139 Cobalt Strike stage 2 IP's, with 140 unique configurations, identified today. Find them here: pastebin.com/zaKXVsCJ Warning: These IP's have not been vetted, block at your own risk.

Today's 10 most common second stage ASNs: AS45090, 118 AS37963, 39 AS40065, 20 AS55990, 14 AS36352, 14 AS8075, 8 AS132203, 6 AS131685, 6 AS45102, 4 AS14618, 4

Today's 10 most common watermarks: 1234567890, 32 100000, 29 391144938, 21 0, 18 305419896, 12 426352781, 7 987654321, 7 12345, 3 1580103824, 3 1049482653, 2

Today's 5 most common Spawn_to values: %windir%\sysnative\rundll32.exe c:\windows\system32\rundll32.exe %windir%\sysnative\gpupdate.exe %windir%\sysnative\wermgr.exe %windir%\system32\rundll32.exe

Today's 5 least common Spawn_to values: %windir%\system32\rundll32.exe %windir%\sysnative\wermgr.exe %windir%\sysnative\gpupdate.exe c:\windows\system32\rundll32.exe %windir%\sysnative\rundll32.exe

136 Cobalt Strike C2's identified today. Find them here: pastebin.com/rc7hHBvf Warning: These IP's have not been vetted, block at your own risk.

142 Cobalt Strike stage 2 IP's, with 142 unique configurations, identified today. Find them here: pastebin.com/jtQ5Ayni Warning: These IP's have not been vetted, block at your own risk.

Today's 10 most common second stage ASNs: AS45090, 116 AS37963, 41 AS40065, 20 AS55990, 14 AS36352, 12 AS8075, 8 AS132203, 6 AS131685, 6 AS4812, 4 AS64050, 4

Today's 10 most common watermarks: 100000, 30 1234567890, 30 391144938, 18 0, 18 305419896, 12 426352781, 7 987654321, 5 12345, 3 666666, 3 1580103824, 3

Today's 5 most common Spawn_to values: %windir%\sysnative\rundll32.exe c:\windows\system32\rundll32.exe %windir%\sysnative\wuauclt.exe %windir%\system32\rundll32.exe %windir%\sysnative\gpupdate.exe

Today's 5 least common Spawn_to values: %windir%\sysnative\wermgr.exe %windir%\sysnative\gpupdate.exe %windir%\system32\rundll32.exe %windir%\sysnative\wuauclt.exe c:\windows\system32\rundll32.exe

133 Cobalt Strike C2's identified today. Find them here: pastebin.com/SN6V2Qce Warning: These IP's have not been vetted, block at your own risk.

139 Cobalt Strike stage 2 IP's, with 137 unique configurations, identified today. Find them here: pastebin.com/pNNk9gJh Warning: These IP's have not been vetted, block at your own risk.

Today's 10 most common second stage ASNs: AS40065, 20 AS36352, 12 AS8075, 8 AS29551, 6 AS132203, 6 AS14061, 4 AS64050, 4 AS45102, 4 AS142403, 4 AS14618, 4

Today's 10 most common watermarks: 100000, 14 0, 7 391144938, 6 12345, 4 426352781, 3 1580103824, 3 1049482653, 2 2130772225, 1 897093148, 1 668694132, 1

Today's 5 most common Spawn_to values: %windir%\sysnative\rundll32.exe c:\windows\system32\rundll32.exe %windir%\system32\rundll32.exe %windir%\sysnative\gpupdate.exe %windir%\sysnative\wermgr.exe

Today's 5 least common Spawn_to values: %windir%\sysnative\wermgr.exe %windir%\sysnative\gpupdate.exe %windir%\system32\rundll32.exe c:\windows\system32\rundll32.exe %windir%\sysnative\rundll32.exe

45 Cobalt Strike C2's identified today. Find them here: pastebin.com/yjeAGL2H Warning: These IP's have not been vetted, block at your own risk.

50 Cobalt Strike stage 2 IP's, with 47 unique configurations, identified today. Find them here: pastebin.com/k6GTSgej Warning: These IP's have not been vetted, block at your own risk.

Well, it's been a fun project, but sadly it appears that the end is here. Due to the restrictions on Twitter API access, the bot can no longer tweet, and it may be a good time to wind the project down.