Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-05-23...ig.exe

windows7-x64

10

2024-05-23...ig.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/05/2024, 02:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe

  • Size

    11.1MB

  • MD5

    beadc15a71f71f86a5cd7f1c92bbb457

  • SHA1

    d1ed1de1350353d2943efe852f3b261828aed65b

  • SHA256

    671937a256d96e8771f1951a905d6001aa38c39661c3602749e2aea5233e6855

  • SHA512

    9001cefe33807307886a2bce63e3d0694dbe367bbc484c308ee0d7bea3019a598a1ba0d66ffc705834fbc9cb61f5de2856c27bbb149e75edb98cfb6e6c50107d

  • SSDEEP

    196608:dvg6YpjCa8BMHwNuD7PKUNwabNJvmrMQwHEFoWMq:dYXpkG6uDBuQjmrOHc

Score
10/10
cobaltstrikexmrigbackdoorminertrojan

Malware Config

Signatures

  • Cobalt Strike reflective loader 1 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Detects Reflective DLL injection artifacts 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 8 IoCs
  • XMRig Miner payload 8 IoCs
    miner
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 64 IoCs
  • Modifies Internet Explorer start page 1 TTPs 3 IoCs
    stealer
  • Modifies system certificate store 2 TTPs 11 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe"
    1⤵
    • Drops autorun.inf file
    • Drops file in Program Files directory
    • Modifies Internet Explorer start page
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    PID:1188
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4240 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2084

