# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/MichalKoczwara/status/1641113392843718660
# Reference: https://twitter.com/MichalKoczwara/status/1641117793612447747

129.151.170.99:443
139.162.52.150:443
139.59.227.34:443
142.93.154.140:443
143.198.62.146:443
143.42.110.206:443
144.126.202.135:443
158.101.169.125:443
165.154.231.221:443
165.232.123.47:443
167.114.115.246:443
170.187.232.126:443
173.254.204.109:443
18.140.234.35:443
18.204.35.247:443
185.163.204.32:443
185.163.45.65:443
185.216.71.178:4443
188.166.170.1:443
192.46.211.76:443
194.87.218.16:443
2.58.14.26:443
20.12.180.13:443
20.67.246.154:443
203.150.243.176:443
204.48.29.223:443
206.189.22.24:443
209.151.155.42:443
212.87.204.177:443
23.105.212.89:443
23.95.44.80:8443
27.124.44.241:8443
3.72.110.16:443
3.8.184.124:443
31.220.89.214:443
34.229.221.1:443
34.243.164.16:443
35.198.216.30:443
42.193.116.134:443
43.133.22.48:443
43.142.149.130:443
44.192.60.164:443
44.202.199.164:443
45.125.67.244:443
45.135.135.107:443
45.144.30.143:443
45.144.31.129:443
45.77.74.229:443
46.101.79.16:443
47.109.41.48:443
64.176.39.146:443
64.227.8.84:443
65.20.75.178:443
77.91.73.143:443
8.210.103.41:443
8.210.104.188:443
80.158.37.73:6443
81.70.249.195:443
82.223.64.37:443
82.66.183.37:443
89.58.33.82:443
94.102.49.165:443
99.238.119.93:443

# Reference: https://twitter.com/Gi7w0rm/status/1625645124247076870
# Reference: https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace
# Reference: https://www.virustotal.com/gui/file/dba614a3b64db6ab346bf37683a9d13b5013fb4b7def2acdd8a697d26b62e48d/detection
# Reference: https://www.virustotal.com/gui/file/f577e247a29f74cf5517d47cc4821dc4d087cb96d5456ebb2f6f858dbe828ccd/detection
# Reference: https://www.virustotal.com/gui/file/ccb6d9742cf9329f2cb8030a25be663d098878ece7ffcfaa483b50856ad3c08e/detection
# Reference: https://www.virustotal.com/gui/file/c9a395ec3fb69e124c672823333ec165fce21a5773618153bc251cc8b2503dc4/detection
# Reference: https://www.virustotal.com/gui/file/b19f1eb30638f1f4695fe0741a1ccdb8ce0aa78b6ea343b4799a64ca1f1b1971/detection
# Reference: https://www.virustotal.com/gui/file/aea22bdf30f2b5ece1f867d4193ddbf48a5e8ebf812d9b7586db4aa54f1abf5d/detection

http://146.190.48.229
146.190.48.229:2323
146.190.48.229:3939
146.190.48.229:6963
146.190.48.229:7777
146.190.48.229:9797

# Reference: https://twitter.com/MichalKoczwara/status/1642218400691699851

194.36.190.103:443

# Reference: https://twitter.com/sicehice/status/1647624379830812673
# Reference: https://www.virustotal.com/gui/file/c0c13de44f445a1e38d1b2ebc5e87882e8bd9af82d0a1c9a90b721cc67a99e54/detection

4.240.86.147:1337
4.240.86.147:8080

# Reference: https://twitter.com/sicehice/status/1647650130684723202

159.223.250.77:9090

# Reference: https://twitter.com/drb_ra/status/1651298448757358608

190.135.186.92:443

# Reference: https://twitter.com/drb_ra/status/1652021857502019622

18.208.213.147:443

# Reference: https://twitter.com/drb_ra/status/1652384835946659840

50.255.107.170:443

# Reference: https://twitter.com/drb_ra/status/1652384849074835458

51.15.133.32:443

# Reference: https://www.virustotal.com/gui/file/c234a376a6de44dcc5f311937d3d705311599233804db547d7271cee796e86fb/detection

81.161.229.121:8080

# Reference: https://twitter.com/drb_ra/status/1653109032226283543

http://3.105.246.81

# Reference: https://twitter.com/drb_ra/status/1653109056112844804

13.41.55.238:443

# Reference: https://twitter.com/drb_ra/status/1653109091340804106

165.227.106.175:443

# Reference: https://twitter.com/drb_ra/status/1653109102019506177

167.99.194.51:443

# Reference: https://twitter.com/drb_ra/status/1653109118775746580

185.239.225.17:8443

# Reference: https://twitter.com/drb_ra/status/1653109134575689752

http://192.99.223.135

# Reference: https://twitter.com/drb_ra/status/1653109137385873422

205.185.113.85:443

# Reference: https://twitter.com/drb_ra/status/1653471476383727616

80.249.147.147:8081

# Reference: https://twitter.com/drb_ra/status/1653471492196188172

157.245.55.19:443

# Reference: https://twitter.com/MichalKoczwara/status/1652988028011290625

5.252.178.157:443
85.209.135.74:443
91.107.130.122:443
stingray.gay

# Reference: https://twitter.com/drb_ra/status/1653833821219856399

http://13.246.26.24

# Reference: https://twitter.com/drb_ra/status/1653833832926158864

16.171.56.119:8443

# Reference: https://twitter.com/drb_ra/status/1653833844863148053

18.158.68.206:443

# Reference: https://twitter.com/drb_ra/status/1653833854883340289

18.208.213.147:4443

# Reference: https://twitter.com/drb_ra/status/1654458500326514691

157.245.199.109:443

# Reference: https://twitter.com/drb_ra/status/1654458530617753601

209.250.255.119:443

# Reference: https://twitter.com/drb_ra/status/1655283458623647746

185.158.94.217:8000

# Reference: https://twitter.com/drb_ra/status/1655645809193410563

3.105.246.81:443

# Reference: https://twitter.com/drb_ra/status/1655645838612258824

51.68.148.55:443

# Reference: https://twitter.com/drb_ra/status/1655645853019693076

70.29.173.138:443

# Reference: https://twitter.com/MichalKoczwara/status/1655994573280116756

http://51.68.148.55
http://51.83.182.155
51.83.182.155:443

# Reference: https://twitter.com/drb_ra/status/1656008250775543808
# Reference: https://twitter.com/drb_ra/status/1656008254307147783

