# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/MichalKoczwara/status/1641113392843718660
# Reference: https://twitter.com/MichalKoczwara/status/1641117793612447747

129.151.170.99:443
139.162.52.150:443
139.59.227.34:443
142.93.154.140:443
143.198.62.146:443
143.42.110.206:443
144.126.202.135:443
158.101.169.125:443
165.154.231.221:443
165.232.123.47:443
167.114.115.246:443
170.187.232.126:443
173.254.204.109:443
18.140.234.35:443
18.204.35.247:443
185.163.204.32:443
185.163.45.65:443
185.216.71.178:4443
188.166.170.1:443
192.46.211.76:443
194.87.218.16:443
2.58.14.26:443
20.12.180.13:443
20.67.246.154:443
203.150.243.176:443
204.48.29.223:443
206.189.22.24:443
209.151.155.42:443
212.87.204.177:443
23.105.212.89:443
23.95.44.80:8443
27.124.44.241:8443
3.72.110.16:443
3.8.184.124:443
31.220.89.214:443
34.229.221.1:443
34.243.164.16:443
35.198.216.30:443
42.193.116.134:443
43.133.22.48:443
43.142.149.130:443
44.192.60.164:443
44.202.199.164:443
45.125.67.244:443
45.135.135.107:443
45.144.30.143:443
45.144.31.129:443
45.77.74.229:443
46.101.79.16:443
47.109.41.48:443
64.176.39.146:443
64.227.8.84:443
65.20.75.178:443
77.91.73.143:443
8.210.103.41:443
8.210.104.188:443
80.158.37.73:6443
81.70.249.195:443
82.223.64.37:443
82.66.183.37:443
89.58.33.82:443
94.102.49.165:443
99.238.119.93:443

# Reference: https://twitter.com/Gi7w0rm/status/1625645124247076870
# Reference: https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace
# Reference: https://www.virustotal.com/gui/file/dba614a3b64db6ab346bf37683a9d13b5013fb4b7def2acdd8a697d26b62e48d/detection
# Reference: https://www.virustotal.com/gui/file/f577e247a29f74cf5517d47cc4821dc4d087cb96d5456ebb2f6f858dbe828ccd/detection
# Reference: https://www.virustotal.com/gui/file/ccb6d9742cf9329f2cb8030a25be663d098878ece7ffcfaa483b50856ad3c08e/detection
# Reference: https://www.virustotal.com/gui/file/c9a395ec3fb69e124c672823333ec165fce21a5773618153bc251cc8b2503dc4/detection
# Reference: https://www.virustotal.com/gui/file/b19f1eb30638f1f4695fe0741a1ccdb8ce0aa78b6ea343b4799a64ca1f1b1971/detection
# Reference: https://www.virustotal.com/gui/file/aea22bdf30f2b5ece1f867d4193ddbf48a5e8ebf812d9b7586db4aa54f1abf5d/detection

http://146.190.48.229
146.190.48.229:2323
146.190.48.229:3939
146.190.48.229:6963
146.190.48.229:7777
146.190.48.229:9797

# Reference: https://twitter.com/MichalKoczwara/status/1642218400691699851

194.36.190.103:443

# Reference: https://twitter.com/sicehice/status/1647624379830812673
# Reference: https://www.virustotal.com/gui/file/c0c13de44f445a1e38d1b2ebc5e87882e8bd9af82d0a1c9a90b721cc67a99e54/detection

4.240.86.147:1337
4.240.86.147:8080

# Reference: https://twitter.com/sicehice/status/1647650130684723202

159.223.250.77:9090

# Reference: https://twitter.com/drb_ra/status/1651298448757358608

190.135.186.92:443

# Reference: https://twitter.com/drb_ra/status/1652021857502019622

18.208.213.147:443

# Reference: https://twitter.com/drb_ra/status/1652384835946659840

50.255.107.170:443

# Reference: https://twitter.com/drb_ra/status/1652384849074835458

51.15.133.32:443

# Reference: https://www.virustotal.com/gui/file/c234a376a6de44dcc5f311937d3d705311599233804db547d7271cee796e86fb/detection

