# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/MichalKoczwara/status/1641113392843718660
# Reference: https://twitter.com/MichalKoczwara/status/1641117793612447747

129.151.170.99:443
139.162.52.150:443
139.59.227.34:443
142.93.154.140:443
143.198.62.146:443
143.42.110.206:443
144.126.202.135:443
158.101.169.125:443
165.154.231.221:443
165.232.123.47:443
167.114.115.246:443
170.187.232.126:443
173.254.204.109:443
18.140.234.35:443
18.204.35.247:443
185.163.204.32:443
185.163.45.65:443
185.216.71.178:4443
188.166.170.1:443
192.46.211.76:443
194.87.218.16:443
2.58.14.26:443
20.12.180.13:443
20.67.246.154:443
203.150.243.176:443
204.48.29.223:443
206.189.22.24:443
209.151.155.42:443
212.87.204.177:443
23.105.212.89:443
23.95.44.80:8443
27.124.44.241:8443
3.72.110.16:443
3.8.184.124:443
31.220.89.214:443
34.229.221.1:443
34.243.164.16:443
35.198.216.30:443
42.193.116.134:443
43.133.22.48:443
43.142.149.130:443
44.192.60.164:443
44.202.199.164:443
45.125.67.244:443
45.135.135.107:443
45.144.30.143:443
45.144.31.129:443
45.77.74.229:443
46.101.79.16:443
47.109.41.48:443
64.176.39.146:443
64.227.8.84:443
65.20.75.178:443
77.91.73.143:443
8.210.103.41:443
8.210.104.188:443
80.158.37.73:6443
81.70.249.195:443
82.223.64.37:443
82.66.183.37:443
89.58.33.82:443
94.102.49.165:443
99.238.119.93:443

# Reference: https://twitter.com/Gi7w0rm/status/1625645124247076870
# Reference: https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace
# Reference: https://www.virustotal.com/gui/file/dba614a3b64db6ab346bf37683a9d13b5013fb4b7def2acdd8a697d26b62e48d/detection
# Reference: https://www.virustotal.com/gui/file/f577e247a29f74cf5517d47cc4821dc4d087cb96d5456ebb2f6f858dbe828ccd/detection
# Reference: https://www.virustotal.com/gui/file/ccb6d9742cf9329f2cb8030a25be663d098878ece7ffcfaa483b50856ad3c08e/detection
# Reference: https://www.virustotal.com/gui/file/c9a395ec3fb69e124c672823333ec165fce21a5773618153bc251cc8b2503dc4/detection
# Reference: https://www.virustotal.com/gui/file/b19f1eb30638f1f4695fe0741a1ccdb8ce0aa78b6ea343b4799a64ca1f1b1971/detection
# Reference: https://www.virustotal.com/gui/file/aea22bdf30f2b5ece1f867d4193ddbf48a5e8ebf812d9b7586db4aa54f1abf5d/detection

http://146.190.48.229
146.190.48.229:2323
146.190.48.229:3939
146.190.48.229:6963
146.190.48.229:7777
146.190.48.229:9797

# Reference: https://twitter.com/MichalKoczwara/status/1642218400691699851

194.36.190.103:443

# Reference: https://twitter.com/sicehice/status/1647624379830812673
# Reference: https://www.virustotal.com/gui/file/c0c13de44f445a1e38d1b2ebc5e87882e8bd9af82d0a1c9a90b721cc67a99e54/detection

4.240.86.147:1337
4.240.86.147:8080

# Reference: https://twitter.com/sicehice/status/1647650130684723202

159.223.250.77:9090

# Reference: https://twitter.com/drb_ra/status/1651298448757358608

190.135.186.92:443

# Reference: https://twitter.com/drb_ra/status/1652021857502019622

18.208.213.147:443

# Reference: https://twitter.com/drb_ra/status/1652384835946659840

50.255.107.170:443

# Reference: https://twitter.com/drb_ra/status/1652384849074835458

51.15.133.32:443

# Reference: https://www.virustotal.com/gui/file/c234a376a6de44dcc5f311937d3d705311599233804db547d7271cee796e86fb/detection