http://3.249.31.242
3.249.31.242:443

# Reference: https://twitter.com/drb_ra/status/1656008271600263190

13.246.26.24:4444

# Reference: https://twitter.com/drb_ra/status/1656008292634697733

51.83.182.155:443

# Reference: https://twitter.com/drb_ra/status/1656008305427324940

51.255.45.74:443

# Reference: https://twitter.com/drb_ra/status/1656008318282866708

52.19.114.156:443

# Reference: https://twitter.com/drb_ra/status/1656008337362677764

146.59.10.45:443

# Reference: https://twitter.com/drb_ra/status/1656370613445881886

51.68.148.48:443

# Reference: https://twitter.com/drb_ra/status/1656370630160183309

54.160.113.74:445

# Reference: https://twitter.com/drb_ra/status/1656370660740853772

198.211.102.42:443

# Reference: https://twitter.com/drb_ra/status/1656733184384442369

35.136.215.120:443

# Reference: https://twitter.com/drb_ra/status/1656733205938962457

65.21.56.40:443

# Reference: https://twitter.com/drb_ra/status/1656733220782604290

109.106.255.148:443

# Reference: https://twitter.com/drb_ra/status/1656733232786702394

114.117.244.233:443

# Reference: https://twitter.com/drb_ra/status/1656733250180481037

http://165.22.21.249

# Reference: https://twitter.com/drb_ra/status/1657095463651139605

3.26.1.74:443

# Reference: https://twitter.com/drb_ra/status/1657095499281752080

76.65.175.53:443

# Reference: https://twitter.com/drb_ra/status/1657095516113494024

107.172.90.146:443

# Reference: https://twitter.com/drb_ra/status/1657095546828382213

176.123.8.200:443

# Reference: https://twitter.com/drb_ra/status/1657095561009397761

193.233.48.14:443

# Reference: https://twitter.com/drb_ra/status/1657458200063385602

104.200.20.89:8881

# Reference: https://twitter.com/drb_ra/status/1657458238734888973

190.133.143.80:443

# Reference: https://twitter.com/drb_ra/status/1657820277173092353

167.58.245.20:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/

http://108.177.235.233
http://128.199.207.220
http://13.213.147.86
http://13.246.26.24
http://135.181.254.184
http://142.93.45.33
http://149.28.207.18
http://165.22.21.249
http://177.67.71.17
http://188.191.106.251
http://190.135.176.171
http://192.99.223.135
http://193.43.94.63
http://194.4.51.90
http://195.123.241.72
http://20.109.45.183
http://20.126.20.79
http://3.105.246.81
http://3.249.31.242
http://3.85.21.250
http://45.12.253.239
http://5.188.87.39
http://51.158.77.242
http://64.227.130.238
http://66.55.65.150
http://74.207.237.246
http://82.223.64.37
100.26.241.235:445
101.42.246.105:443
101.42.246.105:4433
103.253.43.146:443
104.248.120.60:4343
107.172.90.146:8443
107.174.95.55:443
108.174.57.187:443
108.177.235.233:443
109.105.198.141:443
109.172.44.233:443
109.94.110.94:443
118.31.66.10:443
123.249.38.254:9999
129.150.46.86:443
129.151.233.130:443
13.125.17.253:443
13.244.111.157:443
13.244.144.1:443
13.39.48.10:443
13.93.75.195:443
134.122.45.166:443
136.244.80.185:443
137.184.100.52:443
137.74.253.250:443
138.68.103.181:443
139.144.22.116:443
139.144.39.22:443
139.144.57.50:443
139.180.144.171:443
140.238.217.117:443
141.164.45.80:443
143.198.105.62:443
143.198.136.12:8089
143.198.218.5:443
143.198.53.218:443
143.42.110.206:555
146.190.104.255:443
146.190.120.225:443
146.70.35.170:443
146.70.87.109:443
147.182.241.180:443
149.28.207.18:443
151.236.25.237:4444
151.236.25.237:4445
157.245.47.66:443
157.254.195.51:443
158.247.223.37:4444
159.223.202.160:443
159.223.250.77:443
159.65.149.47:8443
164.92.241.44:443
165.22.12.239:443
166.88.77.16:443
167.172.106.238:443
167.56.104.241:443
167.56.105.95:443
167.56.112.216:443
167.56.122.192:443
167.56.122.29:443
167.56.194.219:443
167.56.196.20:443
167.56.198.150:443
167.56.198.48:443
167.56.203.196:443
167.56.66.214:443
167.58.233.226:443
167.59.76.141:443
167.59.76.50:443
168.138.174.173:2083
168.138.174.173:2087
168.138.174.173:2096
168.138.174.173:40006
168.138.174.173:8443
170.187.142.23:8899
172.105.66.217:443
172.86.78.127:443
172.93.165.118:41686
172.93.165.118:443
174.138.28.5:11443
174.138.28.5:41156
175.178.226.246:443
176.124.32.160:443
177.67.71.17:443
179.25.216.69:443
179.25.221.138:443
179.25.222.247:443
18.134.161.59:443
18.157.84.230:443
18.185.111.207:443
18.196.203.78:33688
18.196.203.78:443
18.214.99.112:443
18.224.73.25:443
182.61.19.90:443
182.61.19.90:48888
184.73.53.214:443
185.112.144.20:443
185.112.144.20:8443
185.163.45.244:443
185.203.118.50:443
185.225.74.223:4433
185.247.224.13:443
185.32.126.34:443
185.39.204.47:443
185.64.247.201:443
185.74.222.204:443
187.95.25.167:443
188.166.251.121:443
188.191.106.34:443
190.133.129.34:443
190.133.130.250:443
190.133.139.168:443
190.133.150.121:443
190.133.150.206:443
190.133.155.21:443
190.133.159.153:443
190.133.232.69:443
190.133.235.6:443
190.133.236.207:443
190.133.237.30:443
190.133.238.68:443
190.134.139.110:443
190.134.148.138:443
190.134.155.238:443
190.134.200.111:443
190.134.202.117:443
190.134.43.116:443
190.134.50.10:443
190.135.124.228:443
190.135.126.109:443
190.135.168.212:443
190.135.176.171:443
190.135.177.179:443
190.135.182.53:443
190.135.184.127:443
190.135.209.12:443
190.135.233.148:443
192.121.163.90:443
192.153.57.181:443
192.153.57.73:443
192.99.223.135:443
193.37.69.123:443
193.43.94.63:443
194.135.33.127:9080
194.58.98.232:443
194.58.98.232:8888
195.123.241.72:443
195.24.66.110:443
195.85.114.214:443
20.109.45.183:443
20.115.112.114:443
20.15.162.87:443
20.158.49.49:443
20.235.26.66:443
20.74.236.100:443
20.92.20.220:443
20.94.83.139:9000
207.148.127.136:10025
209.141.50.192:443
209.38.232.99:443
209.79.69.200:443
212.227.9.150:443
23.106.215.192:443
23.94.59.56:15443
3.17.156.183:443
3.26.10.74:443
3.67.64.179:40156
3.67.64.179:4043
3.71.188.11:443
3.72.1.193:8443
3.72.106.201:443
31.187.76.237:443
34.136.114.164:443
34.18.9.224:443
35.158.109.72:443
35.207.109.124:443
35.226.91.165:443
35.75.17.242:443
37.187.123.146:443
38.54.107.202:443
38.54.107.202:8082
39.99.45.71:2443
4.196.211.113:443
4.231.105.17:8443
40.76.236.54:443
43.153.184.17:3389
43.153.184.17:443
44.200.59.2:443
44.203.114.48:4443
45.117.81.126:443
45.125.67.100:443
45.125.67.117:443
45.153.242.73:443
45.56.76.86:443
45.77.233.83:443
45.77.254.85:443
45.79.90.123:40000
45.8.251.210:7443
45.9.149.144:443
45.9.150.150:443
45.93.28.77:443
46.161.53.217:443
46.183.184.149:443
46.29.234.73:443
47.90.254.130:443
5.161.197.230:443
5.252.178.146:443
5.255.97.196:443
5.44.42.124:443
5.53.125.31:7443
51.15.195.71:443
51.15.59.83:443
51.158.77.242:443
51.158.77.242:5555
51.158.77.242:8443
52.147.196.140:443
52.211.176.121:443
54.144.152.176:443
54.246.21.155:443
54.251.23.219:443
54.64.152.213:8443
54.78.24.98:443
62.234.185.181:443
64.176.34.205:443
64.176.34.205:8443
64.176.47.227:443
64.176.47.227:8080
64.176.47.227:8888
64.226.111.133:443
64.227.130.238:443
64.227.130.238:8080
66.55.65.150:443
68.183.185.231:443
74.119.193.28:443
74.207.237.246:8443
74.234.230.67:443
77.139.130.110:443
77.91.73.143:4433
8.208.95.78:443
8.217.111.67:443
8.222.230.219:443
85.206.172.192:443
88.99.28.233:5000
89.147.108.250:8085
90.107.73.133:443
91.92.128.200:443
94.131.102.61:443
94.131.110.14:9090
98.252.137.125:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-07-28)

104.168.237.121:443
108.177.235.191:443
146.190.113.107:443
168.138.174.173:443
18.219.102.188:443
23.83.133.160:443
23.83.133.164:443
24.99.36.214:443
35.90.217.46:443
44.202.218.193:443
44.212.22.10:22222
54.255.154.71:443
77.223.122.145:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-07-30)

http://95.164.47.3
13.39.237.2:443
16.171.60.36:443
45.81.34.65:11443
95.164.47.3:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (#2023-07-31)

139.99.66.96:443
185.39.204.47:447
64.227.79.229:10025
http://146.70.145.212

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (#2023-08-01)

106.55.228.192:4455
16.171.60.36:22222
185.239.225.17:7744
35.202.166.59:443
43.131.252.233:443

# Reference: https://twitter.com/TheDFIRReport/status/1686338899314987008

45.92.1.60:5111

# Reference: https://threatfox.abuse.ch/ioc/1146718/

146.70.145.212:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-08-03)

http://185.246.189.72
109.106.255.148:8443
109.106.255.148:40055

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-08-05)

http://54.211.1.105
151.236.216.137:443
163.172.140.159:443
206.189.143.81:443
43.131.252.233:8888
45.61.169.102:443

# Reference: https://twitter.com/sicehice/status/1687601960164216833

157.245.47.66:8080

# Reference: https://urlhaus.abuse.ch/url/2640642/

mott54874.b-cdn.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-08-07)

54.238.83.76:3306
54.238.83.76:443

# Reference: https://threatfox.abuse.ch/ioc/1149181/

http://85.206.172.192

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-08-09)

13.48.45.227:443
138.68.174.88:443
5.182.37.3:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-08-11)

http://146.190.29.203
http://176.31.163.140
106.55.228.192:8080
13.214.204.113:443
167.56.66.27:443
176.31.163.140:443
20.160.143.1:443
207.244.226.182:443
34.100.240.82:443
43.153.87.78:443

# Reference: https://www.virustotal.com/gui/file/53e8a1861bed12148803a34ea8bc2b844c4dab73759df6882f77c301f1151dcd/detection

161.97.156.7:43595
havoc718.ddns.net

# Reference: https://twitter.com/drb_ra/status/1691523144966610945

3.87.213.122:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-08-16)

http://52.88.128.181
134.209.147.35:443
185.158.248.34:443
34.231.34.198:443
39.100.87.25:443
52.157.71.131:443
52.88.128.181:443
81.161.229.45:443
90.212.33.49:8443

# Reference: https://threatfox.abuse.ch/ioc/1150423/

http://34.231.34.198

# Reference: https://threatfox.abuse.ch/ioc/1150556/

64.227.130.114:443

# Reference: https://threatfox.abuse.ch/ioc/1150868/

52.76.227.205:443

# Reference: https://threatfox.abuse.ch/ioc/1150887/

http://77.91.68.133

# Reference: https://twitter.com/drb_ra/status/1693334655540363746

38.47.107.170:443

# Reference: https://twitter.com/drb_ra/status/1693334699224011263
# Reference: https://threatfox.abuse.ch/ioc/1151516/

209.38.225.63:443
209.38.240.41:443

# Reference: https://twitter.com/drb_ra/status/1693697132304257088

20.224.91.188:443

# Reference: https://threatfox.abuse.ch/ioc/1151453/

2.59.254.20:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-08-22)
# Reference: https://search.censys.io/hosts/78.135.73.140
# Reference: https://www.deepinstinct.com/blog/operation-rusty-flag-a-malicious-campaign-against-azerbaijanian-targets

http://159.203.122.205
38.47.107.170:8443
77.91.68.133:443
78.135.73.140:10443
78.135.73.140:35667
78.135.73.140:47878
94.128.22.194:443

# Reference: https://twitter.com/drb_ra/status/1694421398062506302

http://47.100.30.74

# Reference: https://twitter.com/drb_ra/status/1694965057107468557

77.74.208.123:443

# Reference: https://threatfox.abuse.ch/ioc/1152181/

16.171.254.242:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-09-01)

http://100.25.164.220
http://158.247.243.219
http://164.215.103.105
http://164.92.134.166
http://2.56.10.6
http://207.244.226.182
http://34.100.240.82
http://47.245.126.218
100.25.164.220:443
109.228.61.245:443
109.63.232.77:443
129.158.249.215:443
141.136.44.52:443
149.40.63.23:443
152.228.170.254:443
16.171.242.239:443
167.99.147.192:8443
170.187.207.78:443
178.128.48.128:443
181.164.204.99:443
188.166.159.86:443
206.166.251.95:443
207.244.226.182:8443
217.6.46.91:8443
34.100.240.82:40056
34.93.29.231:443
34.92.127.28:443
43.132.172.77:443
43.153.193.220:443
47.245.126.218:443
51.255.45.74:40016
78.157.163.36:443
94.131.112.139:443