81.161.229.121:8080

# Reference: https://twitter.com/drb_ra/status/1653109032226283543

http://3.105.246.81

# Reference: https://twitter.com/drb_ra/status/1653109056112844804

13.41.55.238:443

# Reference: https://twitter.com/drb_ra/status/1653109091340804106

165.227.106.175:443

# Reference: https://twitter.com/drb_ra/status/1653109102019506177

167.99.194.51:443

# Reference: https://twitter.com/drb_ra/status/1653109118775746580

185.239.225.17:8443

# Reference: https://twitter.com/drb_ra/status/1653109134575689752

http://192.99.223.135

# Reference: https://twitter.com/drb_ra/status/1653109137385873422

205.185.113.85:443

# Reference: https://twitter.com/drb_ra/status/1653471476383727616

80.249.147.147:8081

# Reference: https://twitter.com/drb_ra/status/1653471492196188172

157.245.55.19:443

# Reference: https://twitter.com/MichalKoczwara/status/1652988028011290625

5.252.178.157:443
85.209.135.74:443
91.107.130.122:443
stingray.gay

# Reference: https://twitter.com/drb_ra/status/1653833821219856399

http://13.246.26.24

# Reference: https://twitter.com/drb_ra/status/1653833832926158864

16.171.56.119:8443

# Reference: https://twitter.com/drb_ra/status/1653833844863148053

18.158.68.206:443

# Reference: https://twitter.com/drb_ra/status/1653833854883340289

18.208.213.147:4443

# Reference: https://twitter.com/drb_ra/status/1654458500326514691

157.245.199.109:443

# Reference: https://twitter.com/drb_ra/status/1654458530617753601

209.250.255.119:443

# Reference: https://twitter.com/drb_ra/status/1655283458623647746

185.158.94.217:8000

# Reference: https://twitter.com/drb_ra/status/1655645809193410563

3.105.246.81:443

# Reference: https://twitter.com/drb_ra/status/1655645838612258824

51.68.148.55:443

# Reference: https://twitter.com/drb_ra/status/1655645853019693076

70.29.173.138:443

# Reference: https://twitter.com/MichalKoczwara/status/1655994573280116756

http://51.68.148.55
http://51.83.182.155
51.83.182.155:443

# Reference: https://twitter.com/drb_ra/status/1656008250775543808
# Reference: https://twitter.com/drb_ra/status/1656008254307147783

http://3.249.31.242
3.249.31.242:443

# Reference: https://twitter.com/drb_ra/status/1656008271600263190

13.246.26.24:4444

# Reference: https://twitter.com/drb_ra/status/1656008292634697733

51.83.182.155:443

# Reference: https://twitter.com/drb_ra/status/1656008305427324940

51.255.45.74:443

# Reference: https://twitter.com/drb_ra/status/1656008318282866708

52.19.114.156:443

# Reference: https://twitter.com/drb_ra/status/1656008337362677764

146.59.10.45:443

# Reference: https://twitter.com/drb_ra/status/1656370613445881886

51.68.148.48:443

# Reference: https://twitter.com/drb_ra/status/1656370630160183309

54.160.113.74:445

# Reference: https://twitter.com/drb_ra/status/1656370660740853772

198.211.102.42:443

# Reference: https://twitter.com/drb_ra/status/1656733184384442369

35.136.215.120:443

# Reference: https://twitter.com/drb_ra/status/1656733205938962457

65.21.56.40:443

# Reference: https://twitter.com/drb_ra/status/1656733220782604290

109.106.255.148:443

# Reference: https://twitter.com/drb_ra/status/1656733232786702394

114.117.244.233:443

# Reference: https://twitter.com/drb_ra/status/1656733250180481037

http://165.22.21.249

# Reference: https://twitter.com/drb_ra/status/1657095463651139605

3.26.1.74:443

# Reference: https://twitter.com/drb_ra/status/1657095499281752080

76.65.175.53:443

# Reference: https://twitter.com/drb_ra/status/1657095516113494024

107.172.90.146:443

# Reference: https://twitter.com/drb_ra/status/1657095546828382213

176.123.8.200:443

# Reference: https://twitter.com/drb_ra/status/1657095561009397761

193.233.48.14:443

# Reference: https://twitter.com/drb_ra/status/1657458200063385602

104.200.20.89:8881

# Reference: https://twitter.com/drb_ra/status/1657458238734888973

190.133.143.80:443

# Reference: https://twitter.com/drb_ra/status/1657820277173092353

167.58.245.20:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.havoc/

http://190.135.176.171
104.248.120.60:4343
108.174.57.187:443
109.94.110.94:443
118.31.66.10:443
123.249.38.254:9999
129.151.233.130:443
13.125.17.253:443
13.244.111.157:443
13.244.144.1:443
134.122.45.166:443
137.184.100.52:443
137.74.253.250:443
138.68.103.181:443
139.144.22.116:443
139.144.39.22:443
139.144.57.50:443
139.180.144.171:443
143.42.110.206:555
146.190.104.255:443
147.182.241.180:443
158.247.223.37:4444
159.223.250.77:443
167.172.106.238:443
170.187.142.23:8899
174.138.28.5:11443
174.138.28.5:41156
175.178.226.246:443
18.134.161.59:443
184.73.53.214:443
185.112.144.20:443
185.163.45.244:443
185.225.74.223:4433
185.32.126.34:443
185.64.247.201:443
188.191.106.34:443
190.134.200.111:443
190.135.168.212:443
190.135.176.171:443
192.99.223.135:443
193.37.69.123:443
194.135.33.127:9080
194.58.98.232:443
194.58.98.232:8888
20.15.162.87:443
20.235.26.66:443
20.92.20.220:443
20.94.83.139:9000
209.141.50.192:443
209.79.69.200:443
3.26.10.74:443
3.71.188.11:443
3.72.1.193:8443
31.187.76.237:443
34.18.9.224:443
37.187.123.146:443
38.54.107.202:8082
39.99.45.71:2443
4.231.105.17:8443
40.76.236.54:443
44.200.59.2:443
45.117.81.126:443
45.56.76.86:443
45.77.233.83:443
45.77.254.85:443
45.93.28.77:443
47.90.254.130:443
5.53.125.31:7443
51.15.59.83:443
51.158.77.242:443
54.144.152.176:443
54.64.152.213:8443
74.119.193.28:443
77.91.73.143:4433
8.217.111.67:443
91.92.128.200:443
94.131.102.61:443
