# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/KorbenD_Intel/status/1406007597027708933
# Reference: https://twitter.com/AcooEdi/status/1409265045200986112
# Reference: https://github.com/its-a-feature/Mythic
# Reference: https://www.virustotal.com/gui/file/3560fce6eb996380b8daf223fe10d55086b9582593c6e2f62511cc5995f18005/detection
# Reference: https://www.virustotal.com/gui/file/8043d6c07fbd1e122c91eedf782c6ed7a539ab089a0eab48a50b2ab71127fa51/detection

20.86.10.75:7443

# Reference: https://twitter.com/MichalKoczwara/status/1438943089528348680

106.52.103.154:7443
107.155.81.125:7443
143.198.42.198:7443
157.230.93.100:7443
172.105.254.138:7443
194.5.212.165:7443
35.244.90.180:7443
52.13.1.165:7443
8.130.55.52:7443

# Reference: https://twitter.com/benkow_/status/1542047469860683777

cryptolvl-rsa-check.com

# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_All.csv
# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_Mythic.txt

101.35.90.253:7443
101.99.94.107:7443
103.134.19.125:7443
103.134.19.126:7443
103.140.187.203:7443
104.248.136.18:7443
104.248.88.172:7443
107.152.47.92:7443
107.174.68.34:7443
107.191.62.175:7443
109.248.6.210:7443
109.248.6.212:7443
109.248.6.225:7443
109.248.6.231:7443
109.248.6.250:7443
111.90.151.110:7443
121.196.173.138:7443
121.37.166.111:7443
124.156.19.110:7443
124.221.250.89:7443
13.214.180.60:7443
13.51.87.2:7443
13.55.56.50:7443
13.69.157.231:7443
130.51.20.132:7443
134.0.116.185:7443
134.122.109.56:7443
134.209.28.232:7443
135.181.207.18:7443
137.184.207.189:7443
137.184.3.67:7443
138.197.142.113:7443
138.68.127.9:7443
138.68.76.238:7443
139.144.19.118:7443
139.162.38.59:7443
139.59.144.58:7443
139.59.249.255:7443
139.59.72.48:7443
139.84.192.189:7443
139.84.227.243:7443
139.84.230.205:7443
139.99.89.117:7443
142.44.129.32:7443
142.93.141.182:7443
142.93.166.252:7443
142.93.246.237:7443
142.93.60.235:7443
143.110.176.131:7443
143.110.178.9:7443
143.110.217.151:7443
143.198.191.206:7443
143.198.226.82:7443
144.91.122.255:7443
145.131.8.169:7443
145.239.197.84:7443
146.190.38.149:7443
147.182.157.114:7443
147.182.231.226:7443
149.28.133.118:7443
149.28.136.54:7443
149.56.109.219:7443
152.136.200.244:7443
154.180.67.196:7443
157.230.93.100:7443
157.245.137.41:7443
158.160.3.23:7443
159.203.182.27:7443
159.203.59.54:7443
159.223.193.246:7443
159.223.194.254:7443
159.223.234.22:7443
159.223.7.193:7443
159.89.190.80:7443
159.89.191.115:7443
159.89.229.33:7443
159.89.53.38:7443
16.170.83.102:7443
16.171.18.142:7443
16.171.58.136:7443
160.20.147.34:7443
161.35.186.219:7443
164.90.158.199:7443
164.92.110.36:7443
164.92.72.33:7443
164.92.88.164:7443
165.227.45.251:7443
165.232.130.91:7443
165.232.174.143:7443
165.3.120.26:7443
167.88.180.75:7443
167.99.194.103:7443
170.187.201.243:7443
172.104.138.192:7443
172.104.175.112:7443
172.105.254.138:7443
173.255.226.84:7443
173.82.110.148:7443
177.124.72.24:7443
178.154.194.63:7443
178.62.99.183:7443
179.43.170.197:7443
18.133.78.17:7443
18.156.197.101:7443
185.117.90.224:7443
185.158.94.217:7443
185.16.39.178:7443
185.173.34.42:7443
185.187.169.34:7443
185.21.191.88:7443
185.215.180.99:7443
185.225.68.201:7443
185.225.68.202:7443
185.225.73.249:7443
185.237.15.89:7443
185.238.32.198:7443
185.245.182.209:7443
185.62.57.120:7443
188.225.73.137:7443
191.252.220.58:7443
192.3.255.153:7443
192.34.58.198:7443
193.41.237.173:7443
193.56.255.153:7443
194.156.120.146:7443
194.233.164.157:7443
194.233.68.172:7443
194.5.212.74:7443
195.97.212.20:7443
195.97.212.50:7443
20.106.123.23:7443
20.151.239.27:7443
20.163.220.14:7443
20.203.101.185:7443
20.220.187.29:7443
20.97.116.145:7443
204.44.85.16:7443
205.126.0.212:7443
207.148.5.58:7443
208.67.105.91:7443
208.68.38.191:7443
209.249.134.13:7443
209.249.134.3:7443
209.249.134.6:7443
216.153.57.94:7443
23.239.29.223:7443
23.94.40.126:7443
3.128.135.199:7443
3.133.152.144:7443
3.141.125.92:7443
3.212.113.251:7443
3.238.253.222:7443
3.27.5.90:7443
3.6.38.215:7443
3.64.133.252:7443
3.69.214.254:7443
3.80.39.181:7443
3.87.23.190:7443
34.133.122.8:7443
34.150.132.170:7443
34.215.75.141:7443
34.238.7.53:7443
34.240.115.152:7443
34.28.16.242:7443
34.67.166.244:7443
35.202.0.124:7443
35.78.243.160:7443
35.93.101.223:7443
35.93.133.191:7443
37.139.128.156:7443
37.187.123.146:7443
38.242.229.200:7443
40.69.93.39:7443
43.142.174.15:7443
43.142.60.207:7443
43.154.218.210:7443
43.156.134.248:7443
43.206.136.41:7443
45.133.238.221:7443
45.143.201.95:7443
45.147.228.52:7443
45.148.120.192:7443
45.32.100.15:7443
45.79.213.188:7443
45.87.154.87:7443
45.9.191.137:7443
46.101.153.42:7443
46.243.186.22:7443
47.250.53.207:7443
47.96.177.12:7443
5.188.34.118:7443
5.2.79.164:7443
5.252.176.198:7443
50.17.196.251:7443
51.13.165.60:7443
51.158.102.199:7443
51.77.214.92:7443
51.83.75.44:7443
52.205.104.104:7443
52.206.182.102:7443
52.221.205.86:7443
52.58.57.248:7443
52.63.64.64:7443
52.79.54.36:7443
52.89.133.37:7443
54.149.124.173:7443
54.163.224.147:7443
54.173.67.191:7443
54.175.46.12:7443
54.180.25.135:7443
54.197.245.200:7443
54.253.207.220:7443
54.74.215.121:7443
59.110.169.183:7443
61.19.242.42:7443
61.28.226.244:7443
62.113.196.46:7443
62.182.159.147:7443
63.250.44.170:7443
64.176.168.231:7443
64.176.40.100:7443
64.176.8.42:7443
64.227.107.179:7443
64.227.113.73:7443
64.227.162.219:7443
65.108.60.254:7443
66.228.45.170:7443
66.29.155.178:7443
66.85.92.234:7443
67.207.81.170:7443
67.207.81.80:7443
67.219.108.45:7443
68.183.132.227:7443
68.183.56.37:7443
68.183.60.125:7443
69.30.254.194:7443
70.34.195.186:7443
70.34.198.15:7443
70.34.210.178:7443
70.34.213.48:7443
70.34.214.252:7443
70.34.223.234:7443
74.207.254.195:7443
74.208.91.38:7443
77.91.75.165:7443
78.108.181.33:7443
78.108.182.240:7443
79.16.159.159:7443
83.244.163.202:7443
83.252.26.43:7443
86.105.252.221:7443
87.15.135.80:7443
88.208.100.189:7443
89.223.66.195:7443
89.44.201.72:7443
91.107.234.213:7443
91.207.183.54:7443
94.102.49.176:7443
94.140.115.118:7443
95.111.236.195:7443
95.179.140.228:7443
95.214.27.241:7443
95.217.82.117:7443
96.126.101.134:7443
99.153.7.209:7443
moofasa.grayhatfreelancing.com
mythic-ceramic.braindeadideas.com