    Network

    • flag-us
      DNS
      en6yogdxz5mjo.x.pipedream.net
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      en6yogdxz5mjo.x.pipedream.net
      IN A
      Response
      en6yogdxz5mjo.x.pipedream.net
      IN A
      3.222.119.79
      en6yogdxz5mjo.x.pipedream.net
      IN A
      44.219.74.3
      en6yogdxz5mjo.x.pipedream.net
      IN A
      35.169.58.74
      en6yogdxz5mjo.x.pipedream.net
      IN A
      44.216.104.9
      en6yogdxz5mjo.x.pipedream.net
      IN A
      44.213.175.226
    • flag-us
      DNS
      abrakadabra.host
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      abrakadabra.host
      IN A
      Response
    • flag-us
      DNS
      79.119.222.3.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      79.119.222.3.in-addr.arpa
      IN PTR
      Response
      79.119.222.3.in-addr.arpa
      IN PTR
      ec2-3-222-119-79 compute-1 amazonawscom
    • flag-us
      DNS
      38.201.222.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      38.201.222.52.in-addr.arpa
      IN PTR
      Response
      38.201.222.52.in-addr.arpa
      IN PTR
      server-52-222-201-38cdg50r cloudfrontnet
    • flag-us
      DNS
      203.107.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      203.107.17.2.in-addr.arpa
      IN PTR
      Response
      203.107.17.2.in-addr.arpa
      IN PTR
      a2-17-107-203deploystaticakamaitechnologiescom
    • flag-us
      DNS
      pKsrJz.hwqtMQmbgsCUYpdKXWRv.readme.io
      Remote address:
      8.8.8.8:53
      Request
      pKsrJz.hwqtMQmbgsCUYpdKXWRv.readme.io
      IN A
      Response
      pKsrJz.hwqtMQmbgsCUYpdKXWRv.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      drive.google.com
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      drive.google.com
      IN A
      Response
      drive.google.com
      IN A
      142.250.187.238
    • flag-us
      DNS
      238.187.250.142.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      238.187.250.142.in-addr.arpa
      IN PTR
      Response
      238.187.250.142.in-addr.arpa
      IN PTR
      lhr25s34-in-f141e100net
    • flag-us
      DNS
      abrakadabra.host
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      abrakadabra.host
      IN A
      Response
    • flag-us
      DNS
      oSq.FKpGNQHRjqIeEnqrBjdW.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      oSq.FKpGNQHRjqIeEnqrBjdW.readme.io
      IN A
      Response
      oSq.FKpGNQHRjqIeEnqrBjdW.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      hDWOFwT.tpScYmDSzoIURKpyxyoi.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      hDWOFwT.tpScYmDSzoIURKpyxyoi.readme.io
      IN A
      Response
      hDWOFwT.tpScYmDSzoIURKpyxyoi.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      LCSeroSEPcx.FxDxsRUTBirqqDbbjRDe.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      LCSeroSEPcx.FxDxsRUTBirqqDbbjRDe.readme.io
      IN A
      Response
      LCSeroSEPcx.FxDxsRUTBirqqDbbjRDe.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.241.118
      cname.readmessl.com
      IN A
      104.16.242.118
    • flag-us
      DNS
      kfFSZQokTAUdx.GLkMLPBvUhDhajMJfGtE.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      kfFSZQokTAUdx.GLkMLPBvUhDhajMJfGtE.readme.io
      IN A
      Response
      kfFSZQokTAUdx.GLkMLPBvUhDhajMJfGtE.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      228.249.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      228.249.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      118.242.16.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      118.242.16.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      118.241.16.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      118.241.16.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      kampower.com
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      kampower.com
      IN A
      Response
      kampower.com
      IN A
      185.148.131.244
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      jmbvmwp.mxp4037.com
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      jmbvmwp.mxp4037.com
      IN A
      Response
    • flag-us
      DNS
      244.131.148.185.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      244.131.148.185.in-addr.arpa
      IN PTR
      Response
      244.131.148.185.in-addr.arpa
      IN PTR
      185148131244static a2webhostingcom
    • flag-us
      DNS
      UMV.UUzWdrLsMwZznUhgPjIz.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      UMV.UUzWdrLsMwZznUhgPjIz.readme.io
      IN A
      Response
      UMV.UUzWdrLsMwZznUhgPjIz.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      UUbFrTVeAQtr.bIYmoDKdVBhKoONKLxGN.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      UUbFrTVeAQtr.bIYmoDKdVBhKoONKLxGN.readme.io
      IN A
      Response
      UUbFrTVeAQtr.bIYmoDKdVBhKoONKLxGN.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      LqiY.rWlpIxycATILMhmSstch.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      LqiY.rWlpIxycATILMhmSstch.readme.io
      IN A
      Response
      LqiY.rWlpIxycATILMhmSstch.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      abrakadabra.host
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      abrakadabra.host
      IN A
      Response
    • flag-us
      DNS
      mega.nz
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      mega.nz
      IN A
      Response
      mega.nz
      IN A
      31.216.145.5
      mega.nz
      IN A
      31.216.144.5
    • flag-us
      DNS
      5.145.216.31.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      5.145.216.31.in-addr.arpa
      IN PTR
      Response
      5.145.216.31.in-addr.arpa
      IN PTR
      31-216-145-5ipdcluxcom
    • flag-us
      DNS
      CTvNgBoYfXYaWU.sGaShTuzurqTOzTOCVjg.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      CTvNgBoYfXYaWU.sGaShTuzurqTOzTOCVjg.readme.io
      IN A
      Response
      CTvNgBoYfXYaWU.sGaShTuzurqTOzTOCVjg.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.241.118
      cname.readmessl.com
      IN A
      104.16.242.118
    • flag-us
      DNS
      FGJeCHK.BKJpIwMEnTsFLyspJjva.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      FGJeCHK.BKJpIwMEnTsFLyspJjva.readme.io
      IN A
      Response
      FGJeCHK.BKJpIwMEnTsFLyspJjva.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      RXoCKn.VZmPJLiUOBmdSFNSDUkN.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      RXoCKn.VZmPJLiUOBmdSFNSDUkN.readme.io
      IN A
      Response
      RXoCKn.VZmPJLiUOBmdSFNSDUkN.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      ZUuiBrgveQrHZ.JDOzHeUfrvdkfZObYcEj.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      ZUuiBrgveQrHZ.JDOzHeUfrvdkfZObYcEj.readme.io
      IN A
      Response
      ZUuiBrgveQrHZ.JDOzHeUfrvdkfZObYcEj.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      ax.aSlfGErotpWiSkhbyJND.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      ax.aSlfGErotpWiSkhbyJND.readme.io
      IN A
      Response
      ax.aSlfGErotpWiSkhbyJND.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.241.118
      cname.readmessl.com
      IN A
      104.16.242.118
    • flag-us
      DNS
      xsi.AMYskOuDVizHSIdWYLRt.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      xsi.AMYskOuDVizHSIdWYLRt.readme.io
      IN A
      Response
      xsi.AMYskOuDVizHSIdWYLRt.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      abrakadabra.host
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      abrakadabra.host
      IN A
      Response
    • flag-us
      DNS
      codeload.github.com
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      codeload.github.com
      IN A
      Response
      codeload.github.com
      IN A
      20.26.156.216
    • flag-us
      DNS
      jmbvmwp.mxp4037.com
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      jmbvmwp.mxp4037.com
      IN A
      Response
    • flag-us
      DNS
      xwchn.net
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      xwchn.net
      IN A
      Response
    • flag-us
      DNS
      216.156.26.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      216.156.26.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      Quw.HXfEUSCZYyufmrPNTHWt.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      Quw.HXfEUSCZYyufmrPNTHWt.readme.io
      IN A
      Response
