64 - b'\x90\x90\x90\x90\x90'
	Empty
	ProcInject_Execute - CreateThread
	CreateRemoteThread
	RtlCreateUserThread
	ProcInject_AllocationMethod - VirtualAllocEx
	bUsesCookies - True
	HostHeader -
	headersToRemove - Not Found
	DNS_Beaconing -
	DNS_get_TypeA - cdn.
	DNS_get_TypeAAAA - www6.
	DNS_get_TypeTXT - api.
	DNS_put_metadata - www.
	DNS_put_output - post.
	DNS_resolver -
	DNS_strategy - round-robin
	DNS_strategy_rotate_seconds - -1
	DNS_strategy_fail_x - -1
	DNS_strategy_fail_seconds - -1
	Retry_Max_Attempts - 0
	Retry_Increase_Attempts - 0
	Retry_Duration - 0