# Reference: https://twitter.com/IronNetTR/status/1588154026297675777

ukreiif.live
c2.b1o.it
v56119.php-friends.de

# Reference: https://twitter.com/suyog41/status/1612412391010238466
# Reference: https://www.virustotal.com/gui/file/185254efe497aed539fe0d95ca40451985b8fa60a54a707760bfe5c53cce56d9/detection

http://70.34.195.186

# Reference: https://twitter.com/MichalKoczwara/status/1639587828899147777

1.13.174.161:7443
101.33.248.33:7443
101.43.156.89:7443
103.140.187.122:7443
103.15.105.29:7443
103.234.72.156:7443
103.35.151.195:7443
103.35.151.222:7443
103.56.19.196:7443
103.85.110.13:7443
104.168.142.135:7443
104.198.153.240:7443
104.236.186.248:7443
104.243.20.216:7443
106.15.170.198:7443
107.150.119.144:7443
107.174.78.227:7443
108.61.127.105:7443
109.248.6.249:7443
110.173.59.146:7443
110.173.59.147:7443
114.132.197.186:7443
114.55.58.137:7443
117.50.177.140:7443
118.193.37.157:7443
118.25.22.185:7443
121.199.166.58:7443
121.199.2.153:7443
121.5.112.42:7443
122.147.252.103:7443
128.199.227.227:7443
128.199.38.50:7443
13.115.21.133:7443
13.236.149.120:7443
132.145.153.214:7443
134.209.204.95:7443
134.209.26.96:7443
135.125.236.177:7443
136.244.95.237:7443
137.184.57.89:7443
137.184.86.247:7443
138.197.186.34:7443
138.197.224.55:7443
138.68.123.125:7443
138.68.149.85:7443
138.68.99.116:7443
138.68.99.223:7443
139.144.19.169:7443
139.144.27.201:7443
139.144.46.164:7443
139.162.155.164:7443
139.177.146.102:7443
139.177.196.67:7443
139.177.203.214:7443
139.224.254.195:7443
139.99.122.227:7443
140.238.221.59:7443
140.238.226.66:7443
141.193.159.146:7443
142.93.136.194:7443
143.110.155.198:7443
144.126.249.150:7443
144.34.180.27:7443
144.34.250.208:7443
145.239.197.144:7443
146.19.80.25:7443
146.190.128.88:7443
146.190.160.18:7443
146.59.237.220:7443
146.70.104.167:7443
147.182.170.15:7443
148.66.57.50:7443
148.66.57.51:7443
149.127.231.12:7443
149.28.90.162:7443
149.81.74.205:7443
149.81.74.206:7443
149.81.74.207:7443
149.81.87.18:7443
150.158.184.129:7443
150.158.27.149:7443
151.115.60.162:7443
151.80.106.50:7443
152.89.218.235:7443
154.202.59.96:7443
155.138.229.198:7443
158.247.213.192:7443
159.203.99.10:7443
159.65.202.74:7443
159.65.62.90:7443
159.89.106.178:7443
161.35.214.132:7443
162.33.177.38:7443
162.33.177.72:7443
164.90.132.211:7443
164.92.101.3:7443
164.92.161.89:7443
164.92.255.219:7443
165.227.176.139:7443
165.227.230.18:7443
165.227.231.125:7443
165.227.99.110:7443
167.172.83.4:7443
167.71.2.281:7443
167.99.17.196:7443
168.138.93.130:7443
168.63.40.231:7443
170.130.55.160:7443
170.187.207.103:7443
171.22.30.222:7443
172.86.120.245:7443
172.86.121.214:7443
172.86.75.56:7443
172.96.192.52:7443
173.199.71.71:7443
173.82.135.18:7443
174.138.7.112:7443
178.128.144.124:7443
178.128.229.91:7443
178.62.47.29:7443
179.43.154.251:7443
179.60.150.147:7443
18.140.228.104:7443
18.159.62.29:7443
18.234.7.23:7443
182.61.145.9:7443
185.128.106.245:7443
185.130.45.94:7443
185.203.119.47:7443
185.25.51.144:7443
185.254.198.147:7443
185.73.124.16:7443
185.81.68.180:7443
185.82.218.214:7443
188.127.237.167:7443
188.166.161.123:7443
188.166.27.178:7443
188.166.81.141:7443
190.92.243.156:7443
192.227.194.106:7443
192.241.128.7:7443
192.3.128.185:7443
193.149.185.51:7443
193.29.13.203:7443
194.163.133.23:7443
194.87.218.16:7443
194.87.46.13:7443
195.123.225.18:7443
198.211.15.57:7443
198.211.48.141:7443
198.46.215.53:7443
20.61.4.19:7443
206.189.192.120:7443
206.189.252.100:7443
208.123.119.232:7443
212.53.167.167:7443
213.189.201.88:7443
213.52.128.52:7443
216.127.175.18:7443
217.6.46.91:7443
23.105.193.194:7443
23.224.135.138:7443
23.224.135.139:7443
23.224.135.140:7443
23.224.135.141:7443
23.224.135.142:7443
23.234.199.141:7443
23.82.141.146:7443
23.83.127.233:7443
23.94.131.51:7443
23.94.200.202:7443
3.130.73.232:7443
3.142.79.130:7443
3.235.153.136:7443
3.238.195.247:7443
3.8.115.155:7443
34.176.0.227:7443
34.201.98.138:7443
34.221.238.130:7443
35.180.135.137:7443
35.225.60.206:7443
35.236.117.76:7443
35.240.171.140:7443
35.72.242.198:7443
37.10.71.215:7443
37.120.238.184:7443
37.28.157.7:7443
37.48.120.35:7443
38.55.24.35:7443
39.98.48.67:7443
43.133.22.89:7443
43.207.147.229:7443
44.202.249.7:7443
44.211.101.170:7443
45.120.52.106:7443
45.120.52.149:7443
45.14.224.102:7443
45.153.231.136:7443
45.227.255.217:7443
45.227.255.223:7443
45.32.233.220:7443
45.56.114.203:7443
45.61.137.59:7443
45.77.221.80:7443
45.77.41.35:7443
45.79.125.241:7443
45.8.157.45:7443
45.89.234.23:7443
45.9.148.252:7443
45.9.148.64:7443
45.9.150.109:7443
46.101.179.149:7443
46.148.26.88:7443
46.21.153.155:7443
46.246.93.104:7443
46.29.160.10:7443
47.242.23.161:7443
47.57.0.78:7443
49.12.3.231:7443
5.178.2.76:7443
5.199.168.209:7443
5.199.173.106:7443
5.199.174.230:7443
51.15.252.225:7443
51.178.81.117:7443
51.81.201.194:7443
54.65.51.181:7443
54.91.1.255:7443
57.128.11.250:7443
57.128.195.112:7443
62.3.58.81:7443
63.250.54.32:7443
64.227.18.206:7443
64.44.102.190:7443
64.44.102.212:7443
65.108.250.5:7443
65.109.134.211:7443
65.21.180.80:7443
67.205.151.119:7443
67.205.184.220:7443
68.183.207.200:7443
68.183.42.154:7443
76.74.127.144:7443
76.74.127.145:7443
79.136.1.87:7443
8.219.200.180:7443
80.78.22.106:7443
81.200.149.183:7443
82.157.142.84:7443
84.32.248.95:7443
85.217.144.191:7443
85.239.54.16:7443
88.99.46.167:7443
89.116.234.48:7443
89.38.128.51:7443
89.44.9.148:7443
91.207.183.54:7443
91.234.199.4:7443
92.204.160.119:7443
92.205.29.124:7443
92.246.89.172:7443
93.95.229.168:7443

