# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/KorbenD_Intel/status/1406007597027708933
# Reference: https://twitter.com/AcooEdi/status/1409265045200986112
# Reference: https://github.com/its-a-feature/Mythic
# Reference: https://www.virustotal.com/gui/file/3560fce6eb996380b8daf223fe10d55086b9582593c6e2f62511cc5995f18005/detection
# Reference: https://www.virustotal.com/gui/file/8043d6c07fbd1e122c91eedf782c6ed7a539ab089a0eab48a50b2ab71127fa51/detection

20.86.10.75:7443

# Reference: https://twitter.com/MichalKoczwara/status/1438943089528348680

106.52.103.154:7443
107.155.81.125:7443
143.198.42.198:7443
157.230.93.100:7443
172.105.254.138:7443
194.5.212.165:7443
35.244.90.180:7443
52.13.1.165:7443
8.130.55.52:7443

# Reference: https://twitter.com/benkow_/status/1542047469860683777

cryptolvl-rsa-check.com

# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_All.csv
# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_Mythic.txt

101.35.90.253:7443
101.99.94.107:7443
103.134.19.125:7443
103.134.19.126:7443
103.140.187.203:7443
104.248.136.18:7443
104.248.88.172:7443
107.152.47.92:7443
107.174.68.34:7443
107.191.62.175:7443
109.248.6.210:7443
109.248.6.212:7443
109.248.6.225:7443
109.248.6.231:7443
109.248.6.250:7443
111.90.151.110:7443
121.196.173.138:7443
121.37.166.111:7443
124.156.19.110:7443
124.221.250.89:7443
13.214.180.60:7443
13.51.87.2:7443
13.55.56.50:7443
13.69.157.231:7443
130.51.20.132:7443
134.0.116.185:7443
134.122.109.56:7443
134.209.28.232:7443
135.181.207.18:7443
137.184.207.189:7443
137.184.3.67:7443
138.197.142.113:7443
138.68.127.9:7443
138.68.76.238:7443
139.144.19.118:7443
139.162.38.59:7443
139.59.144.58:7443
139.59.249.255:7443
139.59.72.48:7443
139.84.192.189:7443
139.84.227.243:7443
139.84.230.205:7443
139.99.89.117:7443
142.44.129.32:7443
142.93.141.182:7443
142.93.166.252:7443
142.93.246.237:7443
142.93.60.235:7443
143.110.176.131:7443
143.110.178.9:7443
143.110.217.151:7443
143.198.191.206:7443
143.198.226.82:7443
144.91.122.255:7443
145.131.8.169:7443
145.239.197.84:7443
146.190.38.149:7443
147.182.157.114:7443
147.182.231.226:7443
149.28.133.118:7443
149.28.136.54:7443
149.56.109.219:7443
152.136.200.244:7443
154.180.67.196:7443
157.230.93.100:7443
157.245.137.41:7443
158.160.3.23:7443
159.203.182.27:7443
159.203.59.54:7443
159.223.193.246:7443
159.223.194.254:7443
159.223.234.22:7443
159.223.7.193:7443
159.89.190.80:7443
159.89.191.115:7443
159.89.229.33:7443
159.89.53.38:7443
16.170.83.102:7443
16.171.18.142:7443
16.171.58.136:7443
160.20.147.34:7443
161.35.186.219:7443
164.90.158.199:7443
164.92.110.36:7443
164.92.72.33:7443
164.92.88.164:7443
165.227.45.251:7443
165.232.130.91:7443
165.232.174.143:7443
165.3.120.26:7443
167.88.180.75:7443
167.99.194.103:7443
170.187.201.243:7443
172.104.138.192:7443
172.104.175.112:7443
172.105.254.138:7443
173.255.226.84:7443
173.82.110.148:7443
177.124.72.24:7443
178.154.194.63:7443
178.62.99.183:7443
179.43.170.197:7443
18.133.78.17:7443
18.156.197.101:7443
185.117.90.224:7443
185.158.94.217:7443
185.16.39.178:7443
