# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/cobbr/Covenant
# Reference: https://twitter.com/1ZRR4H/status/1333606625551192064

45.83.176.85:7443

# Reference: https://twitter.com/bryceabdo/status/1352017243547250689
# Reference: https://www.virustotal.com/gui/file/1faee2229324a40a4d36e7bf0bcd2ceebe40915878d406efa4dd82b0ec1ee965/detection
# Reference: https://www.virustotal.com/gui/file/d776cdeb7432a2dafdc8d9f1255c278f8ae12051b8538e2a285f6255042f0a5d/detection

http://46.101.251.25

# Reference: https://twitter.com/TheDFIRReport/status/1374024318640742402

http://144.126.209.100
http://3.19.242.30

# Reference: https://twitter.com/TheDFIRReport/status/1372574766851231745

http://195.123.239.170
http://47.94.20.209

# Reference: https://twitter.com/TheDFIRReport/status/1375418278856822788

http://143.110.213.159
http://198.211.96.96
http://45.77.248.89
http://52.247.27.44

# Reference: https://twitter.com/TheDFIRReport/status/1377232960676577280

http://143.110.228.146
http://185.203.117.6

# Reference: https://twitter.com/TheDFIRReport/status/1379388421014122502
# Reference: https://beta.shodan.io/host/138.68.62.253

http://138.68.62.253
138.68.62.253:22
138.68.62.253:443
138.68.62.253:7443
138.68.62.253:8000

# Reference: https://twitter.com/TheDFIRReport/status/1379388421014122502
# Reference: https://beta.shodan.io/host/155.138.227.139

155.138.227.139:443
155.138.227.139:4443
155.138.227.139:5000
155.138.227.139:5432
155.138.227.139:8080

# Reference: https://twitter.com/TheDFIRReport/status/1379388421014122502
# Reference: https://beta.shodan.io/host/173.232.146.167

http://173.232.146.167
173.232.146.167:22
173.232.146.167:7443

# Reference: https://twitter.com/TheDFIRReport/status/1379388421014122502
# Reference: https://beta.shodan.io/host/185.186.244.84

http://185.186.244.84
185.186.244.84:22
185.186.244.84:7443

# Reference: https://twitter.com/TheDFIRReport/status/1379388421014122502
# Reference: https://beta.shodan.io/host/185.206.144.192

http://185.206.144.192
185.206.144.192:22
185.206.144.192:7443

# Reference: https://twitter.com/TheDFIRReport/status/1381636980040159234
# Reference: https://beta.shodan.io/host/165.232.131.109

http://165.232.131.109
165.232.131.109:7443
165.232.131.109:81

# Reference: https://twitter.com/TheDFIRReport/status/1381636980040159234
# Reference: https://beta.shodan.io/host/185.205.209.249

http://185.205.209.249
185.205.209.249:22
185.205.209.249:7443

# Reference: https://twitter.com/TheDFIRReport/status/1381636980040159234
# Reference: https://beta.shodan.io/host/45.32.29.78
http://45.32.29.78
45.32.29.78:22
45.32.29.78:7443
45.32.29.78:8443

# Reference: https://twitter.com/TheDFIRReport/status/1381636980040159234
# Reference: https://beta.shodan.io/host/47.243.14.171

http://47.243.14.171
47.243.14.171:443
47.243.14.171:7443

# Reference: https://twitter.com/TheDFIRReport/status/1384853172175392772
# Reference: https://beta.shodan.io/host/172.105.65.243

http://172.105.65.243
172.105.65.243:22
172.105.65.243:7443

# Reference: https://twitter.com/TheDFIRReport/status/1384853172175392772
# Reference: https://beta.shodan.io/host/45.147.228.146

45.147.228.146:7443

# Reference: https://twitter.com/TheDFIRReport/status/1384853172175392772
# Reference: https://beta.shodan.io/host/51.210.110.104