# Reference: https://twitter.com/drb_ra/status/1696958168209772953

http://164.215.103.173

# Reference: https://twitter.com/drb_ra/status/1696958171774877936

164.215.103.173:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-09-06)

http://159.223.205.33
http://46.101.97.100
http://73.196.213.146
117.50.178.24:8088
139.180.212.188:443
167.172.86.3:443
167.172.86.3:8080
206.188.197.20:443
206.71.148.148:443
24.199.106.201:443
37.120.239.175:443
46.101.97.100:443
64.226.81.144:443
66.135.16.39:443
73.196.213.146:443
80.85.152.108:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-09-11)

152.89.198.175:443
34.231.97.149:443
34.235.159.186:443
45.131.3.18:443
5.61.41.71:443
61.4.102.37:443
86.82.10.130:53
92.39.211.142:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-09-12)

http://165.232.151.90
http://64.176.211.167
168.100.10.213:443
139.180.158.92:443
139.180.158.92:7443
159.223.205.33:443
193.149.190.230:443
206.71.148.79:443
209.38.212.101:443
3.215.181.98:443
38.6.163.12:443
45.195.204.20:443
45.195.204.29:443
45.195.204.53:443
51.68.169.167:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-09-19)

http://103.101.205.215
http://164.90.162.240
http://172.233.67.65
http://3.215.181.98
http://52.202.108.119
http://52.194.222.149
103.101.205.215:443
124.156.167.196:4433
128.199.88.129:443
164.132.229.221:443
164.90.162.240:443
172.233.67.65:443
217.182.199.147:40070
217.182.199.147:443
217.6.46.91:4443
47.122.21.21:443
50.255.107.171:443
51.16.9.5:8443
52.192.111.170:443
52.202.108.119:443
74.207.242.75:443

# Reference: https://twitter.com/drb_ra/status/1703481233949237614

5.182.37.3:444

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-09-21)

http://172.105.139.42
http://51.210.243.250
101.33.116.17:10249
16.171.237.4:443
175.27.146.212:443
178.128.122.128:443
192.144.211.13:443
193.117.208.108:7305
193.218.118.143:8083
193.218.118.143:8085
202.162.108.120:443
34.116.228.55:443
43.135.138.227:443
45.183.247.131:443
47.245.42.208:443
65.21.105.102:443
165.22.58.208:8443
172.105.92.100:443
193.218.118.14383

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-09-25)

http://134.122.54.122
http://164.215.103.86
http://198.148.112.58
http://47.96.174.148
104.248.149.186:443
146.190.67.179:443
16.170.217.78:443
37.120.239.175:23450
40.117.129.162:40056
45.79.238.141:8080
47.96.174.148:443
162.0.231.130:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-09-29)

http://8.217.13.6
101.99.91.224:443
103.214.157.66:4443
134.195.198.40:443
138.68.69.79:443
168.100.11.139:443
173.212.236.170:443
18.195.241.171:443
185.243.114.106:443
185.243.115.154:443
185.243.115.252:443
192.153.57.227:443
192.53.171.76:443
194.26.192.110:443
20.52.249.198:443
3.6.98.232:18976
31.223.16.23:443
34.227.89.96:443
34.227.89.96:8443
40.117.129.162:888
44.202.151.94:443
45.138.16.248:443
45.195.204.20:3320
45.195.204.29:3320
45.195.204.53:3320
45.61.136.107:443
51.158.107.162:443
54.202.46.22:4443
54.211.1.105:40056
66.94.109.152:443
91.90.192.233:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-07)

http://172.105.183.87
http://172.105.190.170
111.90.148.125:443
178.128.111.190:443
178.128.216.62:443
194.182.78.107:443
20.19.1.146:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-09)

http://185.235.138.63
http://54.146.112.196
139.180.195.227:443
51.142.94.204:443
98.66.139.133:8443
aadcdn.the-admiralty.co.uk
aadcdn.ukho.org
acad.bmcybersecurity.net
acadtr.bmcybersecurity.net
support-par8o.com
addressverification.support-par8o.com
alerts-service.com
backstopsolution.net
bankbubyan.com
banochotelgh.com
biswapvoilet.com
bluelinedevelop.com
caldwellmedical.org
cenaa3.viverindia.com.br
centrecertifieplus.com
chuangshiclub.com
contrariancapital.backstopsolution.net
cpcontacts.banochotelgh.com
cpcontacts.biswapvoilet.com
jagoanstoregame.duckdns.org
cpcontacts.jagoanstoregame.duckdns.org
crm.banochotelgh.com
deltidentalil.com
erci.banochotelgh.com
fahope.com
files.bmcybersecurity.net
givex.help
gracefoundme.top
if00d.com.br
iglensonc2.com
l2chartsapi.com
banochotelgh.com
lime.banochotelgh.com
linkair.top
login.doc-usign.net
login.officeonline.ri-rqc.sk
login.ri-rqc.sk
lucie.ddns.net
alerts-service.com
mail.alerts-service.com
backstopsolution.net
mail.backstopsolution.net
mail.biswapvoilet.com
biswapvoilet.com
myalectra.com
nginx-rev-prox-rj33nb72rsqni.westeurope.cloudapp.azure.com
officeonline.ri-rqc.sk
omricybersecurity.com
purple.cassa.my.id
ri-rqc.sk
salvation.banochotelgh.com
siptestasets.com
artsavingsclub.co.za
staging.artsavingsclub.co.za
support-par8o.com
suse.space
the-admiralty.co.uk
uiurbur.guieoer.pserver.ru
google-service.workers.dev
update.google-service.workers.dev
update.netsecgroup.com
netsecgroup.com
bmcybersecurity.net
biswapvoilet.com
vulnmetrics.bmcybersecurity.net
webdisk.biswapvoilet.com
webmail.biswapvoilet.com
perubahan-tarif-brlmo.com
webmail.perubahan-tarif-brlmo.com
wss.payloads.online
payloads.online
yinksoft-update.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-11)

120.53.93.251:443
157.245.142.4:443
54.146.112.196:443
95.217.219.48:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-13)

http://163.172.234.31
16.171.65.50:443
163.172.234.31:443
164.92.168.80:443
176.124.215.91:443
185.225.17.127:4433
2.102.90.244:4444
alexis-dasilva.com
sharepointoneline.com
stellantis-invite.com
stellantis-service.com
idpm.stellantis-invite.com
wapprod.stellantis-service.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-16)

http://194.180.49.251
104.233.140.137:8088
16.171.54.181:8443
164.92.168.80:40056
185.165.169.117:443
43.135.163.36:443
89.116.72.113:21024
air-canadaa.com
search-online.workers.dev

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-19)

http://172.233.192.25
http://216.128.180.160
http://95.92.201.169
13.53.84.163:443
130.51.20.136:5900
134.195.198.40:40056
137.184.84.90:443
138.68.174.88:40056
141.94.69.198:443
161.35.25.219:443
172.233.192.25:443
185.193.125.140:443
194.169.175.238:8083
194.169.175.238:8443
195.77.176.178:4444
23.94.50.240:443
45.12.253.39:443
52.56.179.139:443
54.246.47.176:443
88.99.71.225:443
89.147.111.205:4443
adblockext.ru
securitytest.lat
api.microsoft-service.workers.dev
login.sharepointoneline.com
microsoft-service.workers.dev

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-23)

5.255.123.86:443
5.255.123.86:5000
alexis-dasilva.pro
bitwarden-server.payloads.online
cesig8.online
vip.cesig8.online

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-25)

http://66.219.103.8
141.105.71.141:443
157.230.124.53:443
158.160.74.251:8443
149.102.143.96:443
167.114.113.96:443
191.96.53.80:443
194.169.175.238:8080
3.6.115.64:10000
34.217.46.159:8443
34.93.89.189:443
38.242.132.121:443
47.157.37.112:5001
50.116.39.137:443
51.254.33.199:443
52.15.200.151:443
68.183.68.156:443
88.99.71.225:801
abaadoffice.net
aspidaprotection.com
atisgst.fit
msonline-security.com
prfectr.xyz
analytics.prfectr.xyz
staging.prfectr.xyz
mail.abaadoffice.net
login.msonline-security.com
wapprod.stellantis-invite.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-10-29)

http://146.70.79.19
http://83.212.96.62
136.243.185.107:443
139.84.144.181:443
161.142.78.158:8080
175.136.232.225:8080
175.136.232.226:8080
176.31.163.140:40056
24.144.90.189:443
35.221.29.34:443
57.128.171.220:443
80.78.22.31:443
buesem2021.com
havoc.riggcorp.com
idpm.stellantis-service.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-11-01)

208.115.220.176:443
35.167.204.55:443
46.8.158.224:443
heylele.com
msftonline.org
testsite.uno
config-update-ms.francecentral.cloudapp.azure.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-11-02)

136.243.185.107:8443
185.193.125.140:41909
20.220.86.194:443
20.94.83.139:443
35.178.199.73:443
35.226.174.151:443
64.227.179.34:443
91.92.255.32:443
mircofots.online
apix.mircofots.online