185.173.34.42:7443
185.187.169.34:7443
185.21.191.88:7443
185.215.180.99:7443
185.225.68.201:7443
185.225.68.202:7443
185.225.73.249:7443
185.237.15.89:7443
185.238.32.198:7443
185.245.182.209:7443
185.62.57.120:7443
188.225.73.137:7443
191.252.220.58:7443
192.3.255.153:7443
192.34.58.198:7443
193.41.237.173:7443
193.56.255.153:7443
194.156.120.146:7443
194.233.164.157:7443
194.233.68.172:7443
194.5.212.74:7443
195.97.212.20:7443
195.97.212.50:7443
20.106.123.23:7443
20.151.239.27:7443
20.163.220.14:7443
20.203.101.185:7443
20.220.187.29:7443
20.97.116.145:7443
204.44.85.16:7443
205.126.0.212:7443
207.148.5.58:7443
208.67.105.91:7443
208.68.38.191:7443
209.249.134.13:7443
209.249.134.3:7443
209.249.134.6:7443
216.153.57.94:7443
23.239.29.223:7443
23.94.40.126:7443
3.128.135.199:7443
3.133.152.144:7443
3.141.125.92:7443
3.212.113.251:7443
3.238.253.222:7443
3.27.5.90:7443
3.6.38.215:7443
3.64.133.252:7443
3.69.214.254:7443
3.80.39.181:7443
3.87.23.190:7443
34.133.122.8:7443
34.150.132.170:7443
34.215.75.141:7443
34.238.7.53:7443
34.240.115.152:7443
34.28.16.242:7443
34.67.166.244:7443
35.202.0.124:7443
35.78.243.160:7443
35.93.101.223:7443
35.93.133.191:7443
37.139.128.156:7443
37.187.123.146:7443
38.242.229.200:7443
40.69.93.39:7443
43.142.174.15:7443
43.142.60.207:7443
43.154.218.210:7443
43.156.134.248:7443
43.206.136.41:7443
45.133.238.221:7443
45.143.201.95:7443
45.147.228.52:7443
45.148.120.192:7443
45.32.100.15:7443
45.79.213.188:7443
45.87.154.87:7443
45.9.191.137:7443
46.101.153.42:7443
46.243.186.22:7443
47.250.53.207:7443
47.96.177.12:7443
5.188.34.118:7443
5.2.79.164:7443
5.252.176.198:7443
50.17.196.251:7443
51.13.165.60:7443
51.158.102.199:7443
51.77.214.92:7443
51.83.75.44:7443
52.205.104.104:7443
52.206.182.102:7443
52.221.205.86:7443
52.58.57.248:7443
52.63.64.64:7443
52.79.54.36:7443
52.89.133.37:7443
54.149.124.173:7443
54.163.224.147:7443
54.173.67.191:7443
54.175.46.12:7443
54.180.25.135:7443
54.197.245.200:7443
54.253.207.220:7443
54.74.215.121:7443
59.110.169.183:7443
61.19.242.42:7443
61.28.226.244:7443
62.113.196.46:7443
62.182.159.147:7443
63.250.44.170:7443
64.176.168.231:7443
64.176.40.100:7443
64.176.8.42:7443
64.227.107.179:7443
64.227.113.73:7443
64.227.162.219:7443
65.108.60.254:7443
66.228.45.170:7443
66.29.155.178:7443
66.85.92.234:7443
67.207.81.170:7443
67.207.81.80:7443
67.219.108.45:7443
68.183.132.227:7443
68.183.56.37:7443
68.183.60.125:7443
69.30.254.194:7443
70.34.195.186:7443
70.34.198.15:7443
70.34.210.178:7443
70.34.213.48:7443
70.34.214.252:7443
70.34.223.234:7443
74.207.254.195:7443
74.208.91.38:7443
77.91.75.165:7443
78.108.181.33:7443
78.108.182.240:7443
79.16.159.159:7443
83.244.163.202:7443
83.252.26.43:7443
86.105.252.221:7443
87.15.135.80:7443
88.208.100.189:7443
89.223.66.195:7443
89.44.201.72:7443
91.107.234.213:7443
91.207.183.54:7443
94.102.49.176:7443
94.140.115.118:7443
95.111.236.195:7443
95.179.140.228:7443
95.214.27.241:7443
95.217.82.117:7443
96.126.101.134:7443
99.153.7.209:7443
moofasa.grayhatfreelancing.com
mythic-ceramic.braindeadideas.com

