.. | ||
README.md |
Havoc - Cyber Threat Intelligence
These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Havoc. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.
Live data and more analysis capabilities are available at https://vuldb.com/?actor.havoc
Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Havoc:
There are 11 more country items available. Please use our online service to access the data.
IOC - Indicator of Compromise
These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Havoc.
ID | IP address | Hostname | Campaign | Confidence |
---|---|---|---|---|
1 | 2.58.14.26 | - | - | High |
2 | 3.8.184.124 | ec2-3-8-184-124.eu-west-2.compute.amazonaws.com | - | Medium |
3 | 3.17.156.183 | ec2-3-17-156-183.us-east-2.compute.amazonaws.com | - | Medium |
4 | 3.26.10.74 | ec2-3-26-10-74.ap-southeast-2.compute.amazonaws.com | - | Medium |
5 | 3.67.64.179 | ec2-3-67-64-179.eu-central-1.compute.amazonaws.com | - | Medium |
6 | 3.71.188.11 | ec2-3-71-188-11.eu-central-1.compute.amazonaws.com | - | Medium |
7 | 3.72.1.193 | ec2-3-72-1-193.eu-central-1.compute.amazonaws.com | - | Medium |
8 | 3.72.106.201 | ec2-3-72-106-201.eu-central-1.compute.amazonaws.com | - | Medium |
9 | 3.72.110.16 | ec2-3-72-110-16.eu-central-1.compute.amazonaws.com | - | Medium |
10 | 3.85.21.250 | ec2-3-85-21-250.compute-1.amazonaws.com | - | Medium |
11 | 3.105.246.81 | ec2-3-105-246-81.ap-southeast-2.compute.amazonaws.com | - | Medium |
12 | 3.249.31.242 | ec2-3-249-31-242.eu-west-1.compute.amazonaws.com | - | Medium |
13 | 4.196.211.113 | - | - | High |
14 | 4.231.105.17 | - | - | High |
15 | 5.44.42.124 | zema.ip-ptr.tech | - | High |
16 | 5.53.125.31 | teal.rvncerr.org | - | High |
17 | 5.161.197.230 | static.230.197.161.5.clients.your-server.de | - | High |
18 | 5.188.87.39 | - | - | High |
19 | 5.252.178.146 | 5-252-178-146.mivocloud.com | - | High |
20 | 5.252.178.157 | 5-252-178-157.mivocloud.com | - | High |
21 | 5.255.97.196 | - | - | High |
22 | 8.208.95.78 | - | - | High |
23 | 8.210.103.41 | - | - | High |
24 | 8.210.104.188 | - | - | High |
25 | 8.217.111.67 | - | - | High |
26 | 8.222.230.219 | - | - | High |
27 | 13.39.48.10 | ec2-13-39-48-10.eu-west-3.compute.amazonaws.com | - | Medium |
28 | 13.41.55.238 | ec2-13-41-55-238.eu-west-2.compute.amazonaws.com | - | Medium |
29 | 13.93.75.195 | - | - | High |
30 | 13.125.17.253 | ec2-13-125-17-253.ap-northeast-2.compute.amazonaws.com | - | Medium |
31 | 13.213.147.86 | ec2-13-213-147-86.ap-southeast-1.compute.amazonaws.com | - | Medium |
32 | 13.244.111.157 | ec2-13-244-111-157.af-south-1.compute.amazonaws.com | - | Medium |
33 | 13.244.144.1 | ec2-13-244-144-1.af-south-1.compute.amazonaws.com | - | Medium |
