Skip to content

Instantly share code, notes, and snippets.

@usualsuspect

usualsuspect/pika_dns_cobaltstrike.txt

Created November 29, 2023 15:04
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save usualsuspect/3c047f771144b600b9ffe9ed8bedc4be to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save usualsuspect/3c047f771144b600b9ffe9ed8bedc4be to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. usualsuspect created this gist Nov 29, 2023.
    67 changes: 67 additions & 0 deletions pika_dns_cobaltstrike.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,67 @@
    BeaconType - Hybrid HTTP DNS
    Port - 1
    SleepTime - 5000
    MaxGetSize - 2798028
    Jitter - 45
    MaxDNS - 247
    PublicKey_MD5 - d94a9ed1b7edf342d1723b57a8485051
    C2Server - dns.ionoslaba.com,/dev/coke/CQHL5IYQF
    UserAgent - Not Found
    HttpPostUri - Not Found
    Malleable_C2_Instructions - Not Found
    HttpGet_Metadata - Not Found
    HttpPost_Metadata - Not Found
    PipeName - Not Found
    DNS_Idle - 207.246.79.109
    DNS_Sleep - 0
    SSH_Host - Not Found
    SSH_Port - Not Found
    SSH_Username - Not Found
    SSH_Password_Plaintext - Not Found
    SSH_Password_Pubkey - Not Found
    SSH_Banner -
    HttpGet_Verb - GET
    HttpPost_Verb - POST
    HttpPostChunk - 0
    Spawnto_x86 - %windir%\syswow64\w32tm.exe
    Spawnto_x64 - %windir%\sysnative\systray.exe
    CryptoScheme - 0
    Proxy_Config - Not Found
    Proxy_User - Not Found
    Proxy_Password - Not Found
    Proxy_Behavior - Use IE settings
    Watermark_Hash - 3Hh1YX4vT3i5C7L2sn7K4Q==
    Watermark - 587247372
    bStageCleanup - True
    bCFGCaution - False
    KillDate - 0
    bProcInject_StartRWX - False
    bProcInject_UseRWX - True
    bProcInject_MinAllocSize - 6477
    ProcInject_PrependAppend_x86 - b'f\x0f\x1fD\x00\x00f\x0f\x1fD\x00\x00PX\x0f\x1f\x00f\x0f\x1fD\x00\x00f\x0f\x1f\x84\x00\x00\x00\x00\x00\x0f\x1fD\x00\x00\x0f\x1f\x00\x90\x0f\x1f\x84\x00\x00\x00\x00\x00\x0f\x1fD\x00\x00\x0f\x1f\x80\x00\x00\x00\x00\x90\x0f\x1fD\x00\x00\x0f\x1fD\x00\x00f\x90\x0f\x1fD\x00\x00PX\x0f\x1f\x84\x00\x00\x00\x00\x00'
    b'\x0f\x1fD\x00\x00PX\x0f\x1fD\x00\x00f\x0f\x1f\x84\x00\x00\x00\x00\x00\x0f\x1f\x84\x00\x00\x00\x00\x00\x0f\x1f\x80\x00\x00\x00\x00\x0f\x1f@\x00\x90\x90\x0f\x1f@\x00f\x0f\x1f\x84\x00\x00\x00\x00\x00\x0f\x1f\x80\x00\x00\x00\x00\x0f\x1fD\x00\x00f\x90\x90f\x0f\x1f\x84\x00\x00\x00\x00\x00f\x90f\x0f\x1f\x84\x00\x00\x00\x00\x00\x0f\x1fD\x00\x00'
    ProcInject_PrependAppend_x64 - b'\x0f\x1f\x84\x00\x00\x00\x00\x00PXf\x0f\x1f\x84\x00\x00\x00\x00\x00\x0f\x1fD\x00\x00\x0f\x1fD\x00\x00PXf\x0f\x1fD\x00\x00f\x0f\x1fD\x00\x00\x90f\x0f\x1f\x84\x00\x00\x00\x00\x00f\x0f\x1f\x84\x00\x00\x00\x00\x00PX'
    b'f\x0f\x1f\x84\x00\x00\x00\x00\x00\x0f\x1f@\x00\x0f\x1f\x00\x0f\x1f\x00\x0f\x1f\x84\x00\x00\x00\x00\x00\x90f\x90\x0f\x1f\x00f\x90\x0f\x1fD\x00\x00\x0f\x1f\x84\x00\x00\x00\x00\x00f\x0f\x1fD\x00\x00\x0f\x1fD\x00\x00\x0f\x1f\x00\x0f\x1f\x84\x00\x00\x00\x00\x00\x0f\x1f\x00\x0f\x1f\x80\x00\x00\x00\x00PX'
    ProcInject_Execute - ntdll:RtlUserThreadStart
    CreateThread
    NtQueueApcThread-s
    CreateRemoteThread
    RtlCreateUserThread
    ProcInject_AllocationMethod - VirtualAllocEx
    bUsesCookies - True
    HostHeader -
    headersToRemove - Not Found
    DNS_Beaconing - ridoj4.
    DNS_get_TypeA - 4f.
    DNS_get_TypeAAAA - 8yvb.
    DNS_get_TypeTXT - lnx.
    DNS_put_metadata - hme.
    DNS_put_output - hbzpj.
    DNS_resolver -
    DNS_strategy - round-robin
    DNS_strategy_rotate_seconds - -1
    DNS_strategy_fail_x - -1
    DNS_strategy_fail_seconds - -1
    Retry_Max_Attempts - 0
    Retry_Increase_Attempts - 0
    Retry_Duration - 0