      Quw.HXfEUSCZYyufmrPNTHWt.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      WRTWBAbxzF.aFxuFzKogNIbKFXTxAkR.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      WRTWBAbxzF.aFxuFzKogNIbKFXTxAkR.readme.io
      IN A
      Response
      WRTWBAbxzF.aFxuFzKogNIbKFXTxAkR.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.241.118
      cname.readmessl.com
      IN A
      104.16.242.118
    • flag-us
      DNS
      BRYRZYvs.BzugWqHdrRchDIPjvXUm.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      BRYRZYvs.BzugWqHdrRchDIPjvXUm.readme.io
      IN A
      Response
      BRYRZYvs.BzugWqHdrRchDIPjvXUm.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      Sda.BbAgNVtMqfpcomPdKDvQ.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      Sda.BbAgNVtMqfpcomPdKDvQ.readme.io
      IN A
      Response
      Sda.BbAgNVtMqfpcomPdKDvQ.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      et.FtCfTdTQtLUcjabiIMHV.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      et.FtCfTdTQtLUcjabiIMHV.readme.io
      IN A
      Response
      et.FtCfTdTQtLUcjabiIMHV.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      uXBeuUikZxWOT.BstqFhgdiyCjlMdezXct.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      uXBeuUikZxWOT.BstqFhgdiyCjlMdezXct.readme.io
      IN A
      Response
      uXBeuUikZxWOT.BstqFhgdiyCjlMdezXct.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      GAClqErI.UXlaEuibWWWyVpDIBLnM.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      GAClqErI.UXlaEuibWWWyVpDIBLnM.readme.io
      IN A
      Response
      GAClqErI.UXlaEuibWWWyVpDIBLnM.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.241.118
      cname.readmessl.com
      IN A
      104.16.242.118
    • flag-us
      DNS
      241.150.49.20.in-addr.arpa
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      241.150.49.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      kMfaIgEw.UbVJQLyrMeosNCJXFNyk.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      kMfaIgEw.UbVJQLyrMeosNCJXFNyk.readme.io
      IN A
      Response
      kMfaIgEw.UbVJQLyrMeosNCJXFNyk.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      abrakadabra.host
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      abrakadabra.host
      IN A
      Response
    • flag-us
      DNS
      abrakadabra.host
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      abrakadabra.host
      IN A
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      abrakadabra.host
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      abrakadabra.host
      IN A
      Response
    • flag-us
      DNS
      gkTPn.AbKUxJpmYcEzKQRCbMUk.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      gkTPn.AbKUxJpmYcEzKQRCbMUk.readme.io
      IN A
      Response
      gkTPn.AbKUxJpmYcEzKQRCbMUk.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      hbZyntNSeBHEqk.MPLyIRzGvBiLhOuDvfln.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      hbZyntNSeBHEqk.MPLyIRzGvBiLhOuDvfln.readme.io
      IN A
      Response
      hbZyntNSeBHEqk.MPLyIRzGvBiLhOuDvfln.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      CSBxiz.yogYSDTmZsiJoexcdode.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      CSBxiz.yogYSDTmZsiJoexcdode.readme.io
      IN A
      Response
      CSBxiz.yogYSDTmZsiJoexcdode.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.241.118
      cname.readmessl.com
      IN A
      104.16.242.118
    • flag-us
      DNS
      EhjRwL.xdWXokTkQCWCnSJNajsT.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      EhjRwL.xdWXokTkQCWCnSJNajsT.readme.io
      IN A
      Response
      EhjRwL.xdWXokTkQCWCnSJNajsT.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      Sh.OIRXTfclZMPDQgxhKVmV.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      Sh.OIRXTfclZMPDQgxhKVmV.readme.io
      IN A
      Response
      Sh.OIRXTfclZMPDQgxhKVmV.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      foLqLrVXfXju.dCHUUErkTkAMPJcqOxqd.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      foLqLrVXfXju.dCHUUErkTkAMPJcqOxqd.readme.io
      IN A
      Response
      foLqLrVXfXju.dCHUUErkTkAMPJcqOxqd.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.241.118
      cname.readmessl.com
      IN A
      104.16.242.118
    • flag-us
      DNS
      wCWcDD.CCNPVmlzQeTTmpKPzQul.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      wCWcDD.CCNPVmlzQeTTmpKPzQul.readme.io
      IN A
      Response
      wCWcDD.CCNPVmlzQeTTmpKPzQul.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      idcomercial.com.br
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      idcomercial.com.br
      IN A
      Response
    • flag-us
      DNS
      jmbvmwp.mxp4037.com
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      jmbvmwp.mxp4037.com
      IN A
      Response
    • flag-us
      DNS
      UQQCxaSdLMeuc.LQnyzaNIzhixqMNZPaMr.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      UQQCxaSdLMeuc.LQnyzaNIzhixqMNZPaMr.readme.io
      IN A
      Response
      UQQCxaSdLMeuc.LQnyzaNIzhixqMNZPaMr.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      CFHJk.YNkFdlIpJXrXHErisbPT.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      CFHJk.YNkFdlIpJXrXHErisbPT.readme.io
      IN A
      Response
      CFHJk.YNkFdlIpJXrXHErisbPT.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      oQnewvDg.ajQJCYQAJpkntTWMjVJY.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      oQnewvDg.ajQJCYQAJpkntTWMjVJY.readme.io
      IN A
      Response
      oQnewvDg.ajQJCYQAJpkntTWMjVJY.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.241.118
      cname.readmessl.com
      IN A
      104.16.242.118
    • flag-us
      DNS
      llkAbkoTF.KhDnnoxTuRMSlynxRsjB.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      llkAbkoTF.KhDnnoxTuRMSlynxRsjB.readme.io
      IN A
      Response
      llkAbkoTF.KhDnnoxTuRMSlynxRsjB.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      abrakadabra.host
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      abrakadabra.host
      IN A
      Response
    • flag-us
      DNS
      2.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      t.SkeZXNGjcJGAaTJQXcoE.readme.io
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      t.SkeZXNGjcJGAaTJQXcoE.readme.io
      IN A
      Response
      t.SkeZXNGjcJGAaTJQXcoE.readme.io
      IN CNAME
      cname.readmessl.com
      cname.readmessl.com
      IN A
      104.16.242.118
      cname.readmessl.com
      IN A
      104.16.241.118
    • flag-us
      DNS
      abrakadabra.host
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      abrakadabra.host
      IN A
      Response
    • flag-us
      DNS
      raw.githubusercontent.com
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      raw.githubusercontent.com
      IN A
      Response
      raw.githubusercontent.com
      IN A
      185.199.108.133
      raw.githubusercontent.com
      IN A
      185.199.109.133
      raw.githubusercontent.com
      IN A
      185.199.110.133
      raw.githubusercontent.com
      IN A
      185.199.111.133
    • flag-us
      DNS
      133.108.199.185.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.108.199.185.in-addr.arpa
      IN PTR
      Response
      133.108.199.185.in-addr.arpa
      IN PTR
      cdn-185-199-108-133githubcom
    • flag-us
      DNS
      abrakadabra.host
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      abrakadabra.host
      IN A
      Response
    • flag-us
      DNS
      chromewebstore.googleapis.com
      Remote address:
      8.8.8.8:53
      Request
      chromewebstore.googleapis.com
      IN A
      Response
      chromewebstore.googleapis.com
      IN A
      142.250.178.10
      chromewebstore.googleapis.com
      IN A
      172.217.16.234
      chromewebstore.googleapis.com
      IN A
      142.250.200.10
      chromewebstore.googleapis.com
      IN A
      142.250.200.42
      chromewebstore.googleapis.com
      IN A
      216.58.201.106
      chromewebstore.googleapis.com
      IN A
      216.58.204.74
      chromewebstore.googleapis.com
      IN A
      216.58.213.10
      chromewebstore.googleapis.com
      IN A
      172.217.169.10
      chromewebstore.googleapis.com
      IN A
      142.250.179.234
      chromewebstore.googleapis.com
      IN A
      142.250.180.10
      chromewebstore.googleapis.com
      IN A
      142.250.187.202
      chromewebstore.googleapis.com