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-11-04)

http://172.208.90.130
http://176.126.113.164
http://212.71.238.198
http://40.76.55.180
http://8.208.95.78
128.140.47.106:443
13.215.191.59:4444
139.28.36.5:443
144.76.182.181:443
146.190.41.228:443
154.8.142.178:443
159.65.168.135:443
16.16.26.234:3306
16.16.26.234:443
164.92.189.96:443
165.22.184.182:443
167.71.38.111:443
167.71.6.13:443
170.64.171.160:443
172.232.123.21:443
173.255.196.101:443
174.138.4.105:443
176.9.43.114:8443
178.62.57.69:587
185.193.125.118:443
185.236.202.153:4444
194.169.175.238:443
194.169.175.238:9443
20.157.16.178:443
20.52.226.156:443
20.55.94.241:443
20.71.97.27:443
20.93.5.194:8089
203.135.101.181:82
31.220.94.133:443
34.224.40.221:443
34.232.77.201:443
35.178.199.78:443
35.178.203.77:443
40.76.55.180:8090
43.138.87.237:443
45.66.216.108:443
45.76.71.236:443
45.79.249.116:443
46.246.1.155:7443
51.15.195.71:40056
51.158.107.162:40056
52.151.252.137:443
52.87.167.149:443
54.188.132.103:443
54.93.236.31:443
54.93.236.31:8000
62.210.207.211:443
64.226.72.6:443
79.133.183.84:443
79.133.183.84:8081
79.141.169.72:4443
80.78.24.47:443
85.208.117.147:4443
88.214.25.36:443
91.206.14.228:8989
94.156.64.184:4433
95.165.99.74:443
7desktop.com
abb-bank.wiki
bedlinnenoutlet.nl
daanzeegersdesign.nl
donotopenthis.zip
toroz.nl

# Reference: https://threatfox.abuse.ch/ioc/1201397/
# Reference: https://www.virustotal.com/gui/file/fa02f2c47b8a22acff47d86da8e5b97f2453aee4606f585b5d979429eb85a0d3/detection

werbeagenturbraunschweig.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-11-22)

172.208.90.130:443
172.208.97.188:443
185.254.238.160:443
209.250.248.246:443
45.78.58.175:6379
blha.tail9ed4d.ts.net
cloudflare-tls.workers.dev
ctvnews.eastus.cloudapp.azure.com
launchpad.pusd.fi
login.pusd.fi
mstraffic.cloudflare-tls.workers.dev
pusd.fi

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-11-25)

http://172.208.97.188
104.237.11.5:443
172.105.66.217:23966
198.176.59.64:443
37.187.176.161:443
80.78.22.93:443
85.209.176.146:8088
88.99.150.167:8443
pwshrepo.com
sd-50950.dedibox.fr
vpn-eu.dsikw.com

# Reference: https://twitter.com/banthisguy9349/status/1731290942785601583

46.8.158.224:8000

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-12-03)

http://13.42.17.180
http://167.71.38.111
http://172.191.67.230
http://18.191.149.233
http://188.116.22.65
http://198.176.59.64
http://64.176.164.102
http://80.211.208.51
108.51.80.70:443
124.220.224.87:8888
124383.msk.web.highserver.ru
139.28.36.237:443
139.59.40.198:443
142.93.185.248:443
146.190.231.230:443
146.190.231.230:80
146.190.45.248:443
146.70.79.110:4445
148.135.75.34:443
157.230.223.248:443
165.22.159.164:443
178.128.122.128:40069
178.62.57.69:40056
18.196.5.34:443
185.221.216.103:443
198.176.59.64:6379
209.38.226.163:443
212.227.211.81:443
24.199.125.30:443
45.123.188.186:443
45.15.159.79:443
45.76.156.94:443
47.108.117.51:8081
5.161.118.248:443
504e165d.host.njalla.net
52.91.116.180:443
62.84.116.13:443
62.84.116.13:4443
62.84.116.13:61237
77.103.140.46:443
cdn239.for149.xyz
contato8.appsysten.com
kztime.ddns.net
lido-fi.dev
nginx-typhoon.westeurope.cloudapp.azure.com
wiipo.com.ht-hldrotermica.com.br

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-12-05)

http://113.52.134.114
http://141.94.69.198
http://207.180.215.36
http://35.92.41.20
104.248.15.194:443
113.52.134.114:443
113.52.134.114:4433
113.52.134.114:6379
158.160.84.31:443
159.89.4.80:443
162.216.241.236:443
167.172.45.219:443
174.138.7.112:40065
212.51.144.128:443
3.110.107.80:443
34.29.20.95:443
43.163.210.218:443
45.79.6.132:443
45.9.62.223:443
47.251.70.97:443
62.210.207.211:8000
62.234.202.129:443
66.228.60.47:8000
74.119.195.176:443
79.124.58.134:443
u1.cc0.ir
worker-jolly-unit-e3af.jacobnero11.workers.dev

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-12-17)

http://172.232.123.21
http://37.221.197.42
107.174.115.43:8443
138.68.123.125:40065
138.68.123.125:443
142.93.185.248:8080
16.170.155.141:443
170.64.204.218:443
185.216.68.69:443
185.216.68.70:443
192.46.215.47:443
193.181.23.43:443
194.33.191.214:40056
195.35.25.136:443
216.146.25.85:443
3.149.246.173:443
35.158.7.214:443
37.221.197.42:443
43.138.25.26:443
51.20.113.6:443
62.234.202.129:48892
66.228.60.47:443
87.121.87.101:444
92.220.154.91:8443
aadcdn.nolog.no
accounts.cdcadvania.no
accounts.nolog.no
analytics.nolog.no
apis.cdcadvania.no
apis.nolog.no
cdcadvania.no
content.cdcadvania.no
content.nolog.no
fonts.nolog.no
login.nolog.no
login.test.nolog.no
mail2.nolog.no
myaccount.cdcadvania.no
myaccount.nolog.no
nolog.no
notifications.nolog.no
ogs.nolog.no
play.cdcadvania.no
play.nolog.no
ssl.cdcadvania.no
ssl.nolog.no
test.nolog.no
tysers.ltd
www2.nolog.no
youtube.nolog.no

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-12-24)

http://13.209.21.1
http://139.196.241.226
http://18.116.150.89
http://20.107.115.8
http://206.237.23.155
103.174.114.187:443
124.222.63.238:8020
13.213.218.169:45923
13.38.219.27:443
139.196.241.226:40000
139.84.147.34:443
144.76.182.181:6666
15.188.15.165:443
15.188.62.181:443
18.116.150.89:443
185.196.11.27:8443
193.233.203.168:443
198.13.36.52:8443
198.13.36.52:9443
206.237.23.155:443
206.237.23.155:8443
207.180.215.36:443
3.110.107.80:40069
3.84.191.39:443
31.222.238.48:443
45.120.177.198:443
45.133.216.82:443
45.145.228.123:8080
45.76.184.28:443
62.204.41.67:443
65.20.84.176:443
69.164.199.179:8443
79.133.51.66:443
80.211.65.159:443
80.78.27.224:40056
91.92.250.227:443
91.92.253.137:443
crm.salesatelier.at

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-01)

http://109.206.246.130
http://207.174.28.42
109.206.246.130:30003
109.206.246.130:443
18.216.147.202:443
5.35.34.36:443
achiversacademy.shop
passwordsecurity.cloud
tracktheway.shop
lastpass.passwordsecurity.cloud
v2202304197391224451.megasrv.de
v2202304199058227026.goodsrv.de

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-03)

159.223.92.16:443
172.232.36.73:10443
35.173.234.124:8443
74.119.194.110:8888
85.215.215.94:443
activelifes.shop
authenticateoffice.com
cdn.authenticateoffice.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-05)

http://45.61.187.244
103.59.94.45:443
13.235.254.216:443
146.190.236.181:443
160.238.36.135:8080
179.96.164.30:445
179.96.164.40:445
188.166.39.71:443
64.156.192.19:2222
api.msservice.workers.dev
helpdesktops.com
lightfull.shop
msservice.workers.dev
v2202002114563109588.megasrv.de
v2202311142188246753.nicesrv.de
walbuschgruppe.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-06)

http://20.61.52.34
http://34.239.255.86
http://91.92.251.215
120.26.241.141:8443
139.84.172.20:8443
139.84.172.248:443
161.35.239.147:443
167.99.156.77:443
179.96.164.83:445
185.196.10.126:8443
188.166.39.71:4444
195.90.223.120:443
20.107.115.8:443
213.136.71.179:443
3.110.101.202:443
34.203.229.137:443
34.239.255.86:443
45.126.125.144:443
47.76.181.76:443
8.219.206.59:443
88.119.171.83:443
91.92.251.215:443
91.92.251.215:8443
20402177.xyz
cloud.cy-security.de
dl.info-163.com
esdm-internal.com
ethicalhackersworkshop.com
git.cy-security.de
hc.info-163.com
info-163.com
kasm.cy-security.de
login.microsoft.authenticateoffice.com
lucarne-films.com
microsoft-webservices.com
microsoft.authenticateoffice.com
nadon.net
namyonghospital.net
nvidiaapp.cloud
oxyphyllous.20402177.xyz
thesirenmika.xyz
vpn.cy-security.de

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-15)

http://13.235.248.157
http://193.222.96.163
107.172.57.92:443
125.229.208.221:8080
13.235.248.157:443
141.94.69.198:8443
164.92.79.49:443
172.105.109.228:443
193.222.96.163:7443
20.199.89.215:443
23.94.198.26:443
3.208.22.29:443
47.74.90.4:443
54.185.217.31:443
84.32.188.80:65534
90.46.97.127:4443
app.berkeleyisyou.com
berkeleyisyou.com
cy-security.de
havoc.redethics.online
kesselfoodmarket.com
redethics.online
whoami.cy-security.de