# Reference: https://twitter.com/MichalKoczwara/status/1645071233468231685

44.213.147.172:7443
dental-delta.com

# Reference: https://twitter.com/drb_ra/status/1651296690882609177

192.3.255.153:7443

# Reference: https://twitter.com/drb_ra/status/1651296694678552576

http://192.3.255.153

# Reference: https://twitter.com/drb_ra/status/1651840154674315266

http://18.221.85.189

# Reference: https://twitter.com/drb_ra/status/1651840181056536576

http://34.205.83.91

# Reference: https://twitter.com/drb_ra/status/1651840255043985408

143.110.176.131:8081

# Reference: https://twitter.com/drb_ra/status/1651840258982526976

143.110.176.131:7443

# Reference: https://twitter.com/drb_ra/status/1651840280402771968

http://159.223.122.189

# Reference: https://twitter.com/drb_ra/status/1652384292960436227

http://43.156.134.248

# Reference: https://twitter.com/drb_ra/status/1652384375516852228

165.22.106.97:60443

# Reference: https://twitter.com/drb_ra/status/1652746167170596864

http://3.89.175.141

# Reference: https://twitter.com/drb_ra/status/1652746266734911491
# Reference: https://twitter.com/drb_ra/status/1652746270119800833

http://149.28.133.118
149.28.133.118:7443

# Reference: https://twitter.com/drb_ra/status/1653108569418391571

3.27.5.90:7443

# Reference: https://twitter.com/drb_ra/status/1653471045683167239
# Reference: https://twitter.com/drb_ra/status/1653471050007494677

http://64.176.8.42
64.176.8.42:7443

# Reference: https://twitter.com/drb_ra/status/1654195831883329536

http://3.145.90.243

# Reference: https://twitter.com/drb_ra/status/1654195891312513040

85.10.132.13:443

# Reference: https://twitter.com/drb_ra/status/1654195943061835784

http://158.160.30.214

# Reference: https://twitter.com/drb_ra/status/1654195946488582149

158.160.30.214:7443

# Reference: https://twitter.com/drb_ra/status/1654195961177034774

http://158.160.68.213

# Reference: https://twitter.com/drb_ra/status/1654195984170209293

173.53.60.45:8433

# Reference: https://twitter.com/drb_ra/status/1654196010984275968

http://206.81.6.121

# Reference: https://twitter.com/drb_ra/status/1654455427512299521

18.133.78.17:7443

# Reference: https://twitter.com/drb_ra/status/1654920506108260352

http://3.212.20.90

# Reference: https://twitter.com/drb_ra/status/1654920546256076800

43.156.134.248:7443

# Reference: https://twitter.com/drb_ra/status/1654920617622110210

http://149.28.177.78

# Reference: https://twitter.com/drb_ra/status/1655282940039839751

http://91.107.234.213

# Reference: https://twitter.com/drb_ra/status/1655282952949907457

http://101.34.73.171

# Reference: https://twitter.com/drb_ra/status/1655282966140968961

http://104.200.20.89

# Reference: https://twitter.com/drb_ra/status/1656007710918287366

http://45.66.216.108

# Reference: https://twitter.com/drb_ra/status/1656007759400259586

http://110.41.168.34

# Reference: https://twitter.com/drb_ra/status/1656007791679610887

149.28.177.78:443

# Reference: https://twitter.com/drb_ra/status/1656370036922019879

35.92.10.91:7443

# Reference: https://twitter.com/drb_ra/status/1656370063409049617

http://54.196.114.16

# Reference: https://twitter.com/drb_ra/status/1656370094497230869

91.107.234.213:7443

# Reference: https://twitter.com/drb_ra/status/1656370151565000704

158.160.68.213:7443

# Reference: https://twitter.com/drb_ra/status/1656732585047851008

http://159.203.1.70

# Reference: https://twitter.com/drb_ra/status/1657095005691863055

64.176.3.97:443

# Reference: https://twitter.com/drb_ra/status/1657457418375241729

45.66.216.108:7443

# Reference: https://twitter.com/drb_ra/status/1657457492379541507
# Reference: https://twitter.com/drb_ra/status/1657457495911149569

http://109.248.6.250
109.248.6.250:8008

# Reference: https://twitter.com/drb_ra/status/1657457582884175874

216.238.77.195:443

# Reference: https://twitter.com/drb_ra/status/1657819643359182850

13.236.177.3:7443

# Reference: https://twitter.com/drb_ra/status/1657819672455069696

35.89.34.50:7443

# Reference: https://twitter.com/drb_ra/status/1657819722572877827

84.46.241.248:7443

# Reference: https://twitter.com/drb_ra/status/1657819751295471618

111.90.150.101:443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/

http://100.21.223.19
http://104.248.88.172
http://107.191.62.175
http://108.61.190.25
http://109.248.6.225
http://114.116.232.244
http://121.40.217.151
http://13.66.164.102
http://136.144.254.191
http://138.197.145.159
http://139.144.19.118
http://139.180.144.223
http://139.84.192.189
http://139.84.227.243
http://139.84.227.60
http://139.84.230.205
http://139.84.231.133
http://142.93.251.5
http://143.110.217.151
http://143.198.128.249
http://145.131.8.169
http://147.182.164.5
http://154.180.67.196
http://158.247.231.22
http://164.90.158.199
http://170.64.148.46
http://172.174.43.14
http://173.255.226.84
http://18.118.133.253
http://18.222.26.9
http://185.187.169.34
http://193.41.237.173
http://194.171.96.118
http://194.87.68.235
http://20.190.110.190
http://216.238.77.195
http://23.239.29.223
http://3.136.22.144
http://3.145.1.242
http://3.19.216.182
http://3.217.163.182
http://34.123.204.199
http://34.136.7.143
http://34.67.166.244
http://35.225.155.204
http://35.78.243.160
http://35.80.3.250
http://35.93.133.191
http://37.187.123.146
http://38.54.1.55
http://40.69.93.39
http://43.206.136.41
http://44.206.161.150
http://44.237.82.37
http://45.79.36.179
http://50.17.171.212
http://52.15.89.185
http://52.20.136.152
http://64.176.179.222
http://64.176.40.100
http://64.44.135.113
http://67.205.190.217
http://67.219.103.77
http://67.219.108.45
http://70.34.198.15
http://74.207.254.195
http://89.44.201.72
http://90.84.193.31
http://94.102.49.176
100.21.223.19:443
101.34.73.171:7443
101.99.94.107:17443
104.248.131.203:443
104.42.151.103:443
107.174.68.34:7443
107.182.181.15:7443
107.191.62.175:7443
107.23.135.123:7443
108.61.190.25:7443
108.61.204.217:7443
109.248.6.210:7443
109.248.6.250:443
111.90.150.101:7443
116.203.150.138:7443
121.40.217.151:7443
13.48.176.95:7443
13.55.56.50:17443
13.57.58.92:443
130.51.20.132:444
137.184.151.45:7443
138.68.127.9:443
138.68.71.226:7443
139.162.38.59:7443
139.180.144.223:7443
139.59.144.58:443
139.84.192.189:7443
139.99.89.117:17443
139.99.89.117:3000
139.99.89.117:8443
142.93.166.252:443
144.34.163.218:7443
144.91.122.255:17443
144.91.122.255:3000
146.190.140.172:7443
157.230.70.139:7443
157.230.93.100:3000
158.160.69.66:7443
158.247.231.22:7443
159.223.234.218:7443
159.223.234.22:443
16.171.43.215:7443
16.171.9.210:7443
161.35.247.112:7443
161.97.110.155:443
161.97.110.155:7443
164.92.136.107:7443
164.92.240.184:7443
165.227.45.251:17443
165.232.174.143:443
167.172.110.153:7443
168.119.103.232:7443
172.105.254.138:17443
172.105.254.138:3000
172.105.33.165:7443
18.117.39.158:443
18.163.79.192:7443
18.219.119.7:443
185.202.172.46:7443
192.236.155.121:443
192.241.133.70:7443
192.248.154.64:7443
194.233.164.157:81
195.189.96.70:443
195.189.99.90:27443
195.189.99.90:443
195.97.212.20:17443
198.177.123.60:7443
198.23.208.20:7443
20.151.239.27:7443
20.203.101.185:443
20.245.83.102:443
20.51.147.175:7443
20.70.208.224:443
216.238.77.195:7443
217.6.46.91:9443
3.138.113.81:7443
3.144.109.31:7443
3.144.34.96:1337
3.144.34.96:7443
3.15.12.135:8088
3.21.101.180:443
3.27.5.90:443
3.80.39.181:7443
3.84.125.232:443
32.132.189.190:7443
34.171.152.194:443
34.219.23.14:7443
34.235.167.187:8989
35.222.81.113:443
35.224.68.217:443
35.225.155.204:443
35.78.243.160:7443
38.54.1.55:7443
38.54.24.6:7443
40.69.93.39:3000
43.133.34.128:7443
43.154.155.146:7443
44.213.147.172:443
44.214.119.213:7443
45.133.238.221:7443
45.148.120.187:7443
45.148.120.192:17443
45.156.243.188:7443
45.33.22.174:7443
45.77.254.85:7443
45.79.213.188:7443
45.81.243.128:7443
45.87.154.87:3000
5.188.34.118:443
50.116.1.198:443
52.14.58.76:1337
52.14.58.76:7443
52.16.215.82:7443
52.232.197.207:443
52.234.252.120:443
54.152.184.1:443
54.197.245.200:17443
54.197.245.200:3000
54.211.74.154:443
54.219.249.57:443
54.221.106.82:7443
61.19.242.42:7444
61.28.226.244:8443
64.176.179.222:7443
64.176.40.100:7443
64.44.135.113:443
64.57.248.125:443
65.109.9.51:7443
66.42.94.137:7443
67.205.151.31:443
67.207.81.170:7443
70.34.195.186:443
70.34.245.253:7443
78.193.254.183:7443
79.24.21.47:7443
79.32.28.251:7443
79.51.145.99:7443
8.217.67.189:7443
81.200.145.213:7443
84.32.131.58:37443
84.32.131.58:443
84.54.50.110:7443
87.17.17.71:7443
87.2.206.131:7443
94.102.49.176:17443
95.111.236.195:7443
95.216.172.190:7443
96.9.228.105:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-07-27)