      IN A
      142.250.187.234
    • flag-us
      DNS
      chromewebstore.googleapis.com
      Remote address:
      8.8.8.8:53
      Request
      chromewebstore.googleapis.com
      IN Unknown
      Response
    • flag-us
      DNS
      104.219.191.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.219.191.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      10.178.250.142.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.178.250.142.in-addr.arpa
      IN PTR
      Response
      10.178.250.142.in-addr.arpa
      IN PTR
      lhr48s27-in-f101e100net
    • flag-us
      DNS
      www.jmxyc.com
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      www.jmxyc.com
      IN A
      Response
    • flag-us
      DNS
      www.jmxyc.com
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      www.jmxyc.com
      IN A
    • flag-us
      DNS
      11.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      154.239.44.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      154.239.44.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      106.246.116.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      106.246.116.51.in-addr.arpa
      IN PTR
      Response
    • 3.222.119.79:443
      en6yogdxz5mjo.x.pipedream.net
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      954 B
       6.0kB
       11
      11
    • 3.222.119.79:443
      en6yogdxz5mjo.x.pipedream.net
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      954 B
       6.0kB
       11
      11
    • 3.222.119.79:443
      en6yogdxz5mjo.x.pipedream.net
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      2.3kB
       7.1kB
       19
      20
    • 142.250.187.238:443
      drive.google.com
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      1.9kB
       11.2kB
       22
      26
    • 104.16.242.118:443
      oSq.FKpGNQHRjqIeEnqrBjdW.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      538 B
       219 B
       5
      5
    • 104.16.242.118:443
      hDWOFwT.tpScYmDSzoIURKpyxyoi.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      542 B
       219 B
       5
      5
    • 104.16.241.118:443
      LCSeroSEPcx.FxDxsRUTBirqqDbbjRDe.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      546 B
       219 B
       5
      5
    • 104.16.242.118:443
      kfFSZQokTAUdx.GLkMLPBvUhDhajMJfGtE.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      548 B
       219 B
       5
      5
    • 185.148.131.244:443
      kampower.com
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      1.5kB
       11.6kB
       20
      23
    • 104.16.242.118:443
      UMV.UUzWdrLsMwZznUhgPjIz.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      538 B
       219 B
       5
      5
    • 104.16.242.118:443
      UUbFrTVeAQtr.bIYmoDKdVBhKoONKLxGN.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      547 B
       219 B
       5
      5
    • 104.16.242.118:443
      LqiY.rWlpIxycATILMhmSstch.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      539 B
       219 B
       5
      5
    • 31.216.145.5:443
      mega.nz
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      857 B
       5.5kB
       9
      9
    • 104.16.241.118:443
      CTvNgBoYfXYaWU.sGaShTuzurqTOzTOCVjg.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      549 B
       219 B
       5
      5
    • 104.16.242.118:443
      FGJeCHK.BKJpIwMEnTsFLyspJjva.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      542 B
       219 B
       5
      5
    • 104.16.242.118:443
      RXoCKn.VZmPJLiUOBmdSFNSDUkN.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      541 B
       219 B
       5
      5
    • 104.16.242.118:443
      ZUuiBrgveQrHZ.JDOzHeUfrvdkfZObYcEj.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      600 B
       219 B
       6
      5
    • 104.16.241.118:443
      ax.aSlfGErotpWiSkhbyJND.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      537 B
       219 B
       5
      5
    • 104.16.242.118:443
      xsi.AMYskOuDVizHSIdWYLRt.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      538 B
       219 B
       5
      5
    • 20.26.156.216:443
      codeload.github.com
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      90.9kB
       4.5MB
       1878
      3199
    • 104.16.242.118:443
      Quw.HXfEUSCZYyufmrPNTHWt.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      538 B
       219 B
       5
      5
    • 104.16.242.118:443
      pKsrJz.hwqtMQmbgsCUYpdKXWRv.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      541 B
       219 B
       5
      5
    • 104.16.241.118:443
      WRTWBAbxzF.aFxuFzKogNIbKFXTxAkR.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      545 B
       219 B
       5
      5
    • 104.16.242.118:443
      BRYRZYvs.BzugWqHdrRchDIPjvXUm.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      543 B
       219 B
       5
      5
    • 104.16.242.118:443
      Sda.BbAgNVtMqfpcomPdKDvQ.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      538 B
       219 B
       5
      5
    • 104.16.242.118:443
      et.FtCfTdTQtLUcjabiIMHV.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      537 B
       219 B
       5
      5
    • 104.16.242.118:443
      uXBeuUikZxWOT.BstqFhgdiyCjlMdezXct.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      548 B
       219 B
       5
      5
    • 104.16.241.118:443
      GAClqErI.UXlaEuibWWWyVpDIBLnM.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      543 B
       219 B
       5
      5
    • 104.16.242.118:443
      kMfaIgEw.UbVJQLyrMeosNCJXFNyk.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      543 B
       219 B
       5
      5
    • 104.16.242.118:443
      gkTPn.AbKUxJpmYcEzKQRCbMUk.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      540 B
       219 B
       5
      5
    • 104.16.242.118:443
      hbZyntNSeBHEqk.MPLyIRzGvBiLhOuDvfln.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      549 B
       219 B
       5
      5
    • 104.16.241.118:443
      CSBxiz.yogYSDTmZsiJoexcdode.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      541 B
       219 B
       5
      5
    • 104.16.242.118:443
      EhjRwL.xdWXokTkQCWCnSJNajsT.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      541 B
       219 B
       5
      5
    • 104.16.242.118:443
      Sh.OIRXTfclZMPDQgxhKVmV.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      537 B
       219 B
       5
      5
    • 104.16.241.118:443
      foLqLrVXfXju.dCHUUErkTkAMPJcqOxqd.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      547 B
       219 B
       5
      5
    • 104.16.242.118:443
      wCWcDD.CCNPVmlzQeTTmpKPzQul.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      541 B
       219 B
       5
      5
    • 104.16.242.118:443
      UQQCxaSdLMeuc.LQnyzaNIzhixqMNZPaMr.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      548 B
       219 B
       5
      5
    • 104.16.242.118:443
      CFHJk.YNkFdlIpJXrXHErisbPT.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      540 B
       219 B
       5
      5
    • 104.16.241.118:443
      oQnewvDg.ajQJCYQAJpkntTWMjVJY.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      543 B
       219 B
       5
      5
    • 104.16.242.118:443
      llkAbkoTF.KhDnnoxTuRMSlynxRsjB.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      544 B
       219 B
       5
      5
    • 31.216.145.5:443
      mega.nz
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      811 B
       5.4kB
       8
      8
    • 185.148.131.244:443
      kampower.com
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      1.4kB
       11.3kB
       18
      22
    • 104.16.242.118:443
      t.SkeZXNGjcJGAaTJQXcoE.readme.io
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      536 B
       219 B
       5
      5
    • 185.199.108.133:443
      raw.githubusercontent.com
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      6.2kB
       256.4kB
       118
      192
    • 31.216.145.5:443
      mega.nz
      tls
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      811 B
       5.4kB
       8
      8
    • 142.250.178.10:443
      chromewebstore.googleapis.com
      tls
      1.9kB
       7.9kB
       16
      17
    • 8.8.8.8:53
      en6yogdxz5mjo.x.pipedream.net
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      75 B
       155 B
       1
      1