51.210.110.104:7443

# Reference: https://twitter.com/TheDFIRReport/status/1385567840732946436
# Reference: https://beta.shodan.io/host/139.59.231.248
# Reference: https://beta.shodan.io/host/192.46.234.174

http://192.46.234.174
139.59.231.248:22
139.59.231.248:3306
139.59.231.248:7443
192.46.234.174:22
192.46.234.174:7443

# Reference: https://twitter.com/TheDFIRReport/status/1387070281987108865
# Reference: https://beta.shodan.io/host/3.140.190.218

http://3.140.190.218
3.140.190.218:7443

# Reference: https://twitter.com/TheDFIRReport/status/1387070281987108865
# Reference: https://beta.shodan.io/host/35.211.206.132

http://35.211.206.132
35.211.206.132:22
35.211.206.132:443
35.211.206.132:7443

# Reference: https://twitter.com/TheDFIRReport/status/1389595672635183109
# Reference: https://beta.shodan.io/host/185.186.244.84

http://185.186.244.84
185.186.244.84:22
185.186.244.84:7443

# Reference: https://twitter.com/TheDFIRReport/status/1389595672635183109
# Reference: https://beta.shodan.io/host/185.206.144.192

http://185.206.144.192
185.206.144.192:22

# Reference: https://twitter.com/TheDFIRReport/status/1390652638513926144
# Reference: https://beta.shodan.io/host/195.161.62.228

http://195.161.62.228
195.161.62.228:22
195.161.62.228:7443
195.161.62.228:8834

# Reference: https://twitter.com/TheDFIRReport/status/1392089649984774146
# Reference: https://beta.shodan.io/host/195.123.247.143

http://195.123.247.143
195.123.247.143:7443
195.123.247.143:8834

# Reference: https://twitter.com/TheDFIRReport/status/1403321117692108800
# Reference: https://beta.shodan.io/host/52.175.148.20

52.175.148.20:22
52.175.148.20:3000
52.175.148.20:443
52.175.148.20:7443

# Reference: https://twitter.com/TheDFIRReport/status/1407322479664762890

162.55.184.250:7443
54.185.125.101:7443

# Reference: https://twitter.com/TheDFIRReport/status/1405151926640168964
# Reference: https://beta.shodan.io/host/206.189.0.12

http://206.189.0.12
206.189.0.12:22
206.189.0.12:443
206.189.0.12:7443

# Reference: https://twitter.com/TheDFIRReport/status/1405151926640168964
# Reference: https://beta.shodan.io/host/51.79.160.130

51.79.160.130:7443

# Reference: https://twitter.com/TheDFIRReport/status/1407752816362405895
# Reference: https://beta.shodan.io/host/202.169.39.5

202.169.39.5:22
202.169.39.5:587
202.169.39.5:7443
202.169.39.5:993

# Reference: https://twitter.com/TheDFIRReport/status/1407752816362405895
# Reference: https://beta.shodan.io/host/149.28.131.88

http://149.28.131.88
149.28.131.88:22
149.28.131.88:443
149.28.131.88:8000

# Reference: https://twitter.com/TheDFIRReport/status/1417499549397135363
# Reference: https://beta.shodan.io/host/52.14.0.168

52.14.0.168:22
52.14.0.168:443
52.14.0.168:7443

# Reference: https://twitter.com/TheDFIRReport/status/1417499549397135363
# Reference: https://beta.shodan.io/host/52.151.57.51

52.151.57.51:7443
52.151.57.51:8080

# Reference: https://twitter.com/TheDFIRReport/status/1417499549397135363
# Reference: https://beta.shodan.io/host/52.226.67.129

52.226.67.129:7443

# Reference: https://twitter.com/TheDFIRReport/status/1417499549397135363
# Reference: https://beta.shodan.io/host/165.232.185.3