# Reference: https://twitter.com/IronNetTR/status/1588154026297675777

ukreiif.live
c2.b1o.it
v56119.php-friends.de

# Reference: https://twitter.com/suyog41/status/1612412391010238466
# Reference: https://www.virustotal.com/gui/file/185254efe497aed539fe0d95ca40451985b8fa60a54a707760bfe5c53cce56d9/detection

http://70.34.195.186

# Reference: https://twitter.com/MichalKoczwara/status/1639587828899147777

1.13.174.161:7443
101.33.248.33:7443
101.43.156.89:7443
103.140.187.122:7443
103.15.105.29:7443
103.234.72.156:7443
103.35.151.195:7443
103.35.151.222:7443
103.56.19.196:7443
103.85.110.13:7443
104.168.142.135:7443
104.198.153.240:7443
104.236.186.248:7443
104.243.20.216:7443
106.15.170.198:7443
107.150.119.144:7443
107.174.78.227:7443
108.61.127.105:7443
109.248.6.249:7443
110.173.59.146:7443
110.173.59.147:7443
114.132.197.186:7443
114.55.58.137:7443
117.50.177.140:7443
118.193.37.157:7443
118.25.22.185:7443
121.199.166.58:7443
121.199.2.153:7443
121.5.112.42:7443
122.147.252.103:7443
128.199.227.227:7443
128.199.38.50:7443
13.115.21.133:7443
13.236.149.120:7443
132.145.153.214:7443
134.209.204.95:7443
134.209.26.96:7443
135.125.236.177:7443
136.244.95.237:7443
137.184.57.89:7443
137.184.86.247:7443
138.197.186.34:7443
138.197.224.55:7443
138.68.123.125:7443
138.68.149.85:7443
138.68.99.116:7443
138.68.99.223:7443
139.144.19.169:7443
139.144.27.201:7443
139.144.46.164:7443
139.162.155.164:7443
139.177.146.102:7443
139.177.196.67:7443
139.177.203.214:7443
139.224.254.195:7443
139.99.122.227:7443
140.238.221.59:7443
140.238.226.66:7443
141.193.159.146:7443
142.93.136.194:7443
143.110.155.198:7443
144.126.249.150:7443
144.34.180.27:7443
144.34.250.208:7443
145.239.197.144:7443
146.19.80.25:7443
146.190.128.88:7443
146.190.160.18:7443
146.59.237.220:7443
146.70.104.167:7443
147.182.170.15:7443
148.66.57.50:7443
148.66.57.51:7443
149.127.231.12:7443
149.28.90.162:7443
149.81.74.205:7443
149.81.74.206:7443
149.81.74.207:7443
149.81.87.18:7443
150.158.184.129:7443
150.158.27.149:7443
151.115.60.162:7443
151.80.106.50:7443
152.89.218.235:7443
154.202.59.96:7443
155.138.229.198:7443
158.247.213.192:7443
159.203.99.10:7443
159.65.202.74:7443
159.65.62.90:7443
159.89.106.178:7443
161.35.214.132:7443
162.33.177.38:7443
162.33.177.72:7443
164.90.132.211:7443
164.92.101.3:7443
164.92.161.89:7443
164.92.255.219:7443
165.227.176.139:7443
165.227.230.18:7443
165.227.231.125:7443
165.227.99.110:7443
167.172.83.4:7443
167.71.2.281:7443
167.99.17.196:7443
168.138.93.130:7443
168.63.40.231:7443
170.130.55.160:7443
170.187.207.103:7443
171.22.30.222:7443
172.86.120.245:7443
172.86.121.214:7443
172.86.75.56:7443
172.96.192.52:7443
173.199.71.71:7443
173.82.135.18:7443
174.138.7.112:7443
178.128.144.124:7443
178.128.229.91:7443
178.62.47.29:7443
179.43.154.251:7443
179.60.150.147:7443
18.140.228.104:7443
18.159.62.29:7443
18.234.7.23:7443
182.61.145.9:7443
185.128.106.245:7443
185.130.45.94:7443
185.203.119.47:7443
185.25.51.144:7443
185.254.198.147:7443
185.73.124.16:7443
185.81.68.180:7443
185.82.218.214:7443
188.127.237.167:7443
188.166.161.123:7443
188.166.27.178:7443
188.166.81.141:7443
190.92.243.156:7443
192.227.194.106:7443
192.241.128.7:7443
192.3.128.185:7443
193.149.185.51:7443
193.29.13.203:7443
194.163.133.23:7443
194.87.218.16:7443
194.87.46.13:7443
195.123.225.18:7443
198.211.15.57:7443
198.211.48.141:7443
198.46.215.53:7443
20.61.4.19:7443
206.189.192.120:7443
206.189.252.100:7443
208.123.119.232:7443
212.53.167.167:7443
213.189.201.88:7443
213.52.128.52:7443
216.127.175.18:7443
217.6.46.91:7443
23.105.193.194:7443
23.224.135.138:7443
23.224.135.139:7443
23.224.135.140:7443
23.224.135.141:7443
23.224.135.142:7443
23.234.199.141:7443
23.82.141.146:7443
23.83.127.233:7443
23.94.131.51:7443
23.94.200.202:7443
3.130.73.232:7443
3.142.79.130:7443
3.235.153.136:7443
3.238.195.247:7443
3.8.115.155:7443
34.176.0.227:7443
34.201.98.138:7443
34.221.238.130:7443
35.180.135.137:7443
35.225.60.206:7443
35.236.117.76:7443
35.240.171.140:7443
35.72.242.198:7443
37.10.71.215:7443
37.120.238.184:7443
37.28.157.7:7443
37.48.120.35:7443
38.55.24.35:7443
39.98.48.67:7443
43.133.22.89:7443
43.207.147.229:7443
44.202.249.7:7443
44.211.101.170:7443
45.120.52.106:7443
45.120.52.149:7443
45.14.224.102:7443
45.153.231.136:7443
45.227.255.217:7443
45.227.255.223:7443
45.32.233.220:7443
45.56.114.203:7443
45.61.137.59:7443
45.77.221.80:7443
45.77.41.35:7443
45.79.125.241:7443
45.8.157.45:7443
45.89.234.23:7443
45.9.148.252:7443
45.9.148.64:7443
45.9.150.109:7443
46.101.179.149:7443
46.148.26.88:7443
46.21.153.155:7443
46.246.93.104:7443
46.29.160.10:7443
47.242.23.161:7443
47.57.0.78:7443
49.12.3.231:7443
5.178.2.76:7443
5.199.168.209:7443
5.199.173.106:7443
5.199.174.230:7443
51.15.252.225:7443
51.178.81.117:7443
51.81.201.194:7443
54.65.51.181:7443
54.91.1.255:7443
57.128.11.250:7443
57.128.195.112:7443
62.3.58.81:7443
63.250.54.32:7443
64.227.18.206:7443
64.44.102.190:7443
64.44.102.212:7443
65.108.250.5:7443
65.109.134.211:7443
65.21.180.80:7443
67.205.151.119:7443
67.205.184.220:7443
68.183.207.200:7443
68.183.42.154:7443
76.74.127.144:7443
76.74.127.145:7443
79.136.1.87:7443
8.219.200.180:7443
80.78.22.106:7443
81.200.149.183:7443
82.157.142.84:7443
84.32.248.95:7443
85.217.144.191:7443
85.239.54.16:7443
88.99.46.167:7443
89.116.234.48:7443
89.38.128.51:7443
89.44.9.148:7443
91.207.183.54:7443
91.234.199.4:7443
92.204.160.119:7443
92.205.29.124:7443
92.246.89.172:7443
93.95.229.168:7443