      DNS Request

      en6yogdxz5mjo.x.pipedream.net

      DNS Response

      3.222.119.79
      44.219.74.3
      35.169.58.74
      44.216.104.9
      44.213.175.226

    • 8.8.8.8:53
      abrakadabra.host
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      62 B
       127 B
       1
      1

      DNS Request

      abrakadabra.host

    • 8.8.8.8:53
      79.119.222.3.in-addr.arpa
      dns
      71 B
       125 B
       1
      1

      DNS Request

      79.119.222.3.in-addr.arpa

    • 8.8.8.8:53
      38.201.222.52.in-addr.arpa
      dns
      72 B
       129 B
       1
      1

      DNS Request

      38.201.222.52.in-addr.arpa

    • 8.8.8.8:53
      203.107.17.2.in-addr.arpa
      dns
      154 B
       283 B
       2
      2

      DNS Request

      203.107.17.2.in-addr.arpa

      DNS Request

      pKsrJz.hwqtMQmbgsCUYpdKXWRv.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      drive.google.com
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      62 B
       78 B
       1
      1

      DNS Request

      drive.google.com

      DNS Response

      142.250.187.238

    • 8.8.8.8:53
      238.187.250.142.in-addr.arpa
      dns
      74 B
       113 B
       1
      1

      DNS Request

      238.187.250.142.in-addr.arpa

    • 8.8.8.8:53
      abrakadabra.host
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      62 B
       127 B
       1
      1

      DNS Request

      abrakadabra.host

    • 8.8.8.8:53
      oSq.FKpGNQHRjqIeEnqrBjdW.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      80 B
       145 B
       1
      1

