JSON Logging


Actions taken during an operation are logged into two sets of logging files. The first tracks events on the C2, such as new implant check-ins, creation of various metadata, errors, etc. The second file tracks commands and the output. This includes commands issued via the interactive terminal on the client.
These files are located on the teamserver under the Logs folder.
All timestamped events are in UTC.
The JSON is line separated. Sending it to a program like jq will give a pretty print