# Reference: https://twitter.com/MichalKoczwara/status/1645071233468231685

44.213.147.172:7443
dental-delta.com

# Reference: https://twitter.com/drb_ra/status/1651296690882609177

192.3.255.153:7443

# Reference: https://twitter.com/drb_ra/status/1651296694678552576

http://192.3.255.153

# Reference: https://twitter.com/drb_ra/status/1651840154674315266

http://18.221.85.189

# Reference: https://twitter.com/drb_ra/status/1651840181056536576

http://34.205.83.91

# Reference: https://twitter.com/drb_ra/status/1651840255043985408

143.110.176.131:8081

# Reference: https://twitter.com/drb_ra/status/1651840258982526976

143.110.176.131:7443

# Reference: https://twitter.com/drb_ra/status/1651840280402771968

http://159.223.122.189

# Reference: https://twitter.com/drb_ra/status/1652384292960436227

http://43.156.134.248

# Reference: https://twitter.com/drb_ra/status/1652384375516852228

165.22.106.97:60443

# Reference: https://twitter.com/drb_ra/status/1652746167170596864

http://3.89.175.141

# Reference: https://twitter.com/drb_ra/status/1652746266734911491
# Reference: https://twitter.com/drb_ra/status/1652746270119800833

http://149.28.133.118
149.28.133.118:7443

# Reference: https://twitter.com/drb_ra/status/1653108569418391571

3.27.5.90:7443

# Reference: https://twitter.com/drb_ra/status/1653471045683167239
# Reference: https://twitter.com/drb_ra/status/1653471050007494677

http://64.176.8.42
64.176.8.42:7443

# Reference: https://twitter.com/drb_ra/status/1654195831883329536

http://3.145.90.243

# Reference: https://twitter.com/drb_ra/status/1654195891312513040

85.10.132.13:443

# Reference: https://twitter.com/drb_ra/status/1654195943061835784

http://158.160.30.214

# Reference: https://twitter.com/drb_ra/status/1654195946488582149

158.160.30.214:7443

# Reference: https://twitter.com/drb_ra/status/1654195961177034774

http://158.160.68.213

# Reference: https://twitter.com/drb_ra/status/1654195984170209293

173.53.60.45:8433

# Reference: https://twitter.com/drb_ra/status/1654196010984275968

http://206.81.6.121

# Reference: https://twitter.com/drb_ra/status/1654455427512299521

18.133.78.17:7443

# Reference: https://twitter.com/drb_ra/status/1654920506108260352

http://3.212.20.90

# Reference: https://twitter.com/drb_ra/status/1654920546256076800

43.156.134.248:7443

# Reference: https://twitter.com/drb_ra/status/1654920617622110210

http://149.28.177.78

# Reference: https://twitter.com/drb_ra/status/1655282940039839751

http://91.107.234.213

# Reference: https://twitter.com/drb_ra/status/1655282952949907457

http://101.34.73.171

# Reference: https://twitter.com/drb_ra/status/1655282966140968961

http://104.200.20.89

# Reference: https://twitter.com/drb_ra/status/1656007710918287366

http://45.66.216.108

# Reference: https://twitter.com/drb_ra/status/1656007759400259586

http://110.41.168.34

# Reference: https://twitter.com/drb_ra/status/1656007791679610887

149.28.177.78:443

# Reference: https://twitter.com/drb_ra/status/1656370036922019879

35.92.10.91:7443

# Reference: https://twitter.com/drb_ra/status/1656370063409049617

http://54.196.114.16

# Reference: https://twitter.com/drb_ra/status/1656370094497230869

91.107.234.213:7443

# Reference: https://twitter.com/drb_ra/status/1656370151565000704

158.160.68.213:7443

# Reference: https://twitter.com/drb_ra/status/1656732585047851008

http://159.203.1.70

# Reference: https://twitter.com/drb_ra/status/1657095005691863055

64.176.3.97:443

# Reference: https://twitter.com/drb_ra/status/1657457418375241729

45.66.216.108:7443

# Reference: https://twitter.com/drb_ra/status/1657457492379541507
# Reference: https://twitter.com/drb_ra/status/1657457495911149569