      DNS Request

      oSq.FKpGNQHRjqIeEnqrBjdW.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      hDWOFwT.tpScYmDSzoIURKpyxyoi.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      84 B
       149 B
       1
      1

      DNS Request

      hDWOFwT.tpScYmDSzoIURKpyxyoi.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      LCSeroSEPcx.FxDxsRUTBirqqDbbjRDe.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      88 B
       153 B
       1
      1

      DNS Request

      LCSeroSEPcx.FxDxsRUTBirqqDbbjRDe.readme.io

      DNS Response

      104.16.241.118
      104.16.242.118

    • 8.8.8.8:53
      kfFSZQokTAUdx.GLkMLPBvUhDhajMJfGtE.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      90 B
       155 B
       1
      1

      DNS Request

      kfFSZQokTAUdx.GLkMLPBvUhDhajMJfGtE.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      228.249.119.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      228.249.119.40.in-addr.arpa

    • 8.8.8.8:53
      118.242.16.104.in-addr.arpa
      dns
      73 B
       135 B
       1
      1

      DNS Request

      118.242.16.104.in-addr.arpa

    • 8.8.8.8:53
      118.241.16.104.in-addr.arpa
      dns
      73 B
       135 B
       1
      1

      DNS Request

      118.241.16.104.in-addr.arpa

    • 8.8.8.8:53
      kampower.com
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      58 B
       74 B
       1
      1

      DNS Request

      kampower.com

      DNS Response

      185.148.131.244

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      240.221.184.93.in-addr.arpa

    • 8.8.8.8:53
      jmbvmwp.mxp4037.com
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      65 B
       138 B
       1
      1

      DNS Request

      jmbvmwp.mxp4037.com

    • 8.8.8.8:53
      244.131.148.185.in-addr.arpa
      dns
      74 B
       127 B
       1
      1

      DNS Request

      244.131.148.185.in-addr.arpa

    • 8.8.8.8:53
      UMV.UUzWdrLsMwZznUhgPjIz.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      80 B
       145 B
       1
      1

      DNS Request

      UMV.UUzWdrLsMwZznUhgPjIz.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      UUbFrTVeAQtr.bIYmoDKdVBhKoONKLxGN.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      89 B
       154 B
       1
      1

      DNS Request

      UUbFrTVeAQtr.bIYmoDKdVBhKoONKLxGN.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      LqiY.rWlpIxycATILMhmSstch.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      81 B
       146 B
       1
      1

      DNS Request

      LqiY.rWlpIxycATILMhmSstch.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      abrakadabra.host
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      62 B
       127 B
       1
      1

      DNS Request

      abrakadabra.host

    • 8.8.8.8:53
      mega.nz
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      53 B
       85 B
       1
      1

      DNS Request

      mega.nz

      DNS Response

      31.216.145.5
      31.216.144.5

    • 8.8.8.8:53
      5.145.216.31.in-addr.arpa
      dns
      71 B
       110 B
       1
      1

      DNS Request

      5.145.216.31.in-addr.arpa

    • 8.8.8.8:53
      CTvNgBoYfXYaWU.sGaShTuzurqTOzTOCVjg.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      91 B
       156 B
       1
      1

      DNS Request

      CTvNgBoYfXYaWU.sGaShTuzurqTOzTOCVjg.readme.io

      DNS Response

      104.16.241.118
      104.16.242.118

    • 8.8.8.8:53
      FGJeCHK.BKJpIwMEnTsFLyspJjva.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      84 B
       149 B
       1
      1

      DNS Request

      FGJeCHK.BKJpIwMEnTsFLyspJjva.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      RXoCKn.VZmPJLiUOBmdSFNSDUkN.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      83 B
       148 B
       1
      1

      DNS Request

      RXoCKn.VZmPJLiUOBmdSFNSDUkN.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      ZUuiBrgveQrHZ.JDOzHeUfrvdkfZObYcEj.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      90 B
       155 B
       1
      1

      DNS Request

      ZUuiBrgveQrHZ.JDOzHeUfrvdkfZObYcEj.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      ax.aSlfGErotpWiSkhbyJND.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      79 B
       144 B
       1
      1

      DNS Request

      ax.aSlfGErotpWiSkhbyJND.readme.io

      DNS Response

      104.16.241.118
      104.16.242.118

    • 8.8.8.8:53
      xsi.AMYskOuDVizHSIdWYLRt.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      80 B
       145 B
       1
      1

      DNS Request

      xsi.AMYskOuDVizHSIdWYLRt.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      abrakadabra.host
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      62 B
       127 B
       1
      1

      DNS Request

      abrakadabra.host

    • 8.8.8.8:53
      codeload.github.com
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      65 B
       81 B
       1
      1

      DNS Request

      codeload.github.com

      DNS Response

      20.26.156.216

    • 8.8.8.8:53
      jmbvmwp.mxp4037.com
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      65 B
       138 B
       1
      1

      DNS Request

      jmbvmwp.mxp4037.com

    • 8.8.8.8:53
      xwchn.net
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      55 B
       128 B
       1
      1

      DNS Request

      xwchn.net

    • 8.8.8.8:53
      216.156.26.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      216.156.26.20.in-addr.arpa