34 | 13.246.26.24 | ec2-13-246-26-24.af-south-1.compute.amazonaws.com | - | Medium |
35 | 16.171.56.119 | ec2-16-171-56-119.eu-north-1.compute.amazonaws.com | - | Medium |
36 | 18.134.161.59 | ec2-18-134-161-59.eu-west-2.compute.amazonaws.com | - | Medium |
37 | 18.140.234.35 | ec2-18-140-234-35.ap-southeast-1.compute.amazonaws.com | - | Medium |
38 | 18.157.84.230 | ec2-18-157-84-230.eu-central-1.compute.amazonaws.com | - | Medium |
39 | 18.158.68.206 | ec2-18-158-68-206.eu-central-1.compute.amazonaws.com | - | Medium |
40 | 18.185.111.207 | ec2-18-185-111-207.eu-central-1.compute.amazonaws.com | - | Medium |
41 | 18.196.203.78 | ec2-18-196-203-78.eu-central-1.compute.amazonaws.com | - | Medium |
42 | 18.204.35.247 | ec2-18-204-35-247.compute-1.amazonaws.com | - | Medium |
43 | 18.208.213.147 | ec2-18-208-213-147.compute-1.amazonaws.com | - | Medium |
44 | 18.214.99.112 | ec2-18-214-99-112.compute-1.amazonaws.com | - | Medium |
45 | 18.224.73.25 | ec2-18-224-73-25.us-east-2.compute.amazonaws.com | - | Medium |
46 | 20.12.180.13 | - | - | High |
47 | 20.15.162.87 | - | - | High |
48 | 20.67.246.154 | - | - | High |
49 | 20.74.236.100 | - | - | High |
50 | 20.92.20.220 | - | - | High |
51 | 20.94.83.139 | - | - | High |
52 | 20.109.45.183 | - | - | High |
53 | 20.115.112.114 | - | - | High |
54 | 20.126.20.79 | - | - | High |
55 | 20.158.49.49 | - | - | High |
56 | 20.235.26.66 | - | - | High |
57 | 23.94.59.56 | 23-94-59-56-host.colocrossing.com | - | High |
58 | 23.95.44.80 | 23-95-44-80-host.colocrossing.com | - | High |
59 | 23.105.212.89 | 23.105.212.89.16clouds.com | - | High |
60 | 23.106.215.192 | clearmetro.net | - | High |
61 | 24.99.36.214 | - | - | High |
62 | 27.124.44.241 | - | - | High |
63 | 31.187.76.237 | - | - | High |
64 | 31.220.89.214 | ip-214-89-220-31.static.contabo.net | - | High |
65 | 34.18.9.224 | 224.9.18.34.bc.googleusercontent.com | - | Medium |
66 | 34.136.114.164 | 164.114.136.34.bc.googleusercontent.com | - | Medium |
67 | 34.229.221.1 | ec2-34-229-221-1.compute-1.amazonaws.com | - | Medium |
68 | 34.243.164.16 | ec2-34-243-164-16.eu-west-1.compute.amazonaws.com | - | Medium |
69 | ... | ... | ... | ... |
There are 274 more IOC items available. Please use our online service to access the data.
TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Havoc. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence |
---|---|---|---|---|
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High |
2 | T1055 | CWE-74 | Injection | High |
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High |
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High |
5 | ... | ... | ... | ... |
There are 17 more TTP items available. Please use our online service to access the data.