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-17)

http://167.172.80.227
http://172.172.163.9
http://52.66.109.117
138.197.4.123:443
16.62.217.129:443
172.172.163.9:443
20.84.6.140:443
45.126.127.218:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-23)

http://206.237.1.36
http://34.123.166.220
http://98.71.223.72
103.149.91.138:443
13.235.247.85:443
137.184.9.46:443
15.206.164.202:443
157.245.29.228:443
18.117.107.132:443
192.46.228.106:443
195.90.223.120:40056
20.197.230.164:443
206.237.1.36:443
209.97.131.69:443
23.26.55.9:443
34.123.166.220:443
34.123.166.220:6667
34.171.56.109:6667
35.209.123.246:8443
4.246.234.87:443
40.113.134.142:443
43.138.25.26:4431
52.76.234.184:443
64.23.154.205:443
83.97.20.211:443
98.71.223.72:443
99.153.7.177:443
cooltk.asia
ha.redethics.xyz
jamesdesign.blog
lmanage.net
longkey.02561854.xyz
primalbrainhacks.com
redethics.xyz
tradeplayz.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-28)

http://137.117.205.207
http://52.136.223.233
http://89.245.139.188
116.203.129.118:443
137.117.205.207:443
137.117.205.207:4444
141.144.233.60:443
146.70.155.203:443
15.235.130.29:10443
164.92.125.68:443
206.189.139.96:443
3.21.227.143:443
31.192.235.164:443
4.205.75.12:443
52.136.223.233:443
52.136.223.233:4444
89.245.139.188:443
89.245.139.188:4444
96.30.193.6:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-01-31)

http://34.244.129.215
http://79.137.226.104
http://91.92.252.217
http://91.92.253.160
141.136.44.219:4443
34.244.129.215:443
38.242.209.51:443
49.157.28.96:443
50.118.225.41:443
91.92.252.217:10443
91.92.252.217:7443
91.92.253.138:443
98.186.108.222:443
ekfb.site
pgad.emkd.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-02-04)

http://103.195.6.58
http://104.248.249.135
http://122.114.8.164
http://192.46.228.106
http://20.38.38.37
http://54.199.117.47
104.238.60.14:443
124.222.63.23829
13.235.8.98:443
138.197.134.200:8443
143.198.78.107:443
148.135.34.21:443
158.160.65.88:443
164.92.180.123:443
172.105.62.186:443
175.41.143.87:443
18.188.25.88:443
192.52.166.9:443
193.168.141.92:443
193.178.147.164:8010
211.24.117.21:443
3.83.182.180:443
44.200.32.105:443
45.147.250.155:443
47.236.237.46:443
47.76.61.241:443
88.99.150.149:4444
88.99.150.167:4444
88.99.150.167:8080
91.92.253.138:6075
91.92.253.160:6075
91.92.253.204:8080
ambankgruop.store
premier-stream.co.uk
rss-bridge.emkd.ru
www-12.eekal.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-02-12)

http://121.127.33.246
http://122.114.156.104
http://136.54.125.106
http://141.98.168.243
http://18.117.144.139
http://40.90.255.165
http://49.13.149.129
104.236.67.20:443
114.29.237.119:443
124.220.235.28:1002
134.209.244.69:443
141.98.168.243:443
150.143.137.163:443
159.203.167.57:443
159.69.207.158:443
162.55.40.203:443
164.90.233.164:443
165.154.132.129:50013
165.227.122.136:443
168.119.96.5:443
172.105.14.104:443
172.105.14.104:4444
172.202.30.12:443
185.189.196.191:40056
193.178.147.164:443
20.224.11.48:443
3.143.234.125:443
4.255.104.31:443
40.90.255.165:443
43.132.212.200:22694
43.132.212.200:443
45.137.10.34:3333
45.61.159.30:443
45.78.32.214:443
45.79.196.203:4443
45.79.196.203:8080
45.9.191.183:443
49.12.7.88:443
51.103.213.14:443
54.169.174.23:443
61.19.254.6:2123
79.113.86.126:443
91.107.200.181:443
files.paronibarry.net
healthpips.com
microsft-security.com
panel.dalkson.com
qa-dhs.wavenet-solutions.com
reporttest.rubecon.co.za
staging.recruitis.josefbenjac.cz
zqpvr01.sandcats.io

# Reference: https://twitter.com/suyog41/status/1760991549687742771
# Reference: https://www.virustotal.com/gui/file/b8f5012bbc6e16628d3c62486b72ef5e54649ff093d4fa1b73df1961cd820746/detection
# Reference: https://www.virustotal.com/gui/file/6f12b6087b124b6595929cdb14b31f9cf966a8c35a7483332f979b6df2777eef/detection
# Reference: https://www.virustotal.com/gui/file/5e31bc7b8d65336df908bc9bcc6237cc40b7ab08570533415de101874792e70d/detection
# Reference: https://www.virustotal.com/gui/file/24ecad57d387c8d06eb80d1b4769b321fdd0e01a1b0190c7c7ea9e461ad3a659/detection

212.47.244.109:3773
212.47.244.109:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-02-24)

http://13.233.144.170
http://165.227.122.136
http://173.237.206.178
http://178.62.57.69
http://185.236.234.129
http://195.78.220.27
http://35.177.215.200
http://35.178.199.73
http://35.178.199.78
http://45.59.118.25
107.173.118.89:443
138.124.180.245:443
139.84.137.249:443
141.94.221.216:443
146.190.165.243:443
146.70.79.64:443
158.101.163.23:443
159.253.120.2:443
168.119.96.5:40056
18.153.179.54:443
185.236.234.129:443
191.96.53.132:443
192.109.241.139:443
193.239.86.189:443
20.189.118.216:443
23.227.193.214:443
23.88.118.173:443
24.199.107.91:443
3.253.247.39:443
3.84.126.255:443
34.116.205.0:443
34.141.124.126:443
34.76.179.109:443
37.1.210.109:40056
37.1.210.109:443
45.150.67.45:8081
45.55.200.153:443
45.59.118.25:443
45.63.120.163:443
45.78.32.214:8080
47.232.161.146:443
49.13.129.77:443
51.159.175.8:443
51.210.244.254:443
52.184.85.209:443
58.65.172.132:443
88.214.25.240:443
89.116.227.76:443
89.147.111.163:443
94.102.49.161:8080
94.130.169.13:443
94.156.65.16:443
dbdfbd.xyz
digital20.agriprotechx.com
edgarmcneil.autos
glptestasets.com
imperiummalczyc.pl
irenecameron.autos
kendraesparza.autos
laboratoriodiagnosticoescobar.com
linki.one
maribelgould.autos
reneesellers.autos
smtracking.suparamining.swp23.com
wapt.dgcs.cloud

# Reference: https://twitter.com/1ZRR4H/status/1764907546324656458

http://24.199.107.91

# Reference: https://twitter.com/1ZRR4H/status/1767775296441221163

http://124.106.197.167
124.106.197.167:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-03-17)

http://103.139.93.20
http://122.114.10.11
http://122.114.156.47
http://122.114.192.234
http://122.114.192.32
http://122.114.197.147
http://122.114.225.100
http://139.162.36.86
http://193.178.147.164
http://23.95.48.151
http://3.88.102.160
http://3.94.102.197
http://45.137.10.34
http://45.138.157.4
http://47.236.84.82
http://54.221.151.132
http://65.1.107.60
http://69.30.249.147
http://69.30.249.148
http://78.129.165.233
http://81.69.242.185
http://82.67.60.21
http://89.23.107.13
103.113.68.85:443
103.113.68.85:81
103.139.93.20:3306
103.152.254.139:443
115.85.46.21:443
124.106.197.167:4343
124.222.63.238:8029
124.223.215.119:443
124.223.215.119:65413
13.232.135.125:443
139.162.180.174:443
139.180.144.32:9001
15.228.57.29:443
152.136.171.162:4433
157.245.45.26:443
159.69.207.158:40056
161.35.79.43:443
170.187.200.132:443
172.105.0.147:443
172.233.174.11:443
172.247.113.97:8443
173.249.27.72:443
174.138.6.9:443
175.197.65.135:6379
175.197.65.135:8082
185.11.61.57:443
185.130.46.164:443
185.130.46.231:443
185.174.8.138:8080
185.94.164.105:443
188.119.66.163:443
188.40.19.86:443
192.46.228.106:445
194.124.33.109:443
194.124.33.109:8443
194.246.114.147:443
194.26.192.57:443
198.13.47.158:443
20.127.230.167:443
20.127.96.164:443
20.191.195.105:443
20.197.20.154:443
20.244.47.98:443
200.234.235.200:443
206.81.31.145:443
210.2.169.247:443
23.227.193.87:443
23.227.194.177:443
23.227.194.232:443
23.95.48.151:8443
3.35.14.154:443
34.162.156.94:443
34.69.171.116:443
35.193.229.206:443
35.193.229.206:60000
37.1.208.20:443
37.1.208.95:40056
37.1.208.95:443
37.1.210.247:40056
37.1.210.247:443
37.1.212.112:40056
37.1.212.112:443
37.1.214.247:40056
37.1.214.247:443
37.1.214.6:40056
37.1.214.6:443
38.180.91.39:443
39.105.194.87:443
43.138.70.217:443
45.134.9.138:443
45.134.9.140:443
45.144.31.57:40000
45.144.31.57:8080
45.8.146.116:443
45.87.246.76:443
46.37.96.110:443
47.122.6.179:443
47.236.84.82:443
5.161.64.218:443
51.195.91.31:4443
51.195.91.31:8080
54.209.66.233:443
54.221.151.132:443
62.182.80.97:56432
64.227.179.34:40056
69.30.249.148:443
69.30.249.148:81
78.40.117.84:443
8.130.10.159:443
8.219.183.36:443
81.69.242.185:443
81.94.150.166:443
81.95.8.174:443
89.116.22.214:443
89.23.103.208:443
89.23.107.13:443
91.92.246.48:443
91.92.253.59:443
92.39.211.142:4444
93.185.167.79:443
94.156.66.44:443
94.156.67.244:443
94.156.67.85:443
94.232.45.42:443
accept.gbdvs.shop
bignas.shop
cardiochallenge.at
fresocialcasinogames.com
gbdvs.shop
kardiocentrumnitra-fingera.com
kcrn.sk
smtracking.web_hassinezarrat.swp23.com
test-control.rnb-team.com
time.vmupdate.org
vmupdate.org
www2.laboratoriodiagnosticoescobar.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-03-24)

http://114.130.36.121
http://8.219.183.36
103.81.38.242:443
124.106.197.167:4242
139.162.51.167:443
155.138.229.25:443
159.65.212.61:443
162.33.177.165:443
165.22.72.160:443
172.172.152.168:443
172.178.112.227:443
172.247.113.106:8443
176.120.75.169:443
185.22.155.92:443
185.248.143.18:8443
192.227.234.164:443
193.149.189.103:55006
193.239.86.163:443
207.148.73.248:443
23.227.193.238:443
4.153.122.111:443
45.134.9.138:41056
45.78.32.214:40056
46.17.107.164:443
52.27.42.38:443
62.234.28.147:443
64.23.181.57:443
64.23.185.215:443
65.108.19.239:443
79.174.95.201:443
82.157.236.128:6443
83.166.150.213:4443
92.116.36.5:443
92.116.37.169:443
92.116.39.103:443
92.116.39.245:443
95.179.171.52:443

