# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/cobbr/Covenant
# Reference: https://twitter.com/1ZRR4H/status/1333606625551192064

45.83.176.85:7443

# Reference: https://twitter.com/bryceabdo/status/1352017243547250689
# Reference: https://www.virustotal.com/gui/file/1faee2229324a40a4d36e7bf0bcd2ceebe40915878d406efa4dd82b0ec1ee965/detection
# Reference: https://www.virustotal.com/gui/file/d776cdeb7432a2dafdc8d9f1255c278f8ae12051b8538e2a285f6255042f0a5d/detection

http://46.101.251.25

# Reference: https://twitter.com/TheDFIRReport/status/1374024318640742402

http://144.126.209.100
http://3.19.242.30

# Reference: https://twitter.com/TheDFIRReport/status/1372574766851231745

http://195.123.239.170
http://47.94.20.209

# Reference: https://twitter.com/TheDFIRReport/status/1375418278856822788

http://143.110.213.159
http://198.211.96.96
http://45.77.248.89
http://52.247.27.44

# Reference: https://twitter.com/TheDFIRReport/status/1377232960676577280

http://143.110.228.146
http://185.203.117.6

# Reference: https://twitter.com/TheDFIRReport/status/1379388421014122502
# Reference: https://beta.shodan.io/host/138.68.62.253

http://138.68.62.253
138.68.62.253:22
138.68.62.253:443
138.68.62.253:7443
138.68.62.253:8000

# Reference: https://twitter.com/TheDFIRReport/status/1379388421014122502
# Reference: https://beta.shodan.io/host/155.138.227.139

155.138.227.139:443
155.138.227.139:4443
155.138.227.139:5000
155.138.227.139:5432
155.138.227.139:8080

# Reference: https://twitter.com/TheDFIRReport/status/1379388421014122502
# Reference: https://beta.shodan.io/host/173.232.146.167

http://173.232.146.167
173.232.146.167:22
173.232.146.167:7443

# Reference: https://twitter.com/TheDFIRReport/status/1379388421014122502
# Reference: https://beta.shodan.io/host/185.186.244.84

http://185.186.244.84
185.186.244.84:22
185.186.244.84:7443

# Reference: https://twitter.com/TheDFIRReport/status/1379388421014122502
# Reference: https://beta.shodan.io/host/185.206.144.192

http://185.206.144.192
185.206.144.192:22
185.206.144.192:7443

# Reference: https://twitter.com/TheDFIRReport/status/1381636980040159234
# Reference: https://beta.shodan.io/host/165.232.131.109

http://165.232.131.109
165.232.131.109:7443
165.232.131.109:81

# Reference: https://twitter.com/TheDFIRReport/status/1381636980040159234
# Reference: https://beta.shodan.io/host/185.205.209.249

http://185.205.209.249
185.205.209.249:22
185.205.209.249:7443

# Reference: https://twitter.com/TheDFIRReport/status/1381636980040159234
# Reference: https://beta.shodan.io/host/45.32.29.78
http://45.32.29.78
45.32.29.78:22
45.32.29.78:7443
45.32.29.78:8443

# Reference: https://twitter.com/TheDFIRReport/status/1381636980040159234
# Reference: https://beta.shodan.io/host/47.243.14.171

http://47.243.14.171
47.243.14.171:443
47.243.14.171:7443

# Reference: https://twitter.com/TheDFIRReport/status/1384853172175392772
# Reference: https://beta.shodan.io/host/172.105.65.243

http://172.105.65.243
172.105.65.243:22
172.105.65.243:7443

# Reference: https://twitter.com/TheDFIRReport/status/1384853172175392772
# Reference: https://beta.shodan.io/host/45.147.228.146

45.147.228.146:7443

# Reference: https://twitter.com/TheDFIRReport/status/1384853172175392772
# Reference: https://beta.shodan.io/host/51.210.110.104