http://109.248.6.250
109.248.6.250:8008

# Reference: https://twitter.com/drb_ra/status/1657457582884175874

216.238.77.195:443

# Reference: https://twitter.com/drb_ra/status/1657819643359182850

13.236.177.3:7443

# Reference: https://twitter.com/drb_ra/status/1657819672455069696

35.89.34.50:7443

# Reference: https://twitter.com/drb_ra/status/1657819722572877827

84.46.241.248:7443

# Reference: https://twitter.com/drb_ra/status/1657819751295471618

111.90.150.101:443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/

http://100.21.223.19
http://104.248.88.172
http://107.191.62.175
http://108.61.190.25
http://109.248.6.225
http://114.116.232.244
http://121.40.217.151
http://13.66.164.102
http://136.144.254.191
http://138.197.145.159
http://139.144.19.118
http://139.180.144.223
http://139.84.192.189
http://139.84.227.243
http://139.84.227.60
http://139.84.230.205
http://139.84.231.133
http://142.93.251.5
http://143.110.217.151
http://143.198.128.249
http://145.131.8.169
http://147.182.164.5
http://154.180.67.196
http://158.247.231.22
http://164.90.158.199
http://170.64.148.46
http://172.174.43.14
http://173.255.226.84
http://18.118.133.253
http://18.222.26.9
http://185.187.169.34
http://193.41.237.173
http://194.171.96.118
http://194.87.68.235
http://20.190.110.190
http://216.238.77.195
http://23.239.29.223
http://3.136.22.144
http://3.145.1.242
http://3.19.216.182
http://3.217.163.182
http://34.123.204.199
http://34.136.7.143
http://34.67.166.244
http://35.225.155.204
http://35.78.243.160
http://35.80.3.250
http://35.93.133.191
http://37.187.123.146
http://38.54.1.55
http://40.69.93.39
http://43.206.136.41
http://44.206.161.150
http://44.237.82.37
http://45.79.36.179
http://50.17.171.212
http://52.15.89.185
http://52.20.136.152
http://64.176.179.222
http://64.176.40.100
http://64.44.135.113
http://67.205.190.217
http://67.219.103.77
http://67.219.108.45
http://70.34.198.15
http://74.207.254.195
http://89.44.201.72
http://90.84.193.31
http://94.102.49.176
100.21.223.19:443
101.34.73.171:7443
101.99.94.107:17443
104.248.131.203:443
104.42.151.103:443
107.174.68.34:7443
107.182.181.15:7443
107.191.62.175:7443
107.23.135.123:7443
108.61.190.25:7443
108.61.204.217:7443
109.248.6.210:7443
109.248.6.250:443
111.90.150.101:7443
116.203.150.138:7443
121.40.217.151:7443
13.48.176.95:7443
13.55.56.50:17443
13.57.58.92:443
130.51.20.132:444
137.184.151.45:7443
138.68.127.9:443
138.68.71.226:7443
139.162.38.59:7443
139.180.144.223:7443
139.59.144.58:443
139.84.192.189:7443
139.99.89.117:17443
139.99.89.117:3000
139.99.89.117:8443
142.93.166.252:443
144.34.163.218:7443
144.91.122.255:17443
144.91.122.255:3000
146.190.140.172:7443
157.230.70.139:7443
157.230.93.100:3000
158.160.69.66:7443
158.247.231.22:7443
159.223.234.218:7443
159.223.234.22:443
16.171.43.215:7443
16.171.9.210:7443
161.35.247.112:7443
161.97.110.155:443
161.97.110.155:7443
164.92.136.107:7443
164.92.240.184:7443
165.227.45.251:17443
165.232.174.143:443
167.172.110.153:7443
168.119.103.232:7443
172.105.254.138:17443
172.105.254.138:3000
172.105.33.165:7443
18.117.39.158:443
18.163.79.192:7443
18.219.119.7:443
185.202.172.46:7443
192.236.155.121:443
192.241.133.70:7443
192.248.154.64:7443
194.233.164.157:81
195.189.96.70:443
195.189.99.90:27443
195.189.99.90:443
195.97.212.20:17443
198.177.123.60:7443
198.23.208.20:7443
20.151.239.27:7443
20.203.101.185:443
20.245.83.102:443
20.51.147.175:7443
20.70.208.224:443
216.238.77.195:7443
217.6.46.91:9443
3.138.113.81:7443
3.144.109.31:7443
3.144.34.96:1337
3.144.34.96:7443
3.15.12.135:8088
3.21.101.180:443
3.27.5.90:443
3.80.39.181:7443
3.84.125.232:443
32.132.189.190:7443
34.171.152.194:443
34.219.23.14:7443
34.235.167.187:8989
35.222.81.113:443
35.224.68.217:443
35.225.155.204:443
35.78.243.160:7443
38.54.1.55:7443
38.54.24.6:7443
40.69.93.39:3000
43.133.34.128:7443
43.154.155.146:7443
44.213.147.172:443
44.214.119.213:7443
45.133.238.221:7443
45.148.120.187:7443
45.148.120.192:17443
45.156.243.188:7443
45.33.22.174:7443
45.77.254.85:7443
45.79.213.188:7443
45.81.243.128:7443
45.87.154.87:3000
5.188.34.118:443
50.116.1.198:443
52.14.58.76:1337
52.14.58.76:7443
52.16.215.82:7443
52.232.197.207:443
52.234.252.120:443
54.152.184.1:443
54.197.245.200:17443
54.197.245.200:3000
54.211.74.154:443
54.219.249.57:443
54.221.106.82:7443
61.19.242.42:7444
61.28.226.244:8443
64.176.179.222:7443
64.176.40.100:7443
64.44.135.113:443
64.57.248.125:443
65.109.9.51:7443
66.42.94.137:7443
67.205.151.31:443
67.207.81.170:7443
70.34.195.186:443
70.34.245.253:7443
78.193.254.183:7443
79.24.21.47:7443
79.32.28.251:7443
79.51.145.99:7443
8.217.67.189:7443
81.200.145.213:7443
84.32.131.58:37443
84.32.131.58:443
84.54.50.110:7443
87.17.17.71:7443
87.2.206.131:7443
94.102.49.176:17443
95.111.236.195:7443
95.216.172.190:7443
96.9.228.105:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-07-27)