IOA - Indicator of Attack
These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Havoc. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence |
---|---|---|---|
1 | File | /api/RecordingList/DownloadRecord?file= |
High |
2 | File | /apply.cgi |
Medium |
3 | File | /cgi-bin/user/Config.cgi |
High |
4 | File | /debug/pprof |
Medium |
5 | File | /htdocs/cgibin |
High |
6 | File | /rapi/read_url |
High |
7 | File | /thruk/#cgi-bin/extinfo.cgi?type=2 |
High |
8 | File | /uncpath/ |
Medium |
9 | File | /videotalk |
Medium |
10 | File | /web/MCmsAction.java |
High |
11 | File | /wp-admin/admin-post.php?es_skip=1&option_name |
High |
12 | File | 14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi |
High |
13 | File | activity_log.php |
High |
14 | File | adm/systools.asp |
High |
15 | File | admin/getparam.cgi |
High |
16 | File | admin/media/index.php" |
High |
17 | File | adminCons.php |
High |
18 | File | administrator.php |
High |
19 | File | ajax_list_accounts.php |
High |
20 | File | appserv/main.php |
High |
21 | File | archive.php |
Medium |
22 | ... | ... | ... |
There are 179 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
References
The following list contains external sources which discuss the actor and the associated activities:
- https://search.censys.io/hosts/3.17.156.183
- https://search.censys.io/hosts/3.26.10.74
- https://search.censys.io/hosts/3.67.64.179
- https://search.censys.io/hosts/3.71.188.11
- https://search.censys.io/hosts/3.72.1.193
- https://search.censys.io/hosts/3.72.106.201
- https://search.censys.io/hosts/3.85.21.250
- https://search.censys.io/hosts/3.105.246.81
- https://search.censys.io/hosts/3.249.31.242
- https://search.censys.io/hosts/4.196.211.113
- https://search.censys.io/hosts/4.231.105.17
- https://search.censys.io/hosts/5.44.42.124
- https://search.censys.io/hosts/5.53.125.31
- https://search.censys.io/hosts/5.161.197.230
- https://search.censys.io/hosts/5.188.87.39
- https://search.censys.io/hosts/5.252.178.146
- https://search.censys.io/hosts/5.252.178.157
- https://search.censys.io/hosts/5.255.97.196
- https://search.censys.io/hosts/8.208.95.78
- https://search.censys.io/hosts/8.217.111.67
- https://search.censys.io/hosts/8.222.230.219
- https://search.censys.io/hosts/13.39.48.10
- https://search.censys.io/hosts/13.41.55.238
- https://search.censys.io/hosts/13.93.75.195
- https://search.censys.io/hosts/13.125.17.253
- https://search.censys.io/hosts/13.213.147.86
- https://search.censys.io/hosts/13.244.111.157
- https://search.censys.io/hosts/13.244.144.1
- https://search.censys.io/hosts/13.246.26.24
- https://search.censys.io/hosts/16.171.56.119
- https://search.censys.io/hosts/18.134.161.59
- https://search.censys.io/hosts/18.157.84.230
- https://search.censys.io/hosts/18.158.68.206
- https://search.censys.io/hosts/18.185.111.207
- https://search.censys.io/hosts/18.196.203.78
- https://search.censys.io/hosts/18.208.213.147
- https://search.censys.io/hosts/18.214.99.112
- https://search.censys.io/hosts/18.224.73.25
- https://search.censys.io/hosts/20.15.162.87
- https://search.censys.io/hosts/20.74.236.100
- https://search.censys.io/hosts/20.92.20.220
- https://search.censys.io/hosts/20.94.83.139
- https://search.censys.io/hosts/20.109.45.183
- https://search.censys.io/hosts/20.115.112.114
- https://search.censys.io/hosts/20.126.20.79
- https://search.censys.io/hosts/20.158.49.49
- https://search.censys.io/hosts/20.235.26.66
- https://search.censys.io/hosts/23.94.59.56
- https://search.censys.io/hosts/23.106.215.192
- https://search.censys.io/hosts/24.99.36.214
- https://search.censys.io/hosts/31.187.76.237
- https://search.censys.io/hosts/34.18.9.224