51.210.110.104:7443

# Reference: https://twitter.com/TheDFIRReport/status/1385567840732946436
# Reference: https://beta.shodan.io/host/139.59.231.248
# Reference: https://beta.shodan.io/host/192.46.234.174

http://192.46.234.174
139.59.231.248:22
139.59.231.248:3306
139.59.231.248:7443
192.46.234.174:22
192.46.234.174:7443

# Reference: https://twitter.com/TheDFIRReport/status/1387070281987108865
# Reference: https://beta.shodan.io/host/3.140.190.218

http://3.140.190.218
3.140.190.218:7443

# Reference: https://twitter.com/TheDFIRReport/status/1387070281987108865
# Reference: https://beta.shodan.io/host/35.211.206.132

http://35.211.206.132
35.211.206.132:22
35.211.206.132:443
35.211.206.132:7443

# Reference: https://twitter.com/TheDFIRReport/status/1389595672635183109
# Reference: https://beta.shodan.io/host/185.186.244.84

http://185.186.244.84
185.186.244.84:22
185.186.244.84:7443

# Reference: https://twitter.com/TheDFIRReport/status/1389595672635183109
# Reference: https://beta.shodan.io/host/185.206.144.192

http://185.206.144.192
185.206.144.192:22

# Reference: https://twitter.com/TheDFIRReport/status/1390652638513926144
# Reference: https://beta.shodan.io/host/195.161.62.228

http://195.161.62.228
195.161.62.228:22
195.161.62.228:7443
195.161.62.228:8834

# Reference: https://twitter.com/TheDFIRReport/status/1392089649984774146
# Reference: https://beta.shodan.io/host/195.123.247.143

http://195.123.247.143
195.123.247.143:7443
195.123.247.143:8834

# Reference: https://twitter.com/TheDFIRReport/status/1403321117692108800
# Reference: https://beta.shodan.io/host/52.175.148.20

52.175.148.20:22
52.175.148.20:3000
52.175.148.20:443
52.175.148.20:7443

# Reference: https://twitter.com/TheDFIRReport/status/1407322479664762890

162.55.184.250:7443
54.185.125.101:7443

# Reference: https://twitter.com/TheDFIRReport/status/1405151926640168964
# Reference: https://beta.shodan.io/host/206.189.0.12

http://206.189.0.12
206.189.0.12:22
206.189.0.12:443
206.189.0.12:7443

# Reference: https://twitter.com/TheDFIRReport/status/1405151926640168964
# Reference: https://beta.shodan.io/host/51.79.160.130

51.79.160.130:7443

# Reference: https://twitter.com/TheDFIRReport/status/1407752816362405895
# Reference: https://beta.shodan.io/host/202.169.39.5

202.169.39.5:22
202.169.39.5:587
202.169.39.5:7443
202.169.39.5:993

# Reference: https://twitter.com/TheDFIRReport/status/1407752816362405895
# Reference: https://beta.shodan.io/host/149.28.131.88

http://149.28.131.88
149.28.131.88:22
149.28.131.88:443
149.28.131.88:8000

# Reference: https://twitter.com/TheDFIRReport/status/1417499549397135363
# Reference: https://beta.shodan.io/host/52.14.0.168

52.14.0.168:22
52.14.0.168:443
52.14.0.168:7443

# Reference: https://twitter.com/TheDFIRReport/status/1417499549397135363
# Reference: https://beta.shodan.io/host/52.151.57.51

52.151.57.51:7443
52.151.57.51:8080

# Reference: https://twitter.com/TheDFIRReport/status/1417499549397135363
# Reference: https://beta.shodan.io/host/52.226.67.129

52.226.67.129:7443

# Reference: https://twitter.com/TheDFIRReport/status/1417499549397135363
# Reference: https://beta.shodan.io/host/165.232.185.3

165.232.185.3:22
165.232.185.3:7443

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/157.245.192.237

http://157.245.192.237
157.245.192.237:500
157.245.192.237:7443

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/195.133.52.108

http://195.133.52.108
195.133.52.108:7443
195.133.52.108:8081

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/3.142.251.33

3.142.251.33:443
3.142.251.33:7443

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/43.129.69.172

http://43.129.69.172
43.129.69.172:111
43.129.69.172:22
43.129.69.172:445
43.129.69.172:7443
43.129.69.172:8080