104.243.33.129:443
164.92.88.164:7443
165.232.127.17:443
54.242.209.161:443
77.91.75.165:7443
95.214.27.241:7443
makethumbmoney.com

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-07-30)

http://3.69.214.254
13.59.29.56:7443
185.45.195.30:443
3.69.214.254:7443
86.48.25.106:7443
88.119.175.140:443
aviditycellars.com
boxofficeseer.com
thesheenterprise.com

# Reference: https://threatfox.abuse.ch/ioc/1146556/

154.204.60.177:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-08-04)

172.105.163.143:7443
64.176.162.36:7443
78.141.210.148:7443

# Reference: https://twitter.com/drb_ra/status/1688079122826711040

http://64.176.162.36

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-08-08)

178.128.127.243:7443
185.215.180.99:7443
20.163.220.14:7443
20.25.147.190:7443
35.80.3.250:7443
4.228.97.16:7443

# Reference: https://twitter.com/drb_ra/status/1689347656751935489

179.43.170.197:7443

# Reference: https://twitter.com/drb_ra/status/1689347680835665920

64.176.168.231:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-08-11)

http://64.176.168.231
103.225.198.216:7443
146.190.38.149:7443
167.99.194.103:7443
188.124.39.62:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-08-13)

18.188.7.186:7443
65.109.229.239:7443
motorrungoli.com
rosevalleylimousine.com
shchiswear.com

# Reference: https://twitter.com/drb_ra/status/1691159572776415232

18.188.7.186:7443

# Reference: https://threatfox.abuse.ch/ioc/1150419/

3.19.246.184:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-08-17)

http://44.203.60.76
159.89.164.248:7443
164.92.72.33:7443
177.124.72.24:7443
185.62.57.120:7443
3.133.152.144:7443
3.139.80.162:7443
44.233.194.117:7443
5.252.176.198:7443
54.175.46.12:7443
66.85.92.234:7443
70.34.250.166:7443
89.223.66.195:7443
99.153.7.209:7443

# Reference: https://threatfox.abuse.ch/ioc/1150866/

http://70.34.250.166

# Reference: https://www.virustotal.com/gui/file/75ab2570442b10e8f8087c844418bccfd52598952037a3a668d9d42efe500d3f/detection

103.145.13.69:8081

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-08-25)
# Reference: https://twitter.com/drb_ra/status/1694420880502214955

http://18.206.251.188
142.93.60.235:7443
165.3.127.224:7443
39.104.63.94:7443
95.164.22.13:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-08-29)

108.61.163.195:7443
120.53.87.201:37445
138.124.180.241:443
185.174.101.53:443
23.152.0.193:443
67.207.81.80:7443
51.250.108.206:7443
ivermectinorder.com
personmetal.com
vectorsandarrows.com

# Reference: https://twitter.com/drb_ra/status/1696957590243016710

68.183.60.125:7443

# Reference: https://twitter.com/drb_ra/status/1696957610556088425

185.117.90.224:7443

# Reference: https://twitter.com/drb_ra/status/1696957641828794600

http://54.164.36.37

# Reference:: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-09-06)

http://108.61.163.195
http://139.84.226.120
http://44.203.168.236
http://64.176.224.4
107.148.0.215:7443
139.84.226.120:7443
170.178.201.212:7443
185.14.45.232:7443
193.56.255.153:7443
194.5.212.74:7443
207.148.123.73:58013
34.238.7.53:7443
45.153.129.164:7443
45.66.248.13:443
64.176.224.4:7443
cannabishang.com

# Reference: https://www.shodan.io/host/5.252.176.198

5.252.176.198:7443
proff-online.xyz
mi4.proff-online.xyz

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-09-20)

http://149.248.51.25
http://192.248.153.47
http://216.238.83.145
http://34.226.245.52
http://35.88.35.138
103.46.185.11:7443
103.46.185.9:7443
103.46.185.13:7443
120.46.138.126:7443
124.222.181.240:7443
137.184.67.135:7443
138.197.156.131:7443
139.180.136.59:7443
139.59.109.136:7443
143.198.101.96:7443
147.182.216.178:7443
147.182.232.123:7443
149.248.51.25:7443
161.35.184.135:7443
164.155.204.61:7443
167.235.59.8:7443
172.104.205.113:7443
185.43.222.183:7443
188.124.39.62:7744
192.241.152.108:7443
192.248.153.47:7443
193.134.210.75:7443
198.52.123.223:7443
201.243.95.21:7443
201.243.95.27:7443
216.128.141.126:7443
216.238.83.145:7443
217.68.58.93:7443
3.234.128.163:7443
34.206.208.220:7443
34.229.89.43:443
34.237.94.238:7443
35.161.156.250:7443
35.176.89.226:7443
35.88.35.138:7443
44.217.229.194:7443
45.137.118.181:7443
45.152.67.193:7443
45.55.195.215:7443
45.82.153.168:7443
46.4.112.27:7443
52.3.243.166:7443
54.250.176.92:7443
54.89.65.128:7443
64.31.63.82:7443
91.207.183.26:7443
94.131.98.34:7443