    • 8.8.8.8:53
      Quw.HXfEUSCZYyufmrPNTHWt.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      80 B
       145 B
       1
      1

      DNS Request

      Quw.HXfEUSCZYyufmrPNTHWt.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      WRTWBAbxzF.aFxuFzKogNIbKFXTxAkR.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      87 B
       152 B
       1
      1

      DNS Request

      WRTWBAbxzF.aFxuFzKogNIbKFXTxAkR.readme.io

      DNS Response

      104.16.241.118
      104.16.242.118

    • 8.8.8.8:53
      BRYRZYvs.BzugWqHdrRchDIPjvXUm.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      85 B
       150 B
       1
      1

      DNS Request

      BRYRZYvs.BzugWqHdrRchDIPjvXUm.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      Sda.BbAgNVtMqfpcomPdKDvQ.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      80 B
       145 B
       1
      1

      DNS Request

      Sda.BbAgNVtMqfpcomPdKDvQ.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      et.FtCfTdTQtLUcjabiIMHV.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      79 B
       144 B
       1
      1

      DNS Request

      et.FtCfTdTQtLUcjabiIMHV.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      uXBeuUikZxWOT.BstqFhgdiyCjlMdezXct.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      90 B
       155 B
       1
      1

      DNS Request

      uXBeuUikZxWOT.BstqFhgdiyCjlMdezXct.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      GAClqErI.UXlaEuibWWWyVpDIBLnM.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      157 B
       308 B
       2
      2

      DNS Request

      GAClqErI.UXlaEuibWWWyVpDIBLnM.readme.io

      DNS Response

      104.16.241.118
      104.16.242.118

      DNS Request

      241.150.49.20.in-addr.arpa

    • 8.8.8.8:53
      kMfaIgEw.UbVJQLyrMeosNCJXFNyk.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      85 B
       150 B
       1
      1

      DNS Request

      kMfaIgEw.UbVJQLyrMeosNCJXFNyk.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      abrakadabra.host
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      62 B
       127 B
       1
      1

      DNS Request

      abrakadabra.host

    • 8.8.8.8:53
      abrakadabra.host
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      62 B
       127 B
       1
      1

      DNS Request

      abrakadabra.host

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      56.126.166.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      56.126.166.20.in-addr.arpa

    • 8.8.8.8:53
      abrakadabra.host
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      62 B
       127 B
       1
      1

      DNS Request

      abrakadabra.host

    • 8.8.8.8:53
      gkTPn.AbKUxJpmYcEzKQRCbMUk.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      82 B
       147 B
       1
      1

      DNS Request

      gkTPn.AbKUxJpmYcEzKQRCbMUk.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      hbZyntNSeBHEqk.MPLyIRzGvBiLhOuDvfln.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      91 B
       156 B
       1
      1

      DNS Request

      hbZyntNSeBHEqk.MPLyIRzGvBiLhOuDvfln.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      CSBxiz.yogYSDTmZsiJoexcdode.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      83 B
       148 B
       1
      1

      DNS Request

      CSBxiz.yogYSDTmZsiJoexcdode.readme.io

      DNS Response

      104.16.241.118
      104.16.242.118

    • 8.8.8.8:53
      EhjRwL.xdWXokTkQCWCnSJNajsT.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      83 B
       148 B
       1
      1

      DNS Request

      EhjRwL.xdWXokTkQCWCnSJNajsT.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      Sh.OIRXTfclZMPDQgxhKVmV.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      79 B
       144 B
       1
      1

      DNS Request

      Sh.OIRXTfclZMPDQgxhKVmV.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      foLqLrVXfXju.dCHUUErkTkAMPJcqOxqd.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      89 B
       154 B
       1
      1

      DNS Request

      foLqLrVXfXju.dCHUUErkTkAMPJcqOxqd.readme.io

      DNS Response

      104.16.241.118
      104.16.242.118

    • 8.8.8.8:53
      wCWcDD.CCNPVmlzQeTTmpKPzQul.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      83 B
       148 B
       1
      1

      DNS Request

      wCWcDD.CCNPVmlzQeTTmpKPzQul.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      idcomercial.com.br
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      64 B
       126 B
       1
      1

      DNS Request

      idcomercial.com.br

    • 8.8.8.8:53
      jmbvmwp.mxp4037.com
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      65 B
       138 B
       1
      1

      DNS Request

      jmbvmwp.mxp4037.com

    • 8.8.8.8:53
      UQQCxaSdLMeuc.LQnyzaNIzhixqMNZPaMr.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      90 B
       155 B
       1
      1

      DNS Request

      UQQCxaSdLMeuc.LQnyzaNIzhixqMNZPaMr.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      CFHJk.YNkFdlIpJXrXHErisbPT.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      82 B
       147 B
       1
      1

      DNS Request

      CFHJk.YNkFdlIpJXrXHErisbPT.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      oQnewvDg.ajQJCYQAJpkntTWMjVJY.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      85 B
       150 B
       1
      1

      DNS Request

      oQnewvDg.ajQJCYQAJpkntTWMjVJY.readme.io

      DNS Response

      104.16.241.118
      104.16.242.118

    • 8.8.8.8:53
      llkAbkoTF.KhDnnoxTuRMSlynxRsjB.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      86 B
       151 B
       1
      1

