{
    "date": "2026-03-27T15:12:23",
    "timestamp": 1774620743.5926487,
    "hash": "327629c21782f90f4bd5f7c0779d05e9dbe87244dbf6bbef6703293700f2a620",
    "source": "malwarebazaar",
    "version": "Cobalt Strike 3.8 (May 23, 2017)",
    "watermark": null,
    "trial": true,
    "protocol": "dns",
    "settings": {
        "SETTING_PROTOCOL": 1,
        "SETTING_PORT": 443,
        "SETTING_SLEEPTIME": 5000,
        "SETTING_MAXGET": 1048576,
        "SETTING_JITTER": 0,
        "SETTING_MAXDNS": 255,
        "SETTING_PUBKEY": "48ce3db239a851e2cb8b79ce22cea1babe5d55b36af2e6b6e2f6b67fa59e9c7a",
        "SETTING_DOMAINS": "ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",
        "SETTING_USERAGENT": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
        "SETTING_SUBMITURI": "/N4215/adj/amzn.us.sr.aps",
        "SETTING_C2_RECOVER": [
            [
                "print",
                true
            ]
        ],
        "SETTING_C2_REQUEST": [
            [
                "_HEADER",
                "Accept: */*"
            ],
            [
                "_HEADER",
                "Host: www.amazon.com"
            ],
            [
                "BUILD",
                "metadata"
            ],
            [
                "BASE64",
                true
            ],
            [
                "PREPEND",
                "session-token="
            ],
            [
                "PREPEND",
                "skin=noskin;"
            ],
            [
                "APPEND",
                "csm-hit=s-24KU11BB82RZSYGJ3BDK|1419899012996"
            ],
            [
                "HEADER",
                "Cookie"
            ]
        ],
        "SETTING_C2_POSTREQ": [
            [
                "_HEADER",
                "Accept: */*"
            ],
            [
                "_HEADER",
                "Content-Type: text/xml"
            ],
            [
                "_HEADER",
                "X-Requested-With: XMLHttpRequest"
            ],
            [
                "_HEADER",
                "Host: www.amazon.com"
            ],
            [
                "_PARAMETER",
                "sz=160x600"
            ],
            [
                "_PARAMETER",
                "oe=oe=ISO-8859-1;"
            ],
            [
                "BUILD",
                "id"
            ],
            [
                "PARAMETER",
                "sn"
            ],
            [
                "_PARAMETER",
                "s=3717"
            ],
            [
                "_PARAMETER",
                "dc_ref=http%3A%2F%2Fwww.amazon.com"
            ],
            [
                "BUILD",
                "output"
            ],
            [
                "BASE64",
                true
            ],
            [
                "PRINT",
                true
            ]
        ],
        "SETTING_SPAWNTO_X86": "%windir%\\syswow64\\rundll32.exe",
        "SETTING_SPAWNTO_X64": "%windir%\\sysnative\\rundll32.exe",
        "SETTING_PIPENAME": "\\\\%s\\pipe\\msagent_%x",
        "SETTING_CRYPTO_SCHEME": 1,
        "SETTING_DNS_IDLE": "0.0.0.0",
        "SETTING_DNS_SLEEP": 0,
        "SETTING_C2_VERB_GET": "GET",
        "SETTING_C2_VERB_POST": "POST",
        "SETTING_C2_CHUNK_POST": 0,
        "SETTING_PROXY_BEHAVIOR": 2,
        "SETTING_BOF_ALLOCATOR": "VirtualAlloc",
        "SETTING_SYSCALL_METHOD": 0,
        "SETTING_KILLDATE_DAY": 0,
        "SETTING_INJECT_OPTIONS": 3
    }
}