104.243.33.129:443
164.92.88.164:7443
165.232.127.17:443
54.242.209.161:443
77.91.75.165:7443
95.214.27.241:7443
makethumbmoney.com

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-07-30)

http://3.69.214.254
13.59.29.56:7443
185.45.195.30:443
3.69.214.254:7443
86.48.25.106:7443
88.119.175.140:443
aviditycellars.com
boxofficeseer.com
thesheenterprise.com

# Reference: https://threatfox.abuse.ch/ioc/1146556/

154.204.60.177:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-08-04)

172.105.163.143:7443
64.176.162.36:7443
78.141.210.148:7443

# Reference: https://twitter.com/drb_ra/status/1688079122826711040

http://64.176.162.36

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-08-08)

178.128.127.243:7443
185.215.180.99:7443
20.163.220.14:7443
20.25.147.190:7443
35.80.3.250:7443
4.228.97.16:7443

# Reference: https://twitter.com/drb_ra/status/1689347656751935489

179.43.170.197:7443

# Reference: https://twitter.com/drb_ra/status/1689347680835665920

64.176.168.231:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-08-11)

http://64.176.168.231
103.225.198.216:7443
146.190.38.149:7443
167.99.194.103:7443
188.124.39.62:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-08-13)

18.188.7.186:7443
65.109.229.239:7443
motorrungoli.com
rosevalleylimousine.com
shchiswear.com

# Reference: https://twitter.com/drb_ra/status/1691159572776415232

18.188.7.186:7443

# Reference: https://threatfox.abuse.ch/ioc/1150419/

3.19.246.184:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-08-17)

http://44.203.60.76
159.89.164.248:7443
164.92.72.33:7443
177.124.72.24:7443
185.62.57.120:7443
3.133.152.144:7443
3.139.80.162:7443
44.233.194.117:7443
5.252.176.198:7443
54.175.46.12:7443
66.85.92.234:7443
70.34.250.166:7443
89.223.66.195:7443
99.153.7.209:7443

# Reference: https://threatfox.abuse.ch/ioc/1150866/

http://70.34.250.166

# Reference: https://www.virustotal.com/gui/file/75ab2570442b10e8f8087c844418bccfd52598952037a3a668d9d42efe500d3f/detection

103.145.13.69:8081

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-08-25)
# Reference: https://twitter.com/drb_ra/status/1694420880502214955

http://18.206.251.188
142.93.60.235:7443
165.3.127.224:7443
39.104.63.94:7443
95.164.22.13:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-08-29)

108.61.163.195:7443
120.53.87.201:37445
138.124.180.241:443
185.174.101.53:443
23.152.0.193:443
67.207.81.80:7443
51.250.108.206:7443
ivermectinorder.com
personmetal.com
vectorsandarrows.com

# Reference: https://twitter.com/drb_ra/status/1696957590243016710

68.183.60.125:7443

# Reference: https://twitter.com/drb_ra/status/1696957610556088425

185.117.90.224:7443

# Reference: https://twitter.com/drb_ra/status/1696957641828794600

http://54.164.36.37

# Reference:: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-09-06)

http://108.61.163.195
http://139.84.226.120
http://44.203.168.236
http://64.176.224.4
107.148.0.215:7443
139.84.226.120:7443
170.178.201.212:7443
185.14.45.232:7443
193.56.255.153:7443
194.5.212.74:7443
207.148.123.73:58013
34.238.7.53:7443
45.153.129.164:7443
45.66.248.13:443
64.176.224.4:7443
cannabishang.com

# Reference: https://www.shodan.io/host/5.252.176.198

5.252.176.198:7443
proff-online.xyz
mi4.proff-online.xyz

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-09-20)

http://149.248.51.25
http://192.248.153.47
http://216.238.83.145
http://34.226.245.52
http://35.88.35.138
103.46.185.11:7443
103.46.185.9:7443
103.46.185.13:7443
120.46.138.126:7443
124.222.181.240:7443
137.184.67.135:7443
138.197.156.131:7443
139.180.136.59:7443
139.59.109.136:7443
143.198.101.96:7443
147.182.216.178:7443
147.182.232.123:7443
149.248.51.25:7443
161.35.184.135:7443
164.155.204.61:7443
167.235.59.8:7443
172.104.205.113:7443
185.43.222.183:7443
188.124.39.62:7744
192.241.152.108:7443
192.248.153.47:7443
193.134.210.75:7443
198.52.123.223:7443
201.243.95.21:7443
201.243.95.27:7443
216.128.141.126:7443
216.238.83.145:7443
217.68.58.93:7443
3.234.128.163:7443
34.206.208.220:7443
34.229.89.43:443
34.237.94.238:7443
35.161.156.250:7443
35.176.89.226:7443
35.88.35.138:7443
44.217.229.194:7443
45.137.118.181:7443
45.152.67.193:7443
45.55.195.215:7443
45.82.153.168:7443
46.4.112.27:7443
52.3.243.166:7443
54.250.176.92:7443
54.89.65.128:7443
64.31.63.82:7443
91.207.183.26:7443
94.131.98.34:7443