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/73.34.80.127

http://73.34.80.127
73.34.80.127:21
73.34.80.127:7443

# Reference: https://twitter.com/TheDFIRReport/status/1467860126077911043
# Reference: https://beta.shodan.io/host/3.98.205.30

http://3.98.205.30
3.98.205.30:443
3.98.205.30:7443

# Reference: https://twitter.com/TheDFIRReport/status/1461733507324162056
# Reference: https://beta.shodan.io/host/165.227.132.17

http://165.227.132.17
165.227.132.17:21
165.227.132.17:443
165.227.132.17:7443
165.227.132.17:81

# Reference: https://twitter.com/TheDFIRReport/status/1520043978812493824

http://207.148.118.169
207.148.118.169:21
207.148.118.169:443
207.148.118.169:7443
207.148.118.169:81

# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_All.csv
# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_Covenant.txt

107.182.129.146:7443
109.202.192.126:7443
116.203.252.63:7443
128.199.70.1:7443
13.246.93.11:7443
13.56.40.136:7443
13.69.157.241:7443
130.61.124.23:7443
134.209.108.174:7443
134.209.132.131:7443
134.209.168.47:7443
135.148.73.194:7443
137.184.16.177:7443
137.184.177.162:7443
138.197.108.50:7443
138.68.123.125:8443
138.68.168.158:7443
139.59.70.91:7443
143.198.174.221:7443
143.244.142.98:7443
143.244.164.160:7443
143.47.228.54:7443
147.182.198.82:7443
147.182.239.16:7443
149.248.35.226:7443
150.136.90.238:7443
155.138.196.53:7443
157.230.25.72:7443
157.245.143.132:7443
158.247.199.220:7443
158.247.219.80:7443
159.65.92.62:7443
161.97.66.145:7443
162.19.208.126:7443
164.92.134.208:7443
167.179.92.133:7443
167.86.83.133:7443
167.99.206.136:7443
172.104.157.19:7443
172.81.60.10:7443
173.82.106.20:7443
174.138.10.170:7443
174.138.7.112:8443
176.58.121.121:7443
178.62.200.196:7443
178.62.32.161:7443
18.134.39.73:7443
18.157.143.36:7443
18.192.103.237:443
185.112.35.152:7443
185.45.195.18:7443
193.105.134.145:443
193.149.176.124:7443
194.233.174.126:7443
194.36.189.196:7443
194.87.84.137:7443
194.87.84.139:7443
198.27.76.162:7443
20.118.206.80:7443
20.172.204.218:7443
20.187.47.90:7443
20.90.25.239:7443
202.169.39.5:7443
203.23.128.118:7443
208.68.39.30:7443
216.93.199.231:7443
217.160.193.134:7443
23.106.123.4:7443
3.128.128.66:7443
3.131.163.207:7443
3.67.204.148:7443
3.72.11.135:7443
34.125.10.164:7443
34.212.111.221:7443
35.180.58.84:7443
44.198.64.113:7443
45.32.176.111:7443
45.56.75.103:7443
45.79.2.201:7443
46.161.40.123:7443
5.182.17.134:7443
5.230.73.38:7443
51.159.195.132:7443
51.89.73.156:7443
54.166.26.62:7443
54.178.124.65:7443
62.210.252.17:7443
64.227.179.34:7443
64.27.27.5:7443
65.108.227.57:7443
66.18.171.71:7443
66.42.39.43:7443
68.183.140.238:7443
80.78.27.133:7443
85.214.251.189:7443
87.242.105.205:443
89.163.153.7:7443
93.115.26.76:7443
94.232.43.227:7443
95.179.206.132:7443
96.126.123.25:7443
99.112.162.70:7443
linkedllin.ml
wogetrldvisions.site

# Generic

/covenantuser/
/covenantuser/login
