Details

_id 5e7d344b11acca7063dbbe2f
reference ['https://www.virustotal.com/gui/file/bb768976ec88f566ae192972cff6e950bc9082e32a7839e8c72f9ce4281c6a86']
md5 ['adc0396841bbbfc49121ca34a28288cd']
sha1 ['fd7c205bd9816e9aadff3369eddb461552feb986']
sha256 ['bb768976ec88f566ae192972cff6e950bc9082e32a7839e8c72f9ce4281c6a86']
mail []
ip ['91.208.184.78']
domain []
url []
user bryceabdo
tweet Take a gander @"no2.exe". a VMProtected downloader submitted to VT on 2020-03-24. It downloads a #CobaltStrike stager from 91.208.184.\80 - same 'hood as 91.208.184.78 (ALEXHOST-SRL) - an IP used by #APT41 in early March 2020 per @FireEye crew. https://www.virustotal.com/gui/file/bb768976ec88f566ae192972cff6e950bc9082e32a7839e8c72f9ce4281c6a86 …
id 1243181626571489282
retweets 3
favorites 14
link https://twitter.com/bryceabdo/status/1243181626571489282
mentions ['@FireEye']
hashtags ['#CobaltStrike', '#APT41']
timestamp 1585232571
date 2020-03-26 15:22:51

Tweet