# Reference: https://twitter.com/KorbenD_Intel/status/1704197999398711425
# Reference: https://www.virustotal.com/gui/ip-address/107.174.68.34/relations

sith.team
account.sith.team
login.sith.team
outlook.sith.team

# Reference: https://twitter.com/r3dbU7z/status/1704854108455551274
# Reference: https://www.virustotal.com/gui/file/09cf19407cccd9f273ed0d79968309873e135be56962267638104ad274561884/detection

r2.hansesecure.com
safe2.hansesecure.com

# Reference: https://twitter.com/0xRevolver/status/1686312879824183297

185.245.182.209:3000

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-10-11)

http://149.56.109.219
http://45.61.130.40
http://47.103.205.56
http://51.254.53.14
http://54.168.147.222
104.154.113.5:443
104.238.187.71:443
104.45.53.35:443
104.45.53.36:443
104.45.53.41:443
104.45.53.44:443
104.45.53.8:443
108.142.191.197:443
108.142.191.201:443
108.142.191.234:443
108.142.191.239:443
108.142.191.247:443
118.31.72.66:7443
13.40.190.57:7443
130.211.196.186:443
139.59.109.136:443
141.98.7.18:7443
143.198.166.150:7443
146.190.157.226:7443
149.248.79.89:7443
159.223.113.15:7443
165.22.0.181:7443
167.172.136.176:7443
172.104.206.233:7443
172.245.205.13:7443
172.245.92.84:7443
177.124.72.24:8091
179.43.191.198:7443
179.43.191.199:7443
179.43.191.202:7443
185.141.63.166:7443
185.241.124.217:7443
188.127.224.177:7443
188.40.162.125:7443
193.134.210.75:443
195.154.166.134:7443
198.148.80.86:7443
20.11.212.157:7443
20.160.18.155:443
20.92.38.251:443
20.92.62.101:7443
207.191.226.206:7443
209.133.48.222:7443
216.128.141.126:443
3.18.3.115:8443
3.70.6.51:7443
31.42.186.161:7443
34.123.112.247:443
34.124.204.208:7443
34.142.156.79:7443
34.28.132.129:443
34.71.167.255:443
35.188.19.120:443
35.192.141.183:443
35.193.180.184:443
35.225.227.102:443
35.225.49.240:443
35.226.165.138:443
35.226.49.76:443
35.87.234.204:7443
4.227.189.107:7443
45.151.126.118:7443
45.152.67.193:443
45.61.130.40:443
45.77.41.214:7443
47.103.205.56:7443
51.222.31.152:443
51.254.53.14:443
54.168.147.222:7443
62.109.24.105:7443
62.182.84.234:7443
65.109.103.227:7443
68.183.152.119:7443
72.200.119.176:7443
74.234.223.12:443
83.97.20.136:7443
88.214.25.253:7443
91.219.150.98:7443
95.111.236.195:8086
95.164.19.54:7443
agorasecurity.it
bijusdaclara.shop
crowdstrike.training
lifeisff.fun
modabarataonline.shop
plrdofuturo.online
semacucar.online
telegramvip.shop
ads.telegramvip.shop
do-sfo01.jetserver.net
m.agorasecurity.it
v2r-cn2.lifeisff.fun

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-11-01)

angelbusinessteam.com
bitscoinc.com
boezgrt.com
bureaudecreationalienor.com
danagroupegypt.com
displaymercials.com
formulaautoparts.com
hatchdesignsnh.com
hom4u.com
jongchul.democrat
lucasdoors.com
naservpn.cf
pacatman.com
sms-atc.com
turanmetal.com
franc.naservpn.cf

# Reference: https://research.nccgroup.com/2023/11/01/popping-blisters-for-research-an-overview-of-past-payloads-and-exploring-recent-developments/

avblokhutten.com
digtupu.com
futuretechfarm.com
licencesolutions.com
remontisto.com
szdeas.com
visioquote.com
d1hp6ufzqrj3xv.cloudfront.net
/s/0.7.8/clarity.js

# Reference: https://www.virustotal.com/gui/ip-address/64.176.196.183/community

http://64.176.196.183
64.176.196.183:7443

# Reference: https://www.virustotal.com/gui/ip-address/87.239.108.174/community

87.239.108.174:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-11-22)

http://65.20.81.156
139.144.117.63:7443
20.61.184.114:443
34.41.225.176:443
34.67.177.99:443
34.69.229.157:443
34.70.168.68:443
47.96.188.106:7443
51.124.39.181:443
51.144.234.167:443
52.136.206.130:443
52.136.206.142:443
52.136.206.160:443
52.136.206.169:443
52.136.206.183:443
64.176.164.107:7443
65.20.81.156:7443
74.234.222.210:443
74.234.222.211:443
74.234.222.214:443
88.208.100.189:8443
pwndrop.aptiv-hr.com

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-12-03)

http://3.82.143.108
http://35.86.185.174
http://44.211.190.165
http://64.176.164.107
103.146.202.34:443
103.146.202.34:7443
116.62.172.40:7443
120.55.37.69:7443
121.40.171.154:7443
121.43.166.96:7443
154.38.167.90:7443
164.92.111.233:7443
18.132.68.205:443
18.132.68.205:7443
18.135.210.230:443
18.170.170.237:443
194.150.167.136:7443
20.11.178.186:443
20.11.190.12:443
20.211.241.0:443
24.199.125.32:443
3.86.97.154:7443
34.145.104.44:8443
34.212.248.231:443
38.180.44.56:7443
47.99.135.136:7443
5.78.40.129:7443
52.45.163.230:7443
archiefilmco.com
production.knime.youknights.nl

# Reference: https://www.virustotal.com/gui/file/37ffaccba0469d9125dd072241ec7d99652e2e46897f7c6d3db98a19d92b20e6/detection
# Reference: https://www.virustotal.com/gui/file/5642b834e99ee75d5a43418947a37a988b4226ed4544f6108e51258e078c1663/detection

http://139.59.72.48

# Reference: https://www.virustotal.com/gui/ip-address/13.127.166.232/detection

13.127.166.232:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-12-17)

136.244.66.89:443
162.19.175.57:7443
20.62.199.199:7443
4.198.144.143:443
4.227.178.226:7443
64.176.67.54:7443
91.92.250.237:7443
97.151.135.208:7443
alderwood-staging.creativefolks.dev
pia.australiasoutheast.cloudapp.azure.com

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-12-22)

http://64.31.63.82
120.27.131.3:7443
13.235.248.157:7443
13.245.207.111:9922
135.181.39.81:7443
137.184.185.109:7443
137.184.67.135:443
137.184.80.125:443
143.198.72.108:7443
149.40.62.223:7443
154.90.49.23:7443
157.90.21.73:7443
159.100.6.167:7443
159.203.163.53:7443
159.65.22.88:443
162.0.222.178:7443
164.90.210.111:7443
165.227.106.254:7443
167.172.97.111:443
167.99.182.53:7443
168.1.193.211:7443
172.104.237.247:7443
172.206.9.120:7443
18.234.193.16:7443
185.187.169.34:17443
188.166.153.84:7443
20.11.149.168:443
20.211.251.199:443
208.85.17.219:7443
209.105.242.245:7443
217.12.200.158:7443
3.26.24.38:443
3.31.40.188:443
34.142.175.189:7443
34.87.162.94:7443
35.171.17.63:7443
35.197.55.147:7443
38.242.21.22:7443
38.54.59.79:7443
38.54.63.8:7443
44.197.84.49:443
44.197.84.49:7443
45.79.100.129:7443
52.211.169.127:7443
52.222.96.153:443
52.222.96.153:7443
64.176.66.86:7443
64.23.155.109:7443
65.20.101.150:7443
83.212.98.93:443
84.201.163.253:7443
liquiditv.com
c6-v5.v2red.xyz
wtf.creativefolks.dev