81.161.229.121:8080

# Reference: https://twitter.com/drb_ra/status/1653109032226283543

http://3.105.246.81

# Reference: https://twitter.com/drb_ra/status/1653109056112844804

13.41.55.238:443

# Reference: https://twitter.com/drb_ra/status/1653109091340804106

165.227.106.175:443

# Reference: https://twitter.com/drb_ra/status/1653109102019506177

167.99.194.51:443

# Reference: https://twitter.com/drb_ra/status/1653109118775746580

185.239.225.17:8443

# Reference: https://twitter.com/drb_ra/status/1653109134575689752

http://192.99.223.135

# Reference: https://twitter.com/drb_ra/status/1653109137385873422

205.185.113.85:443

# Reference: https://twitter.com/drb_ra/status/1653471476383727616

80.249.147.147:8081

# Reference: https://twitter.com/drb_ra/status/1653471492196188172

157.245.55.19:443

# Reference: https://twitter.com/MichalKoczwara/status/1652988028011290625

5.252.178.157:443
85.209.135.74:443
91.107.130.122:443
stingray.gay

# Reference: https://twitter.com/drb_ra/status/1653833821219856399

http://13.246.26.24

# Reference: https://twitter.com/drb_ra/status/1653833832926158864

16.171.56.119:8443

# Reference: https://twitter.com/drb_ra/status/1653833844863148053

18.158.68.206:443

# Reference: https://twitter.com/drb_ra/status/1653833854883340289

18.208.213.147:4443

# Reference: https://twitter.com/drb_ra/status/1654458500326514691

157.245.199.109:443

# Reference: https://twitter.com/drb_ra/status/1654458530617753601

209.250.255.119:443

# Reference: https://twitter.com/drb_ra/status/1655283458623647746

185.158.94.217:8000

# Reference: https://twitter.com/drb_ra/status/1655645809193410563

3.105.246.81:443

# Reference: https://twitter.com/drb_ra/status/1655645838612258824

51.68.148.55:443

# Reference: https://twitter.com/drb_ra/status/1655645853019693076

70.29.173.138:443

# Reference: https://twitter.com/MichalKoczwara/status/1655994573280116756

http://51.68.148.55
http://51.83.182.155
51.83.182.155:443

# Reference: https://twitter.com/drb_ra/status/1656008250775543808
# Reference: https://twitter.com/drb_ra/status/1656008254307147783