# Reference: https://twitter.com/KorbenD_Intel/status/1704197999398711425
# Reference: https://www.virustotal.com/gui/ip-address/107.174.68.34/relations

sith.team
account.sith.team
login.sith.team
outlook.sith.team

# Reference: https://twitter.com/r3dbU7z/status/1704854108455551274
# Reference: https://www.virustotal.com/gui/file/09cf19407cccd9f273ed0d79968309873e135be56962267638104ad274561884/detection

r2.hansesecure.com
safe2.hansesecure.com

# Reference: https://twitter.com/0xRevolver/status/1686312879824183297

185.245.182.209:3000

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-10-11)

http://149.56.109.219
http://45.61.130.40
http://47.103.205.56
http://51.254.53.14
http://54.168.147.222
104.154.113.5:443
104.238.187.71:443
104.45.53.35:443
104.45.53.36:443
104.45.53.41:443
104.45.53.44:443
104.45.53.8:443
108.142.191.197:443
108.142.191.201:443
108.142.191.234:443
108.142.191.239:443
108.142.191.247:443
118.31.72.66:7443
13.40.190.57:7443
130.211.196.186:443
139.59.109.136:443
141.98.7.18:7443
143.198.166.150:7443
146.190.157.226:7443
149.248.79.89:7443
159.223.113.15:7443
165.22.0.181:7443
167.172.136.176:7443
172.104.206.233:7443
172.245.205.13:7443
172.245.92.84:7443
177.124.72.24:8091
179.43.191.198:7443
179.43.191.199:7443
179.43.191.202:7443
185.141.63.166:7443
185.241.124.217:7443
188.127.224.177:7443
188.40.162.125:7443
193.134.210.75:443
195.154.166.134:7443
198.148.80.86:7443
20.11.212.157:7443
20.160.18.155:443
20.92.38.251:443
20.92.62.101:7443
207.191.226.206:7443
209.133.48.222:7443
216.128.141.126:443
3.18.3.115:8443
3.70.6.51:7443
31.42.186.161:7443
34.123.112.247:443
34.124.204.208:7443
34.142.156.79:7443
34.28.132.129:443
34.71.167.255:443
35.188.19.120:443
35.192.141.183:443
35.193.180.184:443
35.225.227.102:443
35.225.49.240:443
35.226.165.138:443
35.226.49.76:443
35.87.234.204:7443
4.227.189.107:7443
45.151.126.118:7443
45.152.67.193:443
45.61.130.40:443
45.77.41.214:7443
47.103.205.56:7443
51.222.31.152:443
51.254.53.14:443
54.168.147.222:7443
62.109.24.105:7443
62.182.84.234:7443
65.109.103.227:7443
68.183.152.119:7443
72.200.119.176:7443
74.234.223.12:443
83.97.20.136:7443
88.214.25.253:7443
91.219.150.98:7443
95.111.236.195:8086
95.164.19.54:7443
agorasecurity.it
bijusdaclara.shop
crowdstrike.training
lifeisff.fun
modabarataonline.shop
plrdofuturo.online
semacucar.online
telegramvip.shop
ads.telegramvip.shop
do-sfo01.jetserver.net
m.agorasecurity.it
v2r-cn2.lifeisff.fun

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-11-01)

angelbusinessteam.com
bitscoinc.com
boezgrt.com
bureaudecreationalienor.com
danagroupegypt.com
displaymercials.com
formulaautoparts.com
hatchdesignsnh.com
hom4u.com
jongchul.democrat
lucasdoors.com
naservpn.cf
pacatman.com
sms-atc.com
turanmetal.com
franc.naservpn.cf

# Reference: https://research.nccgroup.com/2023/11/01/popping-blisters-for-research-an-overview-of-past-payloads-and-exploring-recent-developments/

avblokhutten.com
digtupu.com
futuretechfarm.com
licencesolutions.com
remontisto.com
szdeas.com
visioquote.com
d1hp6ufzqrj3xv.cloudfront.net
/s/0.7.8/clarity.js

# Reference: https://www.virustotal.com/gui/ip-address/64.176.196.183/community

http://64.176.196.183
64.176.196.183:7443

# Reference: https://www.virustotal.com/gui/ip-address/87.239.108.174/community

87.239.108.174:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-11-22)

http://65.20.81.156
139.144.117.63:7443
20.61.184.114:443
34.41.225.176:443
34.67.177.99:443
34.69.229.157:443
34.70.168.68:443
47.96.188.106:7443
51.124.39.181:443
51.144.234.167:443
52.136.206.130:443
52.136.206.142:443
52.136.206.160:443
52.136.206.169:443
52.136.206.183:443
64.176.164.107:7443
65.20.81.156:7443
74.234.222.210:443
74.234.222.211:443
74.234.222.214:443
88.208.100.189:8443
pwndrop.aptiv-hr.com