# Reference: https://embee-research.ghost.io/threat-intel-queries-with-fofabot/

104.198.178.178:3000
104.238.187.71:7443
111.90.150.101:3000
123.207.50.70:7443
129.211.212.43:8443
136.244.66.89:7443
149.248.21.89:7443
159.89.8.28:443
160.1.6.79:443
162.19.175.57:3000
162.55.176.85:50050
164.90.209.184:7443
165.227.213.147:7552
165.232.64.60:443
165.232.64.60:7443
172.105.92.240:9000
176.103.52.51:7443
178.128.92.166:7443
18.135.210.230:7443
185.142.184.125:7443
185.16.43.59:7443
192.236.155.121:7443
193.201.126.69:443
193.201.126.69:45632
194.233.170.94:9000
195.189.96.70:27443
20.38.38.53:7443
20.56.52.211:7443
207.180.234.141:7443
207.244.242.35:7443
23.168.152.5:7443
24.199.72.221:7443
3.140.197.75:443
3.27.149.232:7443
3.65.28.179:7443
3.75.96.112:7443
34.171.179.211:443
35.161.156.250:3000
4.198.112.20:443
40.67.215.229:7443
45.61.130.40:7443
45.61.137.134:7443
47.243.46.93:7443
47.245.114.11:7443
49.51.68.151:7443
50.116.1.198:7443
51.254.53.14:7443
54.154.24.24:7443
64.225.100.2:443
64.226.104.86:443
64.227.124.8:443
64.227.124.8:7443
64.23.149.255:7443
64.23.170.241:7443
64.44.135.113:7443
65.20.106.42:7443
70.39.90.80:7443
74.208.172.242:3000
74.208.172.242:7443
84.201.141.119:7443
84.46.241.248:3000
87.121.87.101:7443
95.164.84.84:7443
97.151.208.70:7443
_dmarc.home-vip.xyz
a95b408d5ca94f4f.home-vip.xyz
ahv-id-4649.vps.awcloud.nl
blackhatethicalhacking.com
bounty.blackhatethicalhacking.com
erp.home-vip.xyz
home-vip.xyz
itemkxczfph.home-vip.xyz
lqvfecrehlcgwuleoglx.home-vip.xyz
mythic.blog
mythic.fr
mythic.run
new.bemythic.com
opnhqgjjgfl.home-vip.xyz
queilani.com
social.blackhatethicalhacking.com
ss.vet.sapphire.net
thissubdomainshouldnotexist.home-vip.xyz

# Reference: https://www.virustotal.com/gui/ip-address/192.210.140.35/community

192.210.140.35:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2024-02-12)

137.184.43.170:443
143.198.131.4:7443
164.92.189.59:443
172.245.156.157:7443
185.189.196.191:443
185.196.9.10:7443
217.114.43.93:7443
34.72.157.21:443
35.202.200.238:443
46.101.195.151:443
69.46.36.208:7443
80.90.179.251:7443
ansible-tower-pocket-node1.validatorsheaven.network
kitrknis.com
snf-893982.vm.okeanos.grnet.gr

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2024-02-25)

122.114.11.150:7443
13.237.100.49:7443
130.193.34.93:7443
134.255.233.199:63443
139.162.249.47:443
147.182.158.99:7443
157.90.120.132:7443
158.160.97.165:7443
164.92.238.134:443
172.212.163.113:7443
174.138.6.9:7443
178.62.237.92:7443
20.41.216.145:7443
23.101.226.140:443
34.82.156.114:7443
38.60.216.65:7443
38.60.249.75:7443
51.250.74.43:7443
51.81.90.181:443
52.162.200.36:7443
69.46.36.208:443
69.46.36.209:443
69.46.36.209:7443
69.46.36.210:443
69.46.36.210:7443
69.46.36.211:443
69.46.36.211:7443
69.46.36.215:7443
69.46.36.216:443
69.46.36.216:7443
69.46.36.217:443
69.46.36.217:7443
69.46.36.218:443
69.46.36.218:7443
69.46.36.219:443
69.46.36.219:7443
69.46.36.220:443
69.46.36.220:7443
74.48.56.81:7443
78.129.165.233:7443
88.214.25.240:7443
91.92.253.26:7443
95.217.6.101:7443
data.iexcom.de
gymlog.de
ovh.rfc.pp.ua
trainlog.de

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2024-03-31)

104.236.72.104:7443
109.116.212.249:443
113.190.198.225:7443
134.209.171.201:7443
138.197.116.57:7443
139.84.137.24:7443
143.244.132.162:7443
143.244.186.6:7443
154.90.49.110:7443
161.97.141.230:7443
164.90.238.212:7443
172.174.105.127:7443
193.169.245.94:7443
194.163.169.13:7443
198.23.228.167:7443
20.168.0.131:7443
209.38.188.72:7443
210.215.129.104:7443
217.182.79.54:7443
3.0.250.71:7443
3.132.184.13:443
34.134.107.175:7443
34.231.255.33:7443
38.47.101.176:7443
38.54.63.253:7443
38.60.254.215:2112
46.101.81.127:7443
78.47.48.88:8443
8.220.135.161:7443
82.97.251.102:7443
93.148.180.205:443
95.183.54.20:7443
a1photoprinting.com
americanhomeservicesllc.com
anambrabasiceducation.com
audiolabelectronics.com
b2bsupermarkets.com
b2bturkishtextile.com
chryatech.com
cmfgsi.com
colortreeva.com
computerfeuerwehr.com
crabonchips.com
cristinastanciu.com
daffigallery.com
dallassutherland.com
detectiveman.com
etsprayfoam.com
freeautotalk.com
happeelearning.com
hostel99.com
insproscp.com
jobmalta.com
kingtonyamerica.com
mello-roos.com
michaelcaneconsultants.com
mowilderness.com
mtgimports.com
netdognetworks.com
peacecheese.com
pipelinning.com
pixgraphie.com
redactweb.com
sdlsd.com
shinemarksystems.com
strokestownlearningzone.com
thebestoftenerife.com
thesolutionmatrix.com

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2024-04-10)

103.20.60.248:7443
104.131.187.5:7443
104.156.255.239:7443
109.123.252.6:7443
129.226.154.137:443
130.193.40.102:7443
137.184.39.229:7443
139.144.96.187:7443
142.93.79.177:7443
143.198.73.229:7443
149.28.144.85:7443
159.100.6.45:7443
165.227.90.98:7443
168.119.236.136:7443
172.104.110.118:7443
185.170.144.142:7443
216.153.61.72:7443
3.0.250.71:8443
3.146.206.142:7443
3.216.133.137:7443
3.223.6.69:7443
3.239.164.16:7443
3.27.90.144:7443
3.76.124.183:7443
31.129.57.189:7443
34.16.198.174:7443
34.195.136.4:7443
35.171.228.255:7443
35.189.178.127:7443
38.207.179.24:7443
38.60.217.106:7443
39.100.72.235:7443
43.154.80.163:7443
45.55.38.40:7443
45.95.174.253:7443
45.95.174.39:7443
57.180.189.117:7443
61.162.223.117:7443
62.171.158.126:7443
62.210.188.78:7443
64.23.196.210:3000
77.106.68.26:7443
80.87.206.160:7443
94.198.54.202:7443

# Reference: https://pastebin.com/WvhSFbkF

104.37.190.52:7443
149.104.26.229:7443
158.160.71.51:7443
64.23.196.210:7443
c2.rmrf.one
ip14.ip-51-254-53.eu
mythic.pcfindercentral.com
whitedesk.cow-procyon.ts.net