165.232.185.3:22
165.232.185.3:7443

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/157.245.192.237

http://157.245.192.237
157.245.192.237:500
157.245.192.237:7443

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/195.133.52.108

http://195.133.52.108
195.133.52.108:7443
195.133.52.108:8081

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/3.142.251.33

3.142.251.33:443
3.142.251.33:7443

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/43.129.69.172

http://43.129.69.172
43.129.69.172:111
43.129.69.172:22
43.129.69.172:445
43.129.69.172:7443
43.129.69.172:8080

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/73.34.80.127

http://73.34.80.127
73.34.80.127:21
73.34.80.127:7443

# Reference: https://twitter.com/TheDFIRReport/status/1467860126077911043
# Reference: https://beta.shodan.io/host/3.98.205.30

http://3.98.205.30
3.98.205.30:443
3.98.205.30:7443

# Reference: https://twitter.com/TheDFIRReport/status/1461733507324162056
# Reference: https://beta.shodan.io/host/165.227.132.17

http://165.227.132.17
165.227.132.17:21
165.227.132.17:443
165.227.132.17:7443
165.227.132.17:81

# Reference: https://twitter.com/TheDFIRReport/status/1520043978812493824

http://207.148.118.169
207.148.118.169:21
207.148.118.169:443
207.148.118.169:7443
207.148.118.169:81

# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_All.csv
# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_Covenant.txt

103.150.190.90:7443
104.237.142.165:7443
107.182.129.146:7443
109.123.231.70:7443
109.202.192.126:7443
116.203.252.63:7443
123.30.234.134:7443
128.199.70.1:7443
13.246.93.11:7443
13.56.40.136:7443
13.69.157.241:7443
130.61.124.23:7443
134.209.108.174:7443
134.209.132.131:7443
134.209.168.47:7443
135.148.73.194:7443
137.135.244.225:7443
137.184.16.177:7443
137.184.177.162:7443
138.197.108.50:7443
138.68.123.125:8443
138.68.168.158:7443
139.59.230.38:7443
139.59.70.91:7443
143.198.174.221:7443
143.244.142.98:7443
143.244.164.160:7443
143.47.228.54:7443
147.182.198.82:7443
147.182.239.16:7443
149.248.35.226:7443
150.136.90.238:7443
152.67.26.76:7443
155.138.196.53:7443
157.230.25.72:7443
157.245.143.132:7443
158.247.199.220:7443
158.247.219.80:7443
159.65.92.62:7443
159.75.240.4:7443
159.89.229.33:7443
161.97.66.145:7443
162.19.208.126:7443
164.92.134.208:7443
167.179.92.133:7443
167.86.83.133:7443
167.99.206.136:7443
167.99.224.203:7443
172.104.157.19:7443
172.81.60.10:7443
173.82.106.20:7443
174.138.10.170:7443
174.138.7.112:8443
176.58.121.121:7443
178.62.200.196:7443
178.62.32.161:7443
18.134.39.73:7443
18.157.143.36:7443
18.170.111.218:7443
18.192.103.237:443
18.222.189.135:7443
185.112.35.152:7443
185.198.57.164:7443
185.45.195.18:7443
192.46.225.126:7443
193.105.134.145:443
193.149.176.124:7443
194.163.148.158:7443
194.233.174.126:7443
194.36.189.196:7443
194.87.84.137:7443
194.87.84.139:7443
195.128.248.10:7443
198.27.76.162:7443
20.112.75.17:7443
20.118.206.80:7443
20.172.204.218:7443
20.187.47.90:7443
20.213.239.95:7443
20.213.248.0:7443
20.90.25.239:7443
202.169.39.5:7443
203.23.128.118:7443
208.68.39.30:7443
216.93.199.231:7443
217.160.193.134:7443
23.106.123.4:7443
3.128.128.66:7443
3.131.163.207:7443
3.67.204.148:7443
3.72.11.135:7443
34.125.10.164:7443
34.140.146.194:443
34.212.111.221:7443
34.27.128.154:7443
35.180.58.84:7443
40.69.93.0:7443
43.142.178.122:7443
44.198.64.113:7443
45.32.176.111:7443
45.56.75.103:7443
45.76.195.92:7443
45.76.211.73:7443
45.79.155.64:7443
45.79.2.201:7443
45.9.148.192:7443
46.161.40.123:7443
5.182.17.134:7443
5.230.73.38:7443
51.159.195.132:7443
51.89.185.29:7443
51.89.73.156:7443
52.200.202.251:7443
54.166.26.62:7443
54.178.124.65:7443
54.37.225.27:7443
62.210.252.17:7443
64.227.179.34:7443
64.27.27.5:7443
65.108.227.57:7443
65.109.173.97:7443
66.18.171.71:7443
66.42.39.43:7443
68.183.140.238:7443
74.208.208.195:7443
80.78.27.133:7443
81.17.242.130:7443
85.214.251.189:7443
87.242.105.205:443
89.163.153.7:7443
89.251.177.85:7443
91.107.136.163:7443
92.41.108.41:7443
93.115.26.76:7443
94.232.43.227:7443
95.179.206.132:7443
96.126.123.25:7443
98.217.254.26:7443
99.112.162.70:7443
linkedllin.ml
wogetrldvisions.site