      DNS Request

      llkAbkoTF.KhDnnoxTuRMSlynxRsjB.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      abrakadabra.host
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      62 B
       127 B
       1
      1

      DNS Request

      abrakadabra.host

    • 8.8.8.8:53
      2.159.190.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      2.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      t.SkeZXNGjcJGAaTJQXcoE.readme.io
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      78 B
       143 B
       1
      1

      DNS Request

      t.SkeZXNGjcJGAaTJQXcoE.readme.io

      DNS Response

      104.16.242.118
      104.16.241.118

    • 8.8.8.8:53
      abrakadabra.host
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      62 B
       127 B
       1
      1

      DNS Request

      abrakadabra.host

    • 8.8.8.8:53
      raw.githubusercontent.com
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      71 B
       135 B
       1
      1

      DNS Request

      raw.githubusercontent.com

      DNS Response

      185.199.108.133
      185.199.109.133
      185.199.110.133
      185.199.111.133

    • 8.8.8.8:53
      133.108.199.185.in-addr.arpa
      dns
      74 B
       118 B
       1
      1

      DNS Request

      133.108.199.185.in-addr.arpa

    • 8.8.8.8:53
      abrakadabra.host
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      62 B
       127 B
       1
      1

      DNS Request

      abrakadabra.host

    • 8.8.8.8:53
      chromewebstore.googleapis.com
      dns
      75 B
       267 B
       1
      1

      DNS Request

      chromewebstore.googleapis.com

      DNS Response

      142.250.178.10
      172.217.16.234
      142.250.200.10
      142.250.200.42
      216.58.201.106
      216.58.204.74
      216.58.213.10
      172.217.169.10
      142.250.179.234
      142.250.180.10
      142.250.187.202
      142.250.187.234

    • 8.8.8.8:53
      chromewebstore.googleapis.com
      dns
      75 B
       132 B
       1
      1

      DNS Request

      chromewebstore.googleapis.com

    • 8.8.8.8:53
      104.219.191.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      104.219.191.52.in-addr.arpa

    • 8.8.8.8:53
      10.178.250.142.in-addr.arpa
      dns
      73 B
       112 B
       1
      1

      DNS Request

      10.178.250.142.in-addr.arpa

    • 8.8.8.8:53
      www.jmxyc.com
      dns
      2024-05-23_beadc15a71f71f86a5cd7f1c92bbb457_cobalt-strike_cobaltstrike_xmrig.exe
      118 B
       132 B
       2
      1

      DNS Request

      www.jmxyc.com

      DNS Request

      www.jmxyc.com

    • 8.8.8.8:53
      11.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      11.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      154.239.44.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      154.239.44.20.in-addr.arpa

    • 8.8.8.8:53
      106.246.116.51.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      106.246.116.51.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\7-Zip\7-zip32.dll
      Filesize

      11.3MB

      MD5

      ea8cdf480e99fb42502891b7c52e0868

      SHA1

      55b8e0c8ff9cb341124a1a041c17f57b856bab93

      SHA256

      45b232e022c7bb1f6fb56d6b30ed0fbba381cce4cac5f72a26c74062ef444410

      SHA512

      6cf899d6b3dad4b7e98b74cae1ad936b243f5e9e3b7e95418922dc62ae9cb7c91569db23e07027e78830ed14ff9b5b4d595328fd930cb03797f9fb1092ab6de9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
      Filesize

      1KB

      MD5

      55540a230bdab55187a841cfe1aa1545

      SHA1

      363e4734f757bdeb89868efe94907774a327695e

      SHA256

      d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

      SHA512

      c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
      Filesize

      230B

      MD5

      df49f14eac105d1654b807c43369e409

      SHA1

      5745662d5041ac6efdc9606af612b368edd975cc

      SHA256

      46d4a4d58c39ca53c8b44be683d02e7ab846580604cd16f070a8e839ee227e57

      SHA512

      abf429a009c9aa6bb91f7201735b604dfed508c1f8aee372f62d2f2b10500ed41d9e41c296be0b925bf714eee6e67faf0a33c80ff314f4afd68b55cfdebd0c73

      Download Submit

    • memory/1188-204-0x0000000000400000-0x00000000010B2000-memory.dmp

      Filesize

      12.7MB

      Download

    • memory/1188-110-0x0000000000400000-0x00000000010B2000-memory.dmp

      Filesize

      12.7MB

      Download

    • memory/1188-148-0x0000000000400000-0x00000000010B2000-memory.dmp

      Filesize

      12.7MB

      Download

    • memory/1188-0-0x00000000001B0000-0x00000000001C0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1188-258-0x0000000000400000-0x00000000010B2000-memory.dmp

      Filesize

      12.7MB

      Download

    • memory/1188-338-0x0000000000400000-0x00000000010B2000-memory.dmp

      Filesize

      12.7MB

      Download

    • memory/1188-373-0x0000000000060000-0x0000000000062000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1188-377-0x00000000001D0000-0x00000000001F2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/1188-378-0x0000000006810000-0x0000000006811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1188-379-0x0000000000401000-0x0000000000A18000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/1188-380-0x0000000000400000-0x00000000010B2000-memory.dmp

      Filesize

      12.7MB

      Download

    • memory/1188-382-0x0000000000400000-0x00000000010B2000-memory.dmp

      Filesize

      12.7MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.