# Reference: https://twitter.com/banthisguy9349/status/1773009385259708808

45.87.246.76:8000

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-03-31)

http://16.16.187.254
http://165.232.68.248
http://185.239.209.56
http://3.86.233.198
http://52.173.131.28
http://54.84.224.146
http://77.232.143.114
101.33.35.171:10000
110.40.133.81:443
140.246.157.86:4433
165.232.68.248:443
185.94.165.191:443
192.52.166.37:443
20.79.165.186:443
45.134.9.139:41056
45.134.9.140:41056
45.77.255.164:443
5.181.20.63:443
52.173.131.28:443
54.84.224.146:443
62.171.158.126:8080
64.23.140.175:443
64.23.230.161:443
77.232.143.114:443
81.43.22.249:443
81.43.23.68:443
92.116.36.151:443
92.116.36.212:443
92.116.37.117:443
92.116.37.99:443
92.116.39.126:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-04-07)

http://104.236.70.31
http://110.40.133.81
http://141.164.57.125
http://161.35.138.53
http://193.124.205.100
http://3.83.189.245
http://37.114.41.230
http://45.156.85.187
101.33.35.171:8081
103.20.60.248:443
104.236.70.31:443
104.248.44.99:443
137.220.197.178:443
137.220.197.178:8443
137.220.197.198:443
137.220.197.198:8080
137.220.197.198:8443
141.164.57.125:443
141.164.57.125:8080
149.88.67.40:443
151.236.220.113:443
151.80.152.122:443
154.12.179.67:10000
154.90.63.63:443
159.65.173.112:9443
162.33.177.165:40056
165.22.39.29:443
172.233.120.154:443
172.233.230.75:443
185.149.146.252:443
194.246.114.147:40050
207.180.230.175:443
217.196.60.141:443
3.111.169.215:443
38.55.201.92:443
45.152.115.131:8000
47.238.200.165:443
47.243.188.147:443
62.72.26.78:443
64.176.224.27:443
8.217.88.225:443
81.43.22.106:443
86.104.72.149:443
86.125.229.50:443
92.116.36.36:443
93.127.163.159:4433

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-04-10)

http://13.82.179.86
http://137.220.197.178
http://147.45.136.226
http://15.222.252.34
http://154.12.179.67
http://165.227.223.174
http://167.172.246.65
http://167.71.105.169
http://18.206.197.222
http://18.253.226.108
http://185.150.26.240
http://195.35.16.247
http://3.250.35.163
http://34.142.80.46
http://39.106.250.105
http://45.156.85.187
http://45.32.100.118
http://68.183.56.211
http://8.137.171.164
http://80.78.22.18
http://94.156.65.156
http://95.217.210.118
101.43.211.59:443
101.99.94.224:4433
103.195.6.58:443
103.215.80.54:443
103.249.112.105:8181
103.249.112.118:8181
103.30.17.17:443
103.82.132.120:443
103.82.132.120:8443
103.82.195.234:443
103.82.195.234:8443
103.82.36.91:443
103.82.36.91:8443
108.34.181.65:443
119.45.176.135:443
122.248.198.64:443
124.220.235.28:1003
13.82.179.86:443
137.184.78.220:443
138.197.134.200:443
138.197.28.158:443
138.197.28.158:8080
138.197.80.243:443
142.93.142.34:443
143.198.237.101:443
143.244.200.146:443
144.202.47.116:443
146.190.60.217:443
147.45.149.10:443
147.45.79.42:443
147.78.103.182:443
157.230.66.27:443
159.223.0.103:443
159.69.195.86:443
16.16.233.72:443
16.171.148.52:443
164.215.103.89:443
164.92.80.224:443
165.22.72.160:40056
165.227.136.196:443
165.227.223.174:443
167.114.90.243:443
167.172.246.65:443
167.71.105.169:443
170.64.140.92:443
170.64.210.247:443
170.64.231.144:443
172.105.81.73:443
172.210.41.151:443
172.233.120.154:40056
178.128.134.221:443
178.128.22.83:443
18.118.8.124:443
18.177.137.182:443
18.253.226.108:443
185.140.12.198:443
185.196.11.251:443
185.62.58.73:443
191.96.1.195:443
192.162.68.201:443
193.226.15.100:443
194.87.106.163:443
195.123.226.83:443
195.35.16.247:443
195.35.16.247:8443
20.186.89.88:443
207.180.230.175:40056
207.180.230.175:9443
207.231.109.20:808
210.3.101.68:443
23.95.61.136:29443
3.105.212.12:443
3.105.98.157:443
3.249.36.72:443
3.250.35.163:443
31.192.107.143:443
31.192.107.143:8443
31.220.80.82:1234
31.220.80.82:8443
31.42.185.190:443
31.42.185.190:8443
34.210.168.103:443
35.192.76.216:443
35.89.154.15:4443
39.106.250.105:443
43.132.130.145:443
43.135.55.212:10000
43.135.55.212:8080
43.143.170.206:443
44.222.74.172:443
45.133.238.227:443
45.137.155.36:443
45.137.155.47:443
45.137.155.52:443
45.14.246.124:443
45.14.246.53:443
45.15.158.15:6969
45.153.229.132:443
45.59.118.122:443
45.76.190.37:443
45.87.155.112:443
47.236.151.19:443
47.245.38.152:443
49.13.151.150:443
49.13.214.35:443
5.42.85.10:443
5.42.85.10:8443
50.114.37.38:443
50.114.37.38:8443
51.15.225.131:443
51.15.249.226:443
51.8.90.242:443
54.66.9.58:443
54.78.161.42:443
62.169.25.187:443
65.109.58.235:443
66.78.40.230:443
68.183.56.211:443
74.208.123.12:443
74.208.123.12:8443
77.232.143.114:40056
77.91.74.239:443
8.140.193.181:8443
80.76.32.4:443
80.87.206.160:2080
80.87.206.160:8443
81.43.24.55:443
86.60.160.90:443
87.121.69.206:3306
88.214.26.33:8443
89.38.225.168:4433
91.225.218.38:443
91.238.181.233:8443
91.92.250.2:4433
91.92.252.107:443
94.156.65.156:443
94.156.65.156:4433

# Reference: https://x.com/banthisguy9349/status/1796211325242135021

174.138.24.101:443

# Reference: https://twitter.com/ShanHolo/status/1787551650493747688

/Shhhavoc.py

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-06-15)

http://103.152.255.69
http://103.245.39.231
http://104.248.223.131
http://107.175.115.199
http://107.175.115.91
http://13.51.174.30
http://138.197.37.104
http://146.190.122.253
http://155.138.144.27
http://159.100.29.70
http://159.203.143.205
http://159.223.0.103
http://159.65.114.122
http://159.65.12.129
http://172.172.150.146
http://185.140.12.198
http://193.149.189.27
http://195.123.225.88
http://20.83.27.106
http://20.93.16.228
http://200.234.232.64
http://202.169.39.4
http://43.138.25.26
http://45.32.233.38
http://47.101.67.119
http://47.236.36.46
http://47.243.185.50
http://47.76.120.184
http://54.157.194.229
http://93.123.39.194
http://98.64.127.186
1.34.91.90:8080
100.27.0.53:443
103.151.111.138:443
103.245.39.231:443
103.82.194.41:443
104.248.223.131:443
104.248.34.11:443
107.172.57.113:443
107.175.115.91:18189
107.175.115.91:443
107.175.115.91:8443
109.123.234.20:443
118.33.178.150:8880
121.127.33.107:53
121.127.33.246:38442
121.37.252.50:443
122.248.226.169:443
122.51.194.153:8888
123.60.181.176:443
128.199.184.87:10000
128.199.184.87:443
13.231.126.178:443
13.49.238.38:443
13.55.48.44:443
13.60.83.83:443
138.124.180.93:7443
138.197.37.104:443
138.2.135.17:8080
143.110.211.214:443
143.110.211.214:50001
146.190.122.253:47001
147.135.92.77:443
147.45.136.226:443
15.164.161.42:4443
152.89.92.204:443
155.138.144.27:443
157.245.117.178:443
158.160.140.150:443
158.160.166.214:443
158.160.172.199:443
159.203.143.205:443
159.65.114.122:443
159.65.12.129:443
16.171.84.168:443
162.216.243.183:443
162.216.243.61:443
162.238.154.3:2000
164.90.253.167:443
165.227.79.41:443
167.179.81.150:800
172.105.76.71:443
172.172.150.146:443
172.173.169.179:443
172.207.80.170:443
174.138.103.97:40056
174.138.23.208:443
176.107.154.149:443
178.128.170.218:443
18.118.127.83:443
18.188.159.82:443
18.206.197.222:443
181.237.195.93:8443
182.30.4.130:443
185.142.184.203:443
185.196.11.117:443
185.208.158.37:443
185.22.64.121:40056
185.22.64.121:443
185.245.61.76:443
192.3.86.166:2096
192.46.232.196:443
193.122.115.146:443
193.149.189.27:443
194.246.114.20:443
194.67.207.216:443
194.87.148.48:443
195.123.225.88:443
195.77.176.178:443
198.46.215.32:443
20.21.130.76:443
20.55.194.105:443
20.56.35.166:9443
200.234.232.64:8443
202.169.39.4:443
207.148.125.4:443
209.38.50.170:443
212.47.244.109:40056
212.47.247.193:443
23.177.56.78:443
3.106.207.57:443
3.145.14.200:443
3.26.243.129:443
3.74.121.88:23175
3.99.177.194:443
34.221.207.33:8443
34.242.178.11:443
34.30.75.53:443
35.178.232.65:443
35.90.91.89:443
35.95.145.156:8443
37.114.42.26:443
37.27.47.248:443
38.207.176.36:9999
38.242.151.91:443
38.60.203.99:443
39.96.169.89:443
41.216.183.135:8443
43.134.47.80:2096
43.143.170.206:8443
43.155.16.246:443
44.200.252.252:443
44.211.3.42:443
45.153.70.148:443
45.32.100.118:443
45.33.97.250:443
45.88.91.78:8443
45.92.9.110:443
45.95.234.87:443
45.95.234.87:8888
46.101.3.161:443
46.183.25.51:443
47.236.116.179:443
5.188.86.231:8443
5.252.176.53:443
5.42.104.202:443
51.15.225.131:40056
51.20.124.126:443
51.8.82.12:40056
52.170.209.28:443
52.200.215.252:443
52.40.136.42:443
54.157.194.229:443
54.174.87.114:40056
54.174.87.114:443
54.203.168.251:443
54.227.37.24:443
54.71.125.251:7443
62.234.162.181:8443
63.250.56.156:8088
63.250.56.164:8008
64.225.27.95:443
65.109.237.32:4443
66.228.59.65:443
74.235.204.9:443
74.249.96.36:443
74.48.115.132:443
77.232.137.28:443
78.41.139.60:443
79.137.117.20:443
79.137.117.24:443
79.141.173.238:443
8.147.119.54:443
81.43.243.155:443
81.43.27.250:443
81.70.190.242:443
82.153.138.180:10443
82.168.162.65:443
85.31.238.253:443
86.104.72.20:443
86.48.7.17:443
87.106.230.151:64443
87.249.50.32:443
87.249.50.32:8888
89.116.236.42:443
89.117.1.117:14431
91.132.95.28:10443
91.210.107.202:30252
91.210.107.202:443
91.237.124.162:443
91.245.255.64:443
91.245.255.99:443
91.92.245.27:443
91.92.245.65:4433
91.92.255.178:443
93.123.39.168:443
93.123.39.194:443
94.156.68.220:443
94.156.69.89:443
94.20.154.243:443
95.144.6.229:443
99.79.63.116:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-06-22)