http://3.249.31.242
3.249.31.242:443

# Reference: https://twitter.com/drb_ra/status/1656008271600263190

13.246.26.24:4444

# Reference: https://twitter.com/drb_ra/status/1656008292634697733

51.83.182.155:443

# Reference: https://twitter.com/drb_ra/status/1656008305427324940

51.255.45.74:443

# Reference: https://twitter.com/drb_ra/status/1656008318282866708

52.19.114.156:443

# Reference: https://twitter.com/drb_ra/status/1656008337362677764

146.59.10.45:443

# Reference: https://twitter.com/drb_ra/status/1656370613445881886

51.68.148.48:443

# Reference: https://twitter.com/drb_ra/status/1656370630160183309

54.160.113.74:445

# Reference: https://twitter.com/drb_ra/status/1656370660740853772

198.211.102.42:443

# Reference: https://twitter.com/drb_ra/status/1656733184384442369

35.136.215.120:443

# Reference: https://twitter.com/drb_ra/status/1656733205938962457

65.21.56.40:443

# Reference: https://twitter.com/drb_ra/status/1656733220782604290

109.106.255.148:443

# Reference: https://twitter.com/drb_ra/status/1656733232786702394

114.117.244.233:443

# Reference: https://twitter.com/drb_ra/status/1656733250180481037

http://165.22.21.249

# Reference: https://twitter.com/drb_ra/status/1657095463651139605

3.26.1.74:443

# Reference: https://twitter.com/drb_ra/status/1657095499281752080

76.65.175.53:443

# Reference: https://twitter.com/drb_ra/status/1657095516113494024

107.172.90.146:443

# Reference: https://twitter.com/drb_ra/status/1657095546828382213

176.123.8.200:443

# Reference: https://twitter.com/drb_ra/status/1657095561009397761

193.233.48.14:443

# Reference: https://twitter.com/drb_ra/status/1657458200063385602

104.200.20.89:8881

# Reference: https://twitter.com/drb_ra/status/1657458238734888973

190.133.143.80:443

# Reference: https://twitter.com/drb_ra/status/1657820277173092353

167.58.245.20:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/

http://108.177.235.233
http://128.199.207.220
http://13.213.147.86
http://13.246.26.24
http://135.181.254.184
http://142.93.45.33
http://149.28.207.18
http://165.22.21.249
http://177.67.71.17
http://188.191.106.251
http://190.135.176.171
http://192.99.223.135
http://193.43.94.63
http://194.4.51.90
http://195.123.241.72
http://20.109.45.183
http://20.126.20.79
http://3.105.246.81
http://3.249.31.242
http://3.85.21.250
http://45.12.253.239
http://5.188.87.39
http://51.158.77.242
http://64.227.130.238
http://66.55.65.150
http://74.207.237.246
http://82.223.64.37
100.26.241.235:445
101.42.246.105:443
101.42.246.105:4433
103.253.43.146:443
104.248.120.60:4343
107.172.90.146:8443
107.174.95.55:443
108.174.57.187:443
108.177.235.233:443
109.105.198.141:443
109.172.44.233:443
109.94.110.94:443
118.31.66.10:443
123.249.38.254:9999
129.150.46.86:443
129.151.233.130:443
13.125.17.253:443
13.244.111.157:443
13.244.144.1:443
13.39.48.10:443
13.93.75.195:443
134.122.45.166:443
136.244.80.185:443
137.184.100.52:443
137.74.253.250:443
138.68.103.181:443
139.144.22.116:443
139.144.39.22:443
139.144.57.50:443
139.180.144.171:443
140.238.217.117:443
141.164.45.80:443
143.198.105.62:443
143.198.136.12:8089
143.198.218.5:443
143.198.53.218:443
143.42.110.206:555
146.190.104.255:443
146.190.120.225:443
146.70.35.170:443
146.70.87.109:443
147.182.241.180:443
149.28.207.18:443
151.236.25.237:4444
151.236.25.237:4445
157.245.47.66:443
157.254.195.51:443
158.247.223.37:4444
159.223.202.160:443
159.223.250.77:443
159.65.149.47:8443
164.92.241.44:443
165.22.12.239:443
166.88.77.16:443
167.172.106.238:443
167.56.104.241:443
167.56.105.95:443
167.56.112.216:443
167.56.122.192:443
167.56.122.29:443
167.56.194.219:443
167.56.196.20:443
167.56.198.150:443
167.56.198.48:443
167.56.203.196:443
167.56.66.214:443
167.58.233.226:443
167.59.76.141:443
167.59.76.50:443
168.138.174.173:2083
168.138.174.173:2087
168.138.174.173:2096
168.138.174.173:40006