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-12-03)

http://3.82.143.108
http://35.86.185.174
http://44.211.190.165
http://64.176.164.107
103.146.202.34:443
103.146.202.34:7443
116.62.172.40:7443
120.55.37.69:7443
121.40.171.154:7443
121.43.166.96:7443
154.38.167.90:7443
164.92.111.233:7443
18.132.68.205:443
18.132.68.205:7443
18.135.210.230:443
18.170.170.237:443
194.150.167.136:7443
20.11.178.186:443
20.11.190.12:443
20.211.241.0:443
24.199.125.32:443
3.86.97.154:7443
34.145.104.44:8443
34.212.248.231:443
38.180.44.56:7443
47.99.135.136:7443
5.78.40.129:7443
52.45.163.230:7443
archiefilmco.com
production.knime.youknights.nl

# Reference: https://www.virustotal.com/gui/file/37ffaccba0469d9125dd072241ec7d99652e2e46897f7c6d3db98a19d92b20e6/detection
# Reference: https://www.virustotal.com/gui/file/5642b834e99ee75d5a43418947a37a988b4226ed4544f6108e51258e078c1663/detection

http://139.59.72.48

# Reference: https://www.virustotal.com/gui/ip-address/13.127.166.232/detection

13.127.166.232:7443

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-12-17)

136.244.66.89:443
162.19.175.57:7443
20.62.199.199:7443
4.198.144.143:443
4.227.178.226:7443
64.176.67.54:7443
91.92.250.237:7443
97.151.135.208:7443
alderwood-staging.creativefolks.dev
pia.australiasoutheast.cloudapp.azure.com

# Reference: https://threatfox.abuse.ch/browse/tag/Mythic/ (# 2023-12-22)

http://64.31.63.82
120.27.131.3:7443
13.235.248.157:7443
13.245.207.111:9922
135.181.39.81:7443
137.184.185.109:7443
137.184.67.135:443
137.184.80.125:443
143.198.72.108:7443
149.40.62.223:7443
154.90.49.23:7443
157.90.21.73:7443
159.100.6.167:7443
159.203.163.53:7443
159.65.22.88:443
162.0.222.178:7443
164.90.210.111:7443
165.227.106.254:7443
167.172.97.111:443
167.99.182.53:7443
168.1.193.211:7443
172.104.237.247:7443
172.206.9.120:7443
18.234.193.16:7443
185.187.169.34:17443
188.166.153.84:7443
20.11.149.168:443
20.211.251.199:443
208.85.17.219:7443
209.105.242.245:7443
217.12.200.158:7443
3.26.24.38:443
3.31.40.188:443
34.142.175.189:7443
34.87.162.94:7443
35.171.17.63:7443
35.197.55.147:7443
38.242.21.22:7443
38.54.59.79:7443
38.54.63.8:7443
44.197.84.49:443
44.197.84.49:7443
45.79.100.129:7443
52.211.169.127:7443
52.222.96.153:443
52.222.96.153:7443
64.176.66.86:7443
64.23.155.109:7443
65.20.101.150:7443
83.212.98.93:443
84.201.163.253:7443
liquiditv.com
c6-v5.v2red.xyz
wtf.creativefolks.dev

# Reference: https://embee-research.ghost.io/threat-intel-queries-with-fofabot/

104.198.178.178:3000
104.238.187.71:7443
111.90.150.101:3000
123.207.50.70:7443
129.211.212.43:8443
136.244.66.89:7443
149.248.21.89:7443
159.89.8.28:443
160.1.6.79:443
162.19.175.57:3000
162.55.176.85:50050
164.90.209.184:7443
165.227.213.147:7552
172.105.92.240:9000
178.128.92.166:7443
18.135.210.230:7443
185.142.184.125:7443
185.16.43.59:7443
192.236.155.121:7443
193.201.126.69:443
193.201.126.69:45632
194.233.170.94:9000
195.189.96.70:27443
20.38.38.53:7443
20.56.52.211:7443
207.180.234.141:7443
207.244.242.35:7443
23.168.152.5:7443
24.199.72.221:7443
3.140.197.75:443
3.27.149.232:7443
3.65.28.179:7443
3.75.96.112:7443
34.171.179.211:443
35.161.156.250:3000
4.198.112.20:443
40.67.215.229:7443
45.61.130.40:7443
45.61.137.134:7443
47.243.46.93:7443
47.245.114.11:7443
49.51.68.151:7443
50.116.1.198:7443
51.254.53.14:7443
54.154.24.24:7443
64.227.124.8:443
64.227.124.8:7443
64.23.149.255:7443
64.23.170.241:7443
64.44.135.113:7443
65.20.106.42:7443
70.39.90.80:7443
74.208.172.242:3000
74.208.172.242:7443
84.46.241.248:3000
87.121.87.101:7443
95.164.84.84:7443
97.151.208.70:7443
_dmarc.home-vip.xyz
a95b408d5ca94f4f.home-vip.xyz
ahv-id-4649.vps.awcloud.nl
blackhatethicalhacking.com
bounty.blackhatethicalhacking.com
erp.home-vip.xyz
home-vip.xyz
itemkxczfph.home-vip.xyz
lqvfecrehlcgwuleoglx.home-vip.xyz
mythic.blog
mythic.fr
mythic.run
new.bemythic.com
opnhqgjjgfl.home-vip.xyz
queilani.com
social.blackhatethicalhacking.com
ss.vet.sapphire.net
thissubdomainshouldnotexist.home-vip.xyz