# Reference: https://twitter.com/MichalKoczwara/status/1648613293387382786

137.184.72.49:443
137.184.72.49:7443
opusmedical.info

# Reference: https://twitter.com/drb_ra/status/1652021318735261696

168.100.232.169:7443

# Reference: https://twitter.com/drb_ra/status/1653833270704889856

193.42.32.228:7443

# Reference: https://twitter.com/drb_ra/status/1654195723687149568

34.89.112.244:7443

# Reference: https://twitter.com/drb_ra/status/1655282798507245569

146.59.10.45:7443

# Reference: https://twitter.com/drb_ra/status/1655645200214024210

92.40.12.16:7443

# Reference: https://twitter.com/drb_ra/status/1655645217112875020

165.22.76.8:7443

# Reference: https://twitter.com/drb_ra/status/1657457256231829506

34.205.137.3:7443

# Reference: https://threatfox.abuse.ch/browse/tag/covenant/

103.234.72.240:7443
109.123.251.235:7443
129.213.138.54:7443
13.48.123.193:7443
138.197.159.128:8443
138.197.159.167:8443
139.144.110.68:7443
139.144.98.36:7443
141.147.78.236:7443
146.70.124.72:7443
147.182.137.253:443
147.182.137.253:8000
159.223.142.45:7443
159.223.206.178:7443
165.227.207.110:7443
167.233.4.178:7443
167.71.222.215:7443
172.104.195.25:7443
172.105.179.88:7443
178.128.194.238:7443
178.54.187.54:50555
18.116.55.129:7443
18.118.200.0:7443
185.11.27.20:8888
185.150.119.102:7443
185.244.51.135:7443
188.239.191.240:25008
188.68.250.179:1443
193.29.62.114:7443
194.135.91.60:80
195.15.195.158:7443
195.15.240.22:7443
195.201.112.181:7443
20.127.203.237:7443
20.213.251.215:7443
20.227.146.141:7443
203.234.238.130:7443
209.126.77.241:7443
3.136.181.193:7443
3.23.238.33:7443
34.28.100.185:7443
35.180.21.188:7443
35.180.219.92:7443
35.92.109.135:7443
4.204.220.187:3389
45.63.127.77:7443
46.101.60.112:7443
5.15.63.158:7443
54.78.223.212:7443
54.82.89.116:7443
64.226.95.13:7443
64.44.101.23:7443
65.21.157.150:7443
68.183.120.153:7443
80.243.140.69:7443
81.17.242.138:7443
92.41.115.60:7443
92.41.96.161:7443
94.131.15.185:7443
98.117.244.39:7443
98.117.244.42:7443

# Generic

/covenantuser/
/covenantuser/login