168.138.174.173:8443
170.187.142.23:8899
172.105.66.217:443
172.86.78.127:443
172.93.165.118:41686
172.93.165.118:443
174.138.28.5:11443
174.138.28.5:41156
175.178.226.246:443
176.124.32.160:443
177.67.71.17:443
179.25.216.69:443
179.25.221.138:443
179.25.222.247:443
18.134.161.59:443
18.157.84.230:443
18.185.111.207:443
18.196.203.78:33688
18.196.203.78:443
18.214.99.112:443
18.224.73.25:443
182.61.19.90:443
182.61.19.90:48888
184.73.53.214:443
185.112.144.20:443
185.112.144.20:8443
185.163.45.244:443
185.203.118.50:443
185.225.74.223:4433
185.247.224.13:443
185.32.126.34:443
185.39.204.47:443
185.64.247.201:443
185.74.222.204:443
187.95.25.167:443
188.166.251.121:443
188.191.106.34:443
190.133.129.34:443
190.133.130.250:443
190.133.139.168:443
190.133.150.121:443
190.133.150.206:443
190.133.155.21:443
190.133.159.153:443
190.133.232.69:443
190.133.235.6:443
190.133.236.207:443
190.133.237.30:443
190.133.238.68:443
190.134.139.110:443
190.134.148.138:443
190.134.155.238:443
190.134.200.111:443
190.134.202.117:443
190.134.43.116:443
190.134.50.10:443
190.135.124.228:443
190.135.126.109:443
190.135.168.212:443
190.135.176.171:443
190.135.177.179:443
190.135.182.53:443
190.135.184.127:443
190.135.209.12:443
190.135.233.148:443
192.121.163.90:443
192.153.57.181:443
192.153.57.73:443
192.99.223.135:443
193.37.69.123:443
193.43.94.63:443
194.135.33.127:9080
194.58.98.232:443
194.58.98.232:8888
195.123.241.72:443
195.24.66.110:443
195.85.114.214:443
20.109.45.183:443
20.115.112.114:443
20.15.162.87:443
20.158.49.49:443
20.235.26.66:443
20.74.236.100:443
20.92.20.220:443
20.94.83.139:9000
207.148.127.136:10025
209.141.50.192:443
209.38.232.99:443
209.79.69.200:443
212.227.9.150:443
23.106.215.192:443
23.94.59.56:15443
3.17.156.183:443
3.26.10.74:443
3.67.64.179:40156
3.67.64.179:4043
3.71.188.11:443
3.72.1.193:8443
3.72.106.201:443
31.187.76.237:443
34.136.114.164:443
34.18.9.224:443
35.158.109.72:443
35.207.109.124:443
35.226.91.165:443
35.75.17.242:443
37.187.123.146:443
38.54.107.202:443
38.54.107.202:8082
39.99.45.71:2443
4.196.211.113:443
4.231.105.17:8443
40.76.236.54:443
43.153.184.17:3389
43.153.184.17:443
44.200.59.2:443
44.203.114.48:4443
45.117.81.126:443
45.125.67.100:443
45.125.67.117:443
45.153.242.73:443
45.56.76.86:443
45.77.233.83:443
45.77.254.85:443
45.79.90.123:40000
45.8.251.210:7443
45.9.149.144:443
45.9.150.150:443
45.93.28.77:443
46.161.53.217:443
46.183.184.149:443
46.29.234.73:443
47.90.254.130:443
5.161.197.230:443
5.252.178.146:443
5.255.97.196:443
5.44.42.124:443
5.53.125.31:7443
51.15.195.71:443
51.15.59.83:443
51.158.77.242:443
51.158.77.242:5555
51.158.77.242:8443
52.147.196.140:443
52.211.176.121:443
54.144.152.176:443
54.246.21.155:443
54.251.23.219:443
54.64.152.213:8443
54.78.24.98:443
62.234.185.181:443
64.176.34.205:443
64.176.34.205:8443
64.176.47.227:443
64.176.47.227:8080
64.176.47.227:8888
64.226.111.133:443
64.227.130.238:443
64.227.130.238:8080
66.55.65.150:443
68.183.185.231:443
74.119.193.28:443
74.207.237.246:8443
74.234.230.67:443
77.139.130.110:443
77.91.73.143:4433
8.208.95.78:443
8.217.111.67:443
8.222.230.219:443
85.206.172.192:443
88.99.28.233:5000
89.147.108.250:8085
90.107.73.133:443
91.92.128.200:443
94.131.102.61:443
94.131.110.14:9090
98.252.137.125:443

# Reference: # Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-07-28)

104.168.237.121:443
108.177.235.191:443
146.190.113.107:443
168.138.174.173:443
18.219.102.188:443
23.83.133.160:443
23.83.133.164:443
24.99.36.214:443
35.90.217.46:443
44.202.218.193:443
44.212.22.10:22222
54.255.154.71:443
77.223.122.145:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (# 2023-07-30)

http://95.164.47.3
13.39.237.2:443
16.171.60.36:443
45.81.34.65:11443
95.164.47.3:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/ (#2023-07-31)

139.99.66.96:443
185.39.204.47:447
64.227.79.229:10025
http://146.70.145.212