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2024-05-18)

http://149.56.109.219
http://35.86.185.174
http://45.61.130.40
http://47.103.205.56
http://51.254.53.14
http://54.168.147.222
http://64.176.164.107
http://64.176.196.183
http://64.31.63.82
http://65.20.81.156
103.69.194.227:7443
107.172.159.50:7443
107.175.0.167:7443
110.168.29.157:7443
119.76.173.139:7443
128.199.59.209:7443
13.79.48.220:3000
13.79.48.220:7443
138.197.66.41:7443
161.35.207.209:7443
172.233.172.190:7443
18.170.123.22:7443
3.109.78.6:7443
3.130.124.10:443
34.221.207.33:7443
35.177.104.235:7443
43.134.118.235:7443
45.14.66.194:7443
45.9.148.129:7443
47.251.12.23:7443
72.14.186.33:7443
80.79.4.177:7443
83.97.20.142:7443
91.107.207.2:7443
93.127.197.83:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2024-06-01)

http://107.172.159.50
http://118.31.164.200
http://120.27.139.123
http://121.127.33.25
http://121.199.0.100
http://121.40.157.89
http://121.43.166.96
http://122.114.252.179
http://128.199.59.209
http://129.226.154.137
http://13.238.128.178
http://13.40.187.52
http://13.50.224.236
http://13.58.109.128
http://134.209.171.201
http://135.181.205.15
http://137.184.39.229
http://138.197.66.41
http://142.93.74.10
http://143.198.233.101
http://146.148.110.87
http://147.45.150.204
http://149.104.26.229
http://152.42.162.105
http://158.160.71.51
http://159.223.0.196
http://161.35.207.209
http://172.174.105.127
http://172.201.107.88
http://185.158.94.217
http://185.16.43.59
http://185.178.46.202
http://20.186.89.88
http://20.229.189.122
http://201.243.95.21
http://210.215.129.104
http://217.12.200.158
http://3.144.95.38
http://3.16.25.250
http://3.23.94.235
http://3.82.197.233
http://34.16.7.41
http://34.171.128.254
http://34.31.178.96
http://35.153.232.88
http://35.163.149.144
http://35.177.104.235
http://35.239.106.52
http://37.187.118.185
http://44.224.147.7
http://45.133.238.221
http://47.242.227.140
http://47.74.90.4
http://47.76.61.241
http://47.96.141.218
http://47.96.141.72
http://47.96.254.47
http://47.99.102.146
http://5.255.116.34
http://51.250.108.206
http://52.14.189.239
http://54.183.137.162
http://54.74.198.96
http://62.171.158.126
http://64.23.149.255
http://65.20.72.205
http://68.183.69.22
http://94.131.8.254
http://95.217.6.101
110.168.29.138:7443
115.87.213.147:7443
120.26.203.206:443
121.43.176.110:443
13.48.128.36:7443
13.60.75.58:7443
135.181.205.15:7443
138.197.156.131:443
142.93.74.10:7443
143.198.116.46:443
143.244.162.77:7443
147.211.222.35:443
147.45.150.204:7443
152.42.162.105:7443
152.42.245.111:7443
152.89.92.204:7443
159.223.0.196:7443
159.65.42.191:7443
162.55.63.241:7443
164.90.230.22:3000
167.172.150.173:7443
168.100.8.115:7443
172.104.157.108:7443
172.187.154.69:443
172.247.44.101:7443
176.32.68.83:7443
178.128.92.166:443
18.176.67.169:443
18.176.67.169:7443
185.241.124.218:7443
195.88.87.66:7443
2.207.107.91:443
20.16.73.54:443
20.160.204.211:7443
20.231.230.3:443
20.234.209.66:443
20.234.212.176:443
20.234.212.180:443
24.181.166.196:7443
3.133.126.43:443
34.219.143.252:443
35.222.211.147:443
35.226.15.73:443
37.187.118.185:7443
37.27.92.9:443
38.60.136.208:7443
43.134.38.211:7443
43.206.219.14:7443
45.15.158.15:7443
45.8.99.215:7443
47.237.20.201:7443
5.42.100.30:7443
51.20.108.241:7443
52.32.75.223:443
52.73.128.242:443
54.173.147.137:8443
58.8.255.53:7443
65.20.72.205:7443
73.15.226.35:443
79.154.35.27:7443
89.23.118.175:3000
89.23.118.175:7443
89.44.199.196:443
91.107.207.2:443
92.204.83.36:7443
94.156.144.46:443
94.156.144.46:7443
94.198.216.204:7443
98.71.132.101:8443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2024-06-15)

100.25.159.142:7443
103.117.101.73:7443
13.53.216.241:7443
13.60.5.73:7443
13.60.6.180:7443
13.60.91.126:7443
139.84.217.198:7443
144.202.12.174:7443
152.42.198.168:7443
158.247.250.154:7443
16.16.185.182:7443
16.171.113.25:7443
16.171.181.75:7443
162.212.154.121:7443
172.104.153.104:7443
172.86.75.53:7443
172.94.53.132:7443
3.15.156.228:7443
3.19.59.206:7443
3.9.82.206:7443
38.242.198.230:7443
43.135.3.17:7443
44.234.240.58:7443
51.15.227.211:7443
51.20.119.112:7443
51.20.127.177:7443
51.20.134.151:7443
51.20.76.114:7443
54.234.100.124:7443
61.14.210.209:7443
89.185.85.206:7443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s.csv

100.29.99.57:7443
104.131.11.46:7443
107.172.100.174:7443
107.174.121.75:7443
109.123.231.134:7443
119.76.173.60:7443
13.201.63.1:7443
13.40.7.10:7443
13.49.76.223:7443
134.122.91.70:7443
135.148.132.167:7443
139.59.184.185:7443
139.59.86.97:7443
14.225.217.103:7443
14.225.217.205:7443
14.225.217.7:7443
14.225.254.224:7443
14.225.255.166:7443
14.225.255.32:7443
144.86.159.57:7443
149.224.90.120:7443
152.42.232.171:7443
152.42.245.62:7443
154.90.55.68:7443
159.223.0.196:8081
159.223.224.93:7443
16.16.66.176:7443
16.170.163.148:7443
160.238.36.36:7443
162.251.95.44:7443
165.232.177.53:7443
171.99.147.172:7443
172.104.33.179:7443
172.235.56.104:7443
176.32.38.63:7443
18.141.14.103:7443
185.181.219.211:7443
185.245.182.209:443
194.163.168.80:7443
198.7.121.101:7443
20.185.50.39:7443
204.152.203.78:3000
209.151.148.168:7443
217.79.255.137:7443
35.84.184.254:7443
40.115.32.175:7443
43.143.216.228:7443
44.223.17.221:7443
45.154.3.150:7443
45.156.24.8:7443
46.101.118.11:7443
46.8.237.108:7443
46.8.237.247:7443
47.109.51.223:7443
47.245.14.36:7443
52.183.57.173:7443
52.3.251.97:7443
52.87.231.174:7443
52.90.26.228:7443
61.90.98.156:7443
64.227.141.158:7443
64.227.142.233:7443
66.42.99.86:7443
8.222.231.128:7443
80.78.22.77:7443
82.153.138.128:7443
82.153.138.168:7443
83.229.120.117:7443
84.21.171.55:7443
85.114.138.96:7443
86.38.247.225:7443
87.242.107.248:7443
88.214.25.227:7443
98.80.109.237:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2024-08-10)

107.172.78.188:7443
129.148.44.247:7443
138.68.134.123:7443
14.225.254.102:7443
154.90.55.68:443
157.245.146.223:443
170.64.132.144:7443
172.105.27.15:443
172.105.27.15:7443
172.235.56.104:443
188.166.71.109:7443
188.253.113.4:7443
20.14.86.180:7443
20.86.134.86:443
209.38.45.156:443
3.81.34.172:443
34.195.55.134:7443
4.227.88.111:443
4.227.88.122:443
4.227.88.137:443
4.227.88.150:443
4.227.88.213:443
4.227.88.239:443
43.135.3.17:443
43.143.216.228:443
44.223.17.221:443
54.82.134.185:443
62.84.121.110:2443
64.225.100.125:443
66.42.99.86:443
66.70.202.83:7443
67.205.162.200:443
81.208.161.44:443
81.208.161.44:7443
91.207.183.165:7443
aeroflightparts.com
ankaplast.com
aquatictt.com
bbm-e.com
biofuelsevent.com
blftrade.com
bp-training.com
colinscaravans.com
cormdale.com
freeflashbuilder.com
identi-tech.com
inabove.com
lc218.com
office-adr.com
patpricespeaks.com
seowebguy.com
shippwd.com
twm-master.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-18)