http://149.28.147.99
http://149.28.153.80
http://195.123.219.150
http://45.32.128.142
110.175.49.3:443
121.45.71.8:443
139.59.161.102:443
144.34.163.218:443
149.28.147.99:443
149.28.153.80:443
159.65.114.122:8443
172.233.121.249:443
176.97.124.217:443
182.30.23.115:443
185.38.142.151:443
194.156.98.101:443
195.123.219.150:443
198.23.173.178:60012
20.51.213.216:443
207.154.199.92:443
35.209.99.39:443
45.32.128.142:443
45.61.135.31:443
45.77.190.71:443
5.181.159.86:443
5.252.177.220:443
64.7.199.244:443
74.119.193.120:443
81.43.20.223:443
91.231.186.203:443
98.66.154.97:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-07-07)

http://144.24.16.54
http://164.90.128.199
http://185.236.78.56
http://51.158.70.117
http://92.118.112.10
http://98.66.155.188
103.252.116.243:443
104.238.57.234:443
141.98.233.72:443
144.24.16.54:443
144.91.76.242:44300
146.70.113.159:443
146.70.113.159:50025
150.158.53.58:9200
159.223.0.103:42069
163.172.136.161:443
164.90.128.199:443
167.71.47.133:443
172.104.157.219:443
172.232.44.70:443
185.208.158.176:443
185.236.78.56:443
204.13.232.251:443
206.188.196.135:8443
220.133.126.65:8080
220.133.126.65:9200
34.155.186.128:443
34.163.119.131:443
38.147.162.174:443
38.180.7.161:443
47.94.110.53:9999
5.42.221.151:60606
51.158.70.117:443
52.59.102.101:23175
52.88.83.125:443
54.254.249.67:443
62.234.162.181:443
63.250.56.42:81
63.250.56.42:8443
63.250.56.42:88
66.70.202.83:443
77.105.142.52:443
8.220.193.117:7144
81.169.158.60:443
81.169.158.60:8443
81.19.141.238:443
81.43.24.131:443
81.82.57.202:55000
84.46.244.20:1999
85.215.215.94:41057
85.215.215.94:8443
88.2.202.148:443
91.92.241.13:8443
92.118.112.10:443
94.102.49.161:55001
94.154.34.100:443
94.156.68.252:8443
94.156.8.20:443
98.66.155.188:443
anchondrica.info
dev2.stocktok.io
ec2-13-233-144-170.ap-south-1.compute.amazonaws.com
ec2-13-235-248-157.ap-south-1.compute.amazonaws.com
ec2-13-235-8-98.ap-south-1.compute.amazonaws.com
ec2-15-206-164-202.ap-south-1.compute.amazonaws.com
ec2-175-41-143-87.ap-southeast-1.compute.amazonaws.com
ec2-18-153-179-54.eu-central-1.compute.amazonaws.com
ec2-3-84-126-255.compute-1.amazonaws.com
ec2-34-244-129-215.eu-west-1.compute.amazonaws.com
ec2-52-76-234-184.ap-southeast-1.compute.amazonaws.com
ec2-54-169-174-23.ap-southeast-1.compute.amazonaws.com
ec2-54-199-117-47.ap-northeast-1.compute.amazonaws.com
infodigitalbusiness.com
itconsultoriayseguridad.com
mybadsite.com
ossadmin.site
seetoo.ossadmin.site
senesolde.com
strykercp.com

# Reference: https://x.com/drb_ra/status/1811654200377385220
# Reference: https://x.com/9823f_/status/1811803065202167967

167.88.32.99:443
dawpa2000.com
giggitygiggitygoogle.com
goasi.com
halovoltage.biz
oakleyeng.com
t11.ca

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s.csv

http://101.42.21.172
http://104.208.90.240
http://104.248.0.193
http://146.70.71.176
http://154.64.253.182
http://20.243.212.181
http://20.3.244.24
http://210.2.169.247
http://27.32.139.82
http://34.253.213.248
http://52.136.201.239
http://54.255.248.29
http://8.138.98.254
http://80.82.77.211
http://94.232.249.73
101.42.21.172:443
103.185.44.231:443
107.191.57.153:443
109.164.100.56:1998
111.118.36.69:443
111.229.10.136:443
137.184.45.196:443
138.197.79.113:443
144.91.76.242:40056
146.59.15.195:443
147.189.168.82:6005
154.40.45.232:443
154.64.253.182:443
157.20.182.103:443
160.238.36.135:9200
164.92.235.130:443
170.64.131.82:443
171.33.119.178:443
172.233.85.110:443
176.96.226.8:443
178.128.53.71:8443
18.198.52.32:23175
185.140.12.198:8888
185.142.184.125:443
185.165.171.49:443
185.180.199.67:443
185.228.234.171:443
185.244.150.231:443
193.200.16.245:443
194.233.92.148:443
194.36.171.35:389
194.36.171.35:443
194.55.186.206:443
20.127.222.106:443
20.185.144.222:443
20.199.78.13:443
201.92.137.48:8081
210.2.169.205:443
23.123.90.188:443
23.95.61.136:61057
27.54.170.50:4444
3.89.81.54:443
34.253.213.248:443
38.45.65.99:443
38.45.65.99:8080
38.45.65.99:8443
38.54.4.112:443
38.54.76.41:443
4.180.20.2:8443
43.156.57.179:443
43.205.101.205:443
45.11.92.100:443
45.129.13.135:40000
45.15.143.151:8443
45.231.133.54:443
45.66.231.211:443
46.161.15.203:443
51.195.138.219:443
51.195.138.219:8443
52.205.241.18:443
52.207.232.114:443
52.237.200.231:443
54.153.244.10:443
54.255.248.29:443
64.176.219.139:443
65.20.70.73:443
79.110.49.51:443
8.222.235.145:443
80.211.228.62:443
80.82.77.211:443
80.87.206.197:443
82.180.133.1:443
82.223.120.182:443
84.247.185.157:443
91.92.252.73:443
94.156.66.181:443
94.232.249.73:443

# Reference: https://x.com/JAMESWT_MHT/status/1815399555183034464
# Reference: https://app.any.run/tasks/7662f569-af72-4c37-a1ed-f4ef3d14c0a7/

74.119.195.176:4443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-03)

http://159.223.11.215
http://94.156.65.211
104.209.44.61:443
104.248.0.193:443
104.248.131.123:1337
104.248.223.131:40056
105.189.46.254:443
119.28.83.149:8443
122.114.198.43:443
137.74.197.73:443
139.84.139.17:443
142.171.31.154:10001
143.244.212.99:443
143.244.212.99:8080
146.190.72.88:443
154.38.167.90:443
158.247.198.34:443
158.247.203.218:8443
164.68.102.235:443
174.51.23.126:443
194.154.146.234:443
196.112.189.186:443
20.243.212.181:443
207.148.113.73:443
23.225.14.17:7443
3.80.74.240:443
45.131.46.215:443
45.131.46.228:443
45.66.231.137:443
52.31.123.152:40056
65.109.58.235:40056
66.70.202.85:9000
77.90.37.165:443
81.17.25.9:443
91.206.14.228:44511

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-08-10)

http://194.87.69.245
http://52.166.219.203
http://8.220.219.76
103.193.178.32:443
108.160.128.66:443
154.216.20.40:443
154.223.21.197:443
172.104.187.12:443
173.230.135.186:443
18.231.222.20:443
185.247.226.166:7443
194.87.69.245:443
194.87.69.245:53
200.234.228.208:8085
200.234.228.208:8443
3.6.115.182:18737
45.141.87.10:443
47.121.115.154:443
52.151.251.216:443
64.176.44.34:443
66.70.202.85:443
81.43.22.192:443
91.227.114.51:443
91.92.241.141:82