- https://search.censys.io/hosts/34.136.114.164
- https://search.censys.io/hosts/35.75.17.242
- https://search.censys.io/hosts/35.136.215.120
- https://search.censys.io/hosts/35.158.109.72
- https://search.censys.io/hosts/35.207.109.124
- https://search.censys.io/hosts/35.226.91.165
- https://search.censys.io/hosts/37.187.123.146
- https://search.censys.io/hosts/38.54.107.202
- https://search.censys.io/hosts/39.99.45.71
- https://search.censys.io/hosts/40.76.236.54
- https://search.censys.io/hosts/43.153.184.17
- https://search.censys.io/hosts/44.200.59.2
- https://search.censys.io/hosts/44.203.114.48
- https://search.censys.io/hosts/45.8.251.210
- https://search.censys.io/hosts/45.9.149.144
- https://search.censys.io/hosts/45.9.150.150
- https://search.censys.io/hosts/45.12.253.239
- https://search.censys.io/hosts/45.56.76.86
- https://search.censys.io/hosts/45.77.233.83
- https://search.censys.io/hosts/45.77.254.85
- https://search.censys.io/hosts/45.79.90.123
- https://search.censys.io/hosts/45.93.28.77
- https://search.censys.io/hosts/45.117.81.126
- https://search.censys.io/hosts/45.125.67.100
- https://search.censys.io/hosts/45.125.67.117
- https://search.censys.io/hosts/45.153.242.73
- https://search.censys.io/hosts/46.29.234.73
- https://search.censys.io/hosts/46.161.53.217
- https://search.censys.io/hosts/46.183.184.149
- https://search.censys.io/hosts/47.90.254.130
- https://search.censys.io/hosts/50.255.107.170
- https://search.censys.io/hosts/51.15.59.83
- https://search.censys.io/hosts/51.15.133.32
- https://search.censys.io/hosts/51.15.195.71
- https://search.censys.io/hosts/51.68.148.48
- https://search.censys.io/hosts/51.68.148.55
- https://search.censys.io/hosts/51.83.182.155
- https://search.censys.io/hosts/51.158.77.242
- https://search.censys.io/hosts/51.255.45.74
- https://search.censys.io/hosts/52.19.114.156
- https://search.censys.io/hosts/52.147.196.140
- https://search.censys.io/hosts/52.211.176.121
- https://search.censys.io/hosts/54.64.152.213
- https://search.censys.io/hosts/54.78.24.98
- https://search.censys.io/hosts/54.144.152.176
- https://search.censys.io/hosts/54.160.113.74
- https://search.censys.io/hosts/54.246.21.155
- https://search.censys.io/hosts/54.251.23.219
- https://search.censys.io/hosts/62.234.185.181
- https://search.censys.io/hosts/64.176.34.205
- https://search.censys.io/hosts/64.176.47.227
- https://search.censys.io/hosts/64.226.111.133
- https://search.censys.io/hosts/64.227.130.238
- https://search.censys.io/hosts/65.21.56.40
- https://search.censys.io/hosts/66.55.65.150
- https://search.censys.io/hosts/68.183.185.231
- https://search.censys.io/hosts/70.29.173.138
- https://search.censys.io/hosts/74.119.193.28
- https://search.censys.io/hosts/74.207.237.246
- https://search.censys.io/hosts/74.234.230.67
- https://search.censys.io/hosts/76.65.175.53
- https://search.censys.io/hosts/77.91.73.143
- https://search.censys.io/hosts/77.139.130.110
- https://search.censys.io/hosts/80.249.147.147
- https://search.censys.io/hosts/85.206.172.192
- https://search.censys.io/hosts/88.99.28.233
- https://search.censys.io/hosts/89.147.108.250
- https://search.censys.io/hosts/90.107.73.133
- https://search.censys.io/hosts/91.92.128.200
- https://search.censys.io/hosts/94.131.102.61
- https://search.censys.io/hosts/94.131.110.14
- https://search.censys.io/hosts/98.252.137.125
- https://search.censys.io/hosts/100.26.241.235
- https://search.censys.io/hosts/101.42.246.105
- https://search.censys.io/hosts/103.253.43.146
- https://search.censys.io/hosts/104.200.20.89
- https://search.censys.io/hosts/104.248.120.60
- https://search.censys.io/hosts/107.172.90.146