107.173.101.225:7443
168.100.8.98:7443
176.32.35.154:7443
194.87.252.169:7443
20.51.254.237:7443
209.38.216.116:7443
44.243.24.208:7443
54.187.19.75:7443
84.32.131.58:49123

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2024-08-18)

http://194.195.122.86
134.209.101.248:443
164.90.180.68:443
176.32.35.154:443
3.130.245.28:443
34.31.249.65:443
52.168.20.124:8080

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-24)

121.165.30.164:7443
167.88.180.98:7443
170.64.134.216:7443
172.232.190.135:7443
193.42.63.53:7443
3.139.98.190:7443
45.145.229.103:7443
54.152.126.132:7443
83.229.120.73:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2024-08-25)

http://34.30.202.89
54.227.68.178:7443
83.229.120.73:8443
gadgetised.com
totemcontent.com
usedstuf.com

# Reference: https://app.validin.com/detail?find=8fda9d86d62e7121dc00bcd1ae63b077&type=hash&ref_id=3672e7c8f8d#tab=host_pairs_v2

1496043-cu51648.tw1.ru
161-35-113-194.cprapid.com
172-105-27-15.ip.linodeusercontent.com
18-133-77-74.cprapid.com
a1skiphiremanchester.co.uk
affectionate-curran.161-35-113-194.plesk.page
agitated-buck.161-35-113-194.plesk.page
algadirschool.com
apgecommerce.net
app.sensius.no
app.tempmesh.io
autodiscover.tmesh.app
awesome-chatelet.161-35-113-194.plesk.page
baiyokef.sg04.tmd.cloud
bbs.algadirschool.com
be.djp.maxchat.co.id
blog.sensius.no
booking.bmesh.io
brrrrr-app.massan.club
c2.devolutions-distribution.com
chalusroad.com
cl1.icu
cpanel.baiyokef.sg04.tmd.cloud
cpanel.liveandlettravel.com
cpanel.smtp-out.sg04.tmd.cloud
cpcalendars.liveandlettravel.com
crm.mngr.me
demo.norwichdeli.com
devolutions-distribution.com
directus.mngr.me
distracted-engelbart.161-35-113-194.plesk.page
djp.maxchat.co.id
ec2-13-58-109-128.us-east-2.compute.amazonaws.com
ec2-18-191-106-202.us-east-2.compute.amazonaws.com
ec2-3-130-245-28.us-east-2.compute.amazonaws.com
ec2-3-144-46-167.us-east-2.compute.amazonaws.com
ec2-3-16-25-250.us-east-2.compute.amazonaws.com
ec2-3-81-34-172.compute-1.amazonaws.com
ec2-3-98-162-62.ca-central-1.compute.amazonaws.com
ec2-34-219-143-252.us-west-2.compute.amazonaws.com
ec2-35-153-232-88.compute-1.amazonaws.com
ec2-35-177-104-235.eu-west-2.compute.amazonaws.com
ec2-52-53-207-84.us-west-1.compute.amazonaws.com
ec2-54-173-147-137.compute-1.amazonaws.com
ecommerceenroll.com
ecstatic-benz.161-35-113-194.plesk.page
efkalex.com
egrvxh.algadirschool.com
electronicproduct.xyz
enigma-puzzle-game.com
entityapi.bmesh.io
enumeratrix.site
eteocretan.01168530.xyz
expmle.com
falcontaxe.com
fastlinkapp.com
flash.algadirschool.com
foundationcapitl.com
fullmetal.ec-secops.com
globaltradestations.com
gotomypc.us.com
hr-policies.com
inspiring-lamport.161-35-113-194.plesk.page
instagram.infosur.cl
instagram.seba.cl
intelligent-maxwell.161-35-113-194.plesk.page
invoicevalidator.net
keen-visvesvaraya.161-35-113-194.plesk.page
kiosk.mismo.store
list.chalusroad.com
mail.baiyokef.sg04.tmd.cloud
mail.liveandlettravel.com
mail.sg03.tmd.cloud
mail.smtp-out.sg03.tmd.cloud
manchester-airport-parking-uk.co.uk
matrix.cl1.icu
microsoft-ofifce.com
mismo.cc
mk3-lab.com
mythic-840.polarbear.dev
mythic-r-888.polarbear.dev
mythic-r903.polarbear.dev
mythic.c2scratch.com
mythicalconnect.eastus.cloudapp.azure.com
najlaa.eu
norwichdeli.innovel.app
ns1.sg03.tmd.cloud
ns1.sg04.tmd.cloud
ns2.sg03.tmd.cloud
ns2.sg04.tmd.cloud
ns21.sg03.tmd.cloud
ns3.sg03.tmd.cloud
pdq-support.fieldertechnology.com
pie-001.huntelsystems.com
protocoloceromanchas.com
quantumcultures.com
rest.projecthopeinaction.org
restaurantdumonde.com
reverent-jepsen.161-35-113-194.plesk.page
services.kevinscooper.com
sg03.tmd.cloud
sg04.tmd.cloud
signalapi.bmesh.io
smtp-out.sg03.tmd.cloud
smtp-out.sg04.tmd.cloud
staging.rjlawsandsons.com
stake-cookinggr.com
summerfi.us
suspicious-diffie.161-35-113-194.plesk.page
tempcontrolapi.bmesh.io
test.security.factorial.dev
the-mort.net
tycaq.xyz
uiuxindia.in
update-gitlab.com
v2202210183584204389.luckysrv.de
vmi1972939.contaboserver.net
webdisk.liveandlettravel.com
webdisk.orientalpearl.com.my
webdisk.smtp-out.sg03.tmd.cloud
webdisk.smtp-out.sg04.tmd.cloud
webmail.baiyokef.sg04.tmd.cloud
webmail.masterpro-asia.com
webmail.smtp-out.sg04.tmd.cloud
workstation-eg.co
xenodochial-mclaren.161-35-113-194.plesk.page
zoom.flatux.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-08)

108.59.184.209:7443
119.76.173.123:7443
13.37.124.10:7443
137.184.211.26:7443
141.94.221.216:7443
143.198.64.151:7443
159.203.133.189:7443
18.252.54.182:7443
192.109.241.19:7443
195.208.174.240:7443
206.189.134.185:7443
207.180.224.247:3000
207.180.224.247:7443
34.229.172.80:7443
45.147.231.115:7443
45.92.9.144:7443
54.147.0.38:7443
54.227.68.178:3000
54.227.99.217:7443
57.155.2.68:7443
61.90.98.248:7443
66.187.76.148:7443
80.78.26.4:7443
89.58.55.99:7443
94.130.23.223:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2024-09-08)

13.250.18.253:7443
164.90.177.232:443
18.246.162.241:7443
18.252.54.182:443
34.229.172.80:3000
34.231.227.34:443
35.204.187.119:443
51.178.137.204:7443
54.174.132.126:443
64.23.213.61:7443
66.165.244.226:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2024-09-09)

35.91.140.183:7443
51.145.154.243:443
52.136.249.248:443
85.165.42.32:7443
88.218.66.21:7443
92.222.217.152:7443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-14)

http://35.84.184.254
128.199.78.132:7443
165.232.118.207:7443
176.124.212.28:7443
185.125.101.221:7443
206.188.196.66:7443
46.8.226.37:7443
61.90.3.30:7443
77.221.154.58:7443
85.192.56.42:7443
88.90.159.162:7443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22)

128.199.59.56:7443
147.182.150.146:7443
149.248.59.104:7443
167.172.42.118:7443
170.64.175.56:7443
35.200.161.35:7443
45.32.198.60:7443
64.226.91.107:7443
68.183.192.21:7443
74.249.9.163:7443
91.103.252.119:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2024-09-22)

http://46.8.237.247
159.89.9.20:443
165.232.118.207:443
34.171.84.82:443
46.166.165.95:443
51.144.103.170:443
51.144.104.92:443
51.144.105.221:443
51.145.156.236:443
52.255.47.35:443