# Reference: https://x.com/HackingLZ/status/1824236568430690668

136.144.160.175:8080

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-18)

http://108.143.97.221
http://111.229.35.187
http://13.231.179.125
http://13.49.225.100
http://138.201.163.183
http://142.93.65.165
http://149.248.79.228
http://159.203.168.216
http://165.227.177.7
http://20.188.119.195
http://54.202.144.36
103.175.221.174:443
103.29.190.28:443
104.248.207.116:443
105.189.9.90:443
111.229.35.187:443
136.144.160.175:443
139.59.161.102:40056
142.93.65.165:443
142.93.65.165:8443
159.203.168.216:443
159.203.168.216:8443
159.203.168.216:9443
165.227.177.7:443
180.131.145.178:8000
193.122.89.13:7443
194.238.19.162:8082
195.200.4.244:443
198.7.124.125:443
2.201.175.217:443
20.188.119.195:443
201.68.220.23:8081
3.87.184.184:443
3.87.184.184:8443
34.220.13.70:443
36.229.191.191:443
37.27.41.167:443
45.135.180.100:443
45.158.13.30:443
47.116.165.7:443
47.99.83.224:443
62.233.53.224:443
66.42.63.166:443
68.183.155.253:443
70.34.222.167:443
70.34.222.167:50001
80.76.42.226:443
80.76.42.226:53
85.192.41.70:8443
91.92.245.253:10443
95.141.43.71:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-24)

http://162.55.40.203
121.127.33.23:443
122.51.240.117:6379
154.26.210.97:8080
172.214.182.168:443
192.241.157.109:8443
194.26.232.247:443
194.26.29.243:443
194.26.29.243:8443
198.23.173.178:7788
20.109.43.28:443
20.121.116.0:443
20.233.17.19:443
23.225.14.17:443
3.79.115.249:443
35.152.60.226:443
35.152.60.226:445
40.116.101.15:443
52.14.69.122:443
64.227.157.114:443
85.214.91.184:443
91.92.245.253:7443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-08-25)

http://172.214.182.168
http://40.116.101.15
http://45.61.137.232
http://52.233.199.88
http://75.119.136.117
192.169.6.122:40056
20.109.43.28:8080
75.119.136.117:443

# Reference: https://x.com/malwrhunterteam/status/1829109740485349760
# Reference: https://www.virustotal.com/gui/file/71f409086f2c11bc9736d54810300bd3d5ea8e35f1f8610ca164440deb828de5/detection

nginx-imfi.fcv3.1197883384467965.cn-hangzhou.fc.devsapp.net

# Reference: https://blog.talosintelligence.com/threat-actors-using-macropack/

http://122.114.166.92

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-08)

http://13.81.120.19
http://137.184.244.10
http://143.198.143.45
http://165.232.130.11
http://18.197.128.230
http://20.109.43.28
http://3.79.146.22
http://45.61.137.180
http://52.58.188.221
102.135.199.82:443
106.75.226.114:9001
106.75.226.114:9010
118.25.19.148:40056
122.114.141.214:443
123.207.42.39:2083
125.124.188.121:40056
137.184.101.173:4005
16.171.150.224:9443
163.172.167.168:443
165.227.168.67:443
165.227.81.186:4433
167.99.82.188:443
170.64.192.242:443
170.64.225.124:443
170.64.254.168:443
172.236.19.11:443
172.86.75.37:8443
18.101.137.47:8443
18.102.61.167:443
185.141.35.22:2625
185.142.184.204:443
185.198.234.7:443
185.208.158.43:443
185.246.189.126:7443
185.26.96.208:7443
185.40.251.46:443
185.62.56.81:443
194.26.232.247:40056
20.3.244.24:443
20.4.75.5:443
209.208.110.104:8082
209.208.110.104:8088
3.86.94.200:443
31.220.80.82:8085
44.203.4.194:443
45.125.67.73:443
45.61.137.180:443
45.87.247.55:443
45.89.247.93:443
45.95.232.41:443
46.29.162.93:443
5.206.224.211:443
5.206.224.218:443
52.189.253.111:443
72.5.42.209:443
81.244.241.171:4443
98.71.215.235:8443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2024-09-08)

http://122.51.240.117
http://172.236.19.11
http://185.198.234.7
101.42.21.172:8080
143.198.143.45:443
194.156.98.150:443
40.116.101.15:8080
91.92.241.141:8082

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2025-09-09)

http://23.88.32.34
172.232.142.127:443
194.165.16.32:443
47.76.26.254:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-14)

142.93.236.252:40056
142.93.236.252:443
207.189.164.112:443
45.152.64.245:443
45.66.231.229:443
54.93.40.26:443
89.187.28.133:443
91.92.247.158:9090

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22)

http://13.93.69.87
100.42.189.154:443
146.190.230.162:443
15.161.134.59:443
152.250.151.174:8081
164.92.163.29:443
169.1.16.29:443
172.214.182.168:8080
172.233.121.249:40056
185.216.68.105:443
212.193.30.11:443
212.193.30.11:8888
3.91.193.187:443
4.196.75.0:443
45.89.126.26:443
52.230.23.114:8443
57.129.16.213:443
66.228.42.244:443
67.205.141.0:8443
8.209.253.194:443
8.219.169.226:443
89.22.234.92:8443
92.60.77.97:443
97.107.134.79:443

# Reference: https://app.validin.com/detail?find=f0003fecc5f9c8c2cbac&type=hash#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/file/ae3b7072916b3897e67caa4fd01f589a18643d339e5138c3ba103c47219c0241/detection

103.106.228.51:443
13.51.193.253:443
138.197.18.143:443
145.220.74.141:443
146.185.22.149:443
147.78.103.165:443
18.133.180.232:443
18.183.146.250:443
18.198.246.147:443
185.112.83.110:443
194.147.71.19:443
23.106.223.105:443
3.110.162.232:443
3.111.47.205:443
46.101.70.245:443
54.198.14.125:443
54.248.210.150:443
54.81.29.31:443
65.0.99.75:443
69.30.249.150:443
103-152-255-69.cprapid.com
13-51-193-253.plesk.page
137-184-45-196.cprapid.com
137-184-45-196.ipv4.staticdns3.io
140.ip-176-31-163.eu
143-198-143-45.cprapid.com
161-35-239-147.cprapid.com
165-227-168-67.cprapid.com
18-133-180-232.cprapid.com
74.ip-51-255-45.eu
abbick.cc
accerte-grupopmzpromocaoparceiro.if00d.com.br
angry-rosalind.13-51-193-253.plesk.page
app2.t1.fabian-schneider.de
autotransportcompany.info
bazcyber.ifood.tec.br
charlie-twice.suiteb.io
chase0line0010.duckdns.org
cloud1.cartiermarketingcloudserver.com
cpanel.chase0line0010.duckdns.org
cpanel.onlinechase000.duckdns.org
cpcontacts.chase0line0010.duckdns.org
cpcontacts.onlinechase000.duckdns.org
crazyskiller2024.com
curriculodeantoniojosesilva.if00d.com.br
cyberdma.org
dashboard.t1.fabian-schneider.de
early1.com
foodguard-pro.com
frnkln.cloud
gaf.azureadsync.com
goodiegoal.com
grafana.mattera.io
ha.redethics.xyz
habib.inalum.web.id
hadoop-master.swintlsone.com
hev.ifood.tec.br
hugport.com
hyrule-nkucpgrm.cycura.ninja
if00d.com.br
iglensonc2.com
interatelleifoodsempre.if00d.com.br
ip85.ip-66-70-202.net
jokmaximbloggers.com
kafaka-node1.nikecloudsrv.com
lakawoot.xyz
live-account.early1.com
live-login.early1.com
live-outlook.early1.com
logicaliseifooddiversaogarantida.if00d.com.br
mail.143-198-143-45.cprapid.com
mail.161-35-239-147.cprapid.com
mail.abbick.cc
mail.chase0line0010.duckdns.org
mail.onlinechase000.duckdns.org
maxoutblogers.com
moinhoeifoodmesjuninopromocao.if00d.com.br
mom1mall.com
ms-account.early1.com
msoobe.com
my.early1.com
newyrgoalz.com
ns1.pantraveler.com
onedrive.early1.com
onlinechase000.duckdns.org
pa1mall.com
peaklemoreblog.com
petzsupersecao-ifoodvouchercolaboradores.if00d.com.br
pna-logicalis.if00d.com.br
poste-pay.confermazione-online-della-verifica.dns05.com
postepay.confermazione-online-della-verifica.dns05.com
pro.gestao21.eco.br
prometheus.mattera.io
purplenovembro.if00d.com.br
rec.solucaoambiental.eco.br
runtime.gphosting.de
seetoo.ossadmin.site
siptestasets.com
standoff365.site
strykercp.com
t1.fabian-schneider.de
tacticc.site
techspx.duckdns.org
test.waf.ovh
update.suiteb.io
updategenius.tech
use-datasystem.securityx.com.br
valentines.early1.com
vibrant-proskuriakova.185-228-234-171.plesk.page
vks18885.ip-176-31-163.eu
vps-22ee9484.vps.ovh.net
vps-adb56384.vps.ovh.net
vps683982.ovh.net
webexcelsior.org
webmail.onlinechase000.duckdns.org
wiki.game-paradise.de
z8h.lex.fo

# Reference: https://www.virustotal.com/gui/file/1be047069ed08063ba280dccc9fb13af6856e08f50f1ce52236bff434b0a4f4b/detection
# Reference: https://www.virustotal.com/gui/file/5eae4826346083deff47bbac8db86f3c1fd3deaaadf051d85e07a97388dcaa66/detection

http://181.215.135.141
181.215.135.141:443

# Reference: https://www.virustotal.com/gui/file/482a86391842a2b869ffd38af0dbfa96de7501a92986e644b54d8ae731bdaf64/detection
# Reference: https://www.virustotal.com/gui/file/ab963f165c5269b14b0275a2b25f2e1110a7e3ca903324e106701a4167026270/detection

http://84.201.150.223
84.201.150.223:443
84.201.150.223:8443

# Reference: https://www.virustotal.com/gui/ip-address/34.27.109.111/detection

34.27.109.111:443

# Generic

/Havoc/payload/
/Havoc/payloads/
/havoc-handler.rc