- https://search.censys.io/hosts/107.174.95.55
- https://search.censys.io/hosts/108.174.57.187
- https://search.censys.io/hosts/108.177.235.233
- https://search.censys.io/hosts/109.94.110.94
- https://search.censys.io/hosts/109.105.198.141
- https://search.censys.io/hosts/109.106.255.148
- https://search.censys.io/hosts/109.172.44.233
- https://search.censys.io/hosts/114.117.244.233
- https://search.censys.io/hosts/118.31.66.10
- https://search.censys.io/hosts/123.249.38.254
- https://search.censys.io/hosts/128.199.207.220
- https://search.censys.io/hosts/129.150.46.86
- https://search.censys.io/hosts/129.151.233.130
- https://search.censys.io/hosts/134.122.45.166
- https://search.censys.io/hosts/136.244.80.185
- https://search.censys.io/hosts/137.74.253.250
- https://search.censys.io/hosts/137.184.100.52
- https://search.censys.io/hosts/139.144.22.116
- https://search.censys.io/hosts/139.144.39.22
- https://search.censys.io/hosts/139.144.57.50
- https://search.censys.io/hosts/139.180.144.171
- https://search.censys.io/hosts/140.238.217.117
- https://search.censys.io/hosts/141.164.45.80
- https://search.censys.io/hosts/142.93.45.33
- https://search.censys.io/hosts/143.42.110.206
- https://search.censys.io/hosts/143.198.53.218
- https://search.censys.io/hosts/143.198.105.62
- https://search.censys.io/hosts/143.198.136.12
- https://search.censys.io/hosts/143.198.218.5
- https://search.censys.io/hosts/146.59.10.45
- https://search.censys.io/hosts/146.70.35.170
- https://search.censys.io/hosts/146.70.87.109
- https://search.censys.io/hosts/146.190.104.255
- https://search.censys.io/hosts/146.190.113.107
- https://search.censys.io/hosts/146.190.120.225
- https://search.censys.io/hosts/147.182.241.180
- https://search.censys.io/hosts/149.28.207.18
- https://search.censys.io/hosts/151.236.25.237
- https://search.censys.io/hosts/157.245.47.66
- https://search.censys.io/hosts/157.245.55.19
- https://search.censys.io/hosts/157.245.199.109
- https://search.censys.io/hosts/157.254.195.51
- https://search.censys.io/hosts/158.247.223.37
- https://search.censys.io/hosts/159.65.149.47
- https://search.censys.io/hosts/159.223.202.160
- https://search.censys.io/hosts/164.92.241.44
- https://search.censys.io/hosts/165.22.12.239
- https://search.censys.io/hosts/165.22.21.249
- https://search.censys.io/hosts/165.227.106.175
- https://search.censys.io/hosts/166.88.77.16
- https://search.censys.io/hosts/167.56.66.214
- https://search.censys.io/hosts/167.56.104.241
- https://search.censys.io/hosts/167.56.105.95
- https://search.censys.io/hosts/167.56.112.216
- https://search.censys.io/hosts/167.56.122.29
- https://search.censys.io/hosts/167.56.122.192
- https://search.censys.io/hosts/167.56.194.219
- https://search.censys.io/hosts/167.56.196.20
- https://search.censys.io/hosts/167.56.198.48
- https://search.censys.io/hosts/167.56.198.150
- https://search.censys.io/hosts/167.56.203.196
- https://search.censys.io/hosts/167.58.233.226
- https://search.censys.io/hosts/167.58.245.20
- https://search.censys.io/hosts/167.59.76.50
- https://search.censys.io/hosts/167.59.76.141
- https://search.censys.io/hosts/167.99.194.51
- https://search.censys.io/hosts/167.172.106.238
- https://search.censys.io/hosts/168.138.174.173
- https://search.censys.io/hosts/170.187.142.23
- https://search.censys.io/hosts/172.86.78.127
- https://search.censys.io/hosts/172.93.165.118
- https://search.censys.io/hosts/172.105.66.217
- https://search.censys.io/hosts/174.138.28.5
- https://search.censys.io/hosts/175.178.226.246
- https://search.censys.io/hosts/176.123.8.200
- https://search.censys.io/hosts/176.124.32.160
- https://search.censys.io/hosts/177.67.71.17
