I drink and I look for Cobalt Strike.
Joined February 2021
- Tweets 4,539
- Following 0
- Followers 2,184
- Likes 4
1 Photos and videos
8 Jun 2023
Well, it's been a fun project, but sadly it appears that the end is here. Due to the restrictions on Twitter API access, the bot can no longer tweet, and it may be a good time to wind the project down.
3
3
21
29,047
22 May 2023
50 Cobalt Strike stage 2 IP's, with 47 unique configurations, identified today. Find them here: pastebin.com/k6GTSgej
Warning: These IP's have not been vetted, block at your own risk.
1
3
20,565
22 May 2023
45 Cobalt Strike C2's identified today. Find them here: pastebin.com/yjeAGL2H
Warning: These IP's have not been vetted, block at your own risk.
1
2
19,604
22 May 2023
Today's 5 least common Spawn_to values:
%windir%\sysnative\wermgr.exe
%windir%\sysnative\gpupdate.exe
%windir%\system32\rundll32.exe
c:\windows\system32\rundll32.exe
%windir%\sysnative\rundll32.exe
1
2
19,270
22 May 2023
Today's 5 most common Spawn_to values:
%windir%\sysnative\rundll32.exe
c:\windows\system32\rundll32.exe
%windir%\system32\rundll32.exe
%windir%\sysnative\gpupdate.exe
%windir%\sysnative\wermgr.exe
1
1
18,951
22 May 2023
Today's 10 most common watermarks:
100000, 14
0, 7
391144938, 6
12345, 4
426352781, 3
1580103824, 3
1049482653, 2
2130772225, 1
897093148, 1
668694132, 1
1
17,996
22 May 2023
Today's 10 most common second stage ASNs:
AS40065, 20
AS36352, 12
AS8075, 8
AS29551, 6
AS132203, 6
AS14061, 4
AS64050, 4
AS45102, 4
AS142403, 4
AS14618, 4
1
17,891
20 May 2023
139 Cobalt Strike stage 2 IP's, with 137 unique configurations, identified today. Find them here: pastebin.com/pNNk9gJh
Warning: These IP's have not been vetted, block at your own risk.
1
17,835
20 May 2023
133 Cobalt Strike C2's identified today. Find them here: pastebin.com/SN6V2Qce
Warning: These IP's have not been vetted, block at your own risk.
17,765
20 May 2023
Today's 5 least common Spawn_to values:
%windir%\sysnative\wermgr.exe
%windir%\sysnative\gpupdate.exe
%windir%\system32\rundll32.exe
%windir%\sysnative\wuauclt.exe
c:\windows\system32\rundll32.exe
1
17,684
20 May 2023
Today's 5 most common Spawn_to values:
%windir%\sysnative\rundll32.exe
c:\windows\system32\rundll32.exe
%windir%\sysnative\wuauclt.exe
%windir%\system32\rundll32.exe
%windir%\sysnative\gpupdate.exe
17,694
20 May 2023
Today's 10 most common watermarks:
100000, 30
1234567890, 30
391144938, 18
0, 18
305419896, 12
426352781, 7
987654321, 5
12345, 3
666666, 3
1580103824, 3
17,521
20 May 2023
Today's 10 most common second stage ASNs:
AS45090, 116
AS37963, 41
AS40065, 20
AS55990, 14
AS36352, 12
AS8075, 8
AS132203, 6
AS131685, 6
AS4812, 4
AS64050, 4
1
17,532
19 May 2023
142 Cobalt Strike stage 2 IP's, with 142 unique configurations, identified today. Find them here: pastebin.com/jtQ5Ayni
Warning: These IP's have not been vetted, block at your own risk.
1
17,526
19 May 2023
136 Cobalt Strike C2's identified today. Find them here: pastebin.com/rc7hHBvf
Warning: These IP's have not been vetted, block at your own risk.
1
1
16,504
19 May 2023
Today's 5 least common Spawn_to values:
%windir%\system32\rundll32.exe
%windir%\sysnative\wermgr.exe
%windir%\sysnative\gpupdate.exe
c:\windows\system32\rundll32.exe
%windir%\sysnative\rundll32.exe
16,311
19 May 2023
Today's 5 most common Spawn_to values:
%windir%\sysnative\rundll32.exe
c:\windows\system32\rundll32.exe
%windir%\sysnative\gpupdate.exe
%windir%\sysnative\wermgr.exe
%windir%\system32\rundll32.exe
16,398
19 May 2023
Today's 10 most common watermarks:
1234567890, 32
100000, 29
391144938, 21
0, 18
305419896, 12
426352781, 7
987654321, 7
12345, 3
1580103824, 3
1049482653, 2
16,947
19 May 2023
Today's 10 most common second stage ASNs:
AS45090, 118
AS37963, 39
AS40065, 20
AS55990, 14
AS36352, 14
AS8075, 8
AS132203, 6
AS131685, 6
AS45102, 4
AS14618, 4
1
18,342
18 May 2023
139 Cobalt Strike stage 2 IP's, with 140 unique configurations, identified today. Find them here: pastebin.com/zaKXVsCJ
Warning: These IP's have not been vetted, block at your own risk.
1
18,060