- https://search.censys.io/hosts/178.62.57.69
- https://search.censys.io/hosts/179.25.216.69
- https://search.censys.io/hosts/179.25.221.138
- https://search.censys.io/hosts/179.25.222.247
- https://search.censys.io/hosts/182.61.19.90
- https://search.censys.io/hosts/184.73.53.214
- https://search.censys.io/hosts/185.32.126.34
- https://search.censys.io/hosts/185.39.204.47
- https://search.censys.io/hosts/185.64.247.201
- https://search.censys.io/hosts/185.74.222.204
- https://search.censys.io/hosts/185.112.144.20
- https://search.censys.io/hosts/185.158.94.217
- https://search.censys.io/hosts/185.163.45.244
- https://search.censys.io/hosts/185.203.118.50
- https://search.censys.io/hosts/185.225.74.223
- https://search.censys.io/hosts/185.239.225.17
- https://search.censys.io/hosts/185.247.224.13
- https://search.censys.io/hosts/187.95.25.167
- https://search.censys.io/hosts/188.166.251.121
- https://search.censys.io/hosts/188.191.106.34
- https://search.censys.io/hosts/188.191.106.251
- https://search.censys.io/hosts/190.133.129.34
- https://search.censys.io/hosts/190.133.130.250
- https://search.censys.io/hosts/190.133.139.168
- https://search.censys.io/hosts/190.133.143.80
- https://search.censys.io/hosts/190.133.150.121
- https://search.censys.io/hosts/190.133.150.206
- https://search.censys.io/hosts/190.133.155.21
- https://search.censys.io/hosts/190.133.159.153
- https://search.censys.io/hosts/190.133.232.69
- https://search.censys.io/hosts/190.133.235.6
- https://search.censys.io/hosts/190.133.236.207
- https://search.censys.io/hosts/190.133.237.30
- https://search.censys.io/hosts/190.133.238.68
- https://search.censys.io/hosts/190.134.43.116
- https://search.censys.io/hosts/190.134.50.10
- https://search.censys.io/hosts/190.134.139.110
- https://search.censys.io/hosts/190.134.148.138
- https://search.censys.io/hosts/190.134.155.238
- https://search.censys.io/hosts/190.134.200.111
- https://search.censys.io/hosts/190.134.202.117
- https://search.censys.io/hosts/190.135.124.228
- https://search.censys.io/hosts/190.135.126.109
- https://search.censys.io/hosts/190.135.168.212
- https://search.censys.io/hosts/190.135.176.171
- https://search.censys.io/hosts/190.135.177.179
- https://search.censys.io/hosts/190.135.182.53
- https://search.censys.io/hosts/190.135.184.127
- https://search.censys.io/hosts/190.135.186.92
- https://search.censys.io/hosts/190.135.209.12
- https://search.censys.io/hosts/190.135.233.148
- https://search.censys.io/hosts/192.99.223.135
- https://search.censys.io/hosts/192.121.163.90
- https://search.censys.io/hosts/192.153.57.73
- https://search.censys.io/hosts/192.153.57.181
- https://search.censys.io/hosts/193.37.69.123
- https://search.censys.io/hosts/193.43.94.63
- https://search.censys.io/hosts/193.233.48.14
- https://search.censys.io/hosts/194.4.51.90
- https://search.censys.io/hosts/194.58.98.232
- https://search.censys.io/hosts/194.135.33.127
- https://search.censys.io/hosts/195.24.66.110
- https://search.censys.io/hosts/195.85.114.214
- https://search.censys.io/hosts/195.123.241.72
- https://search.censys.io/hosts/198.211.102.42
- https://search.censys.io/hosts/205.185.113.85
- https://search.censys.io/hosts/207.148.127.136
- https://search.censys.io/hosts/209.38.232.99
- https://search.censys.io/hosts/209.79.69.200
- https://search.censys.io/hosts/209.141.50.192
- https://search.censys.io/hosts/209.250.255.119
- https://search.censys.io/hosts/212.227.9.150
- https://twitter.com/MichalKoczwara/status/1641089473306828804
- https://twitter.com/MichalKoczwara/status/1641113392843718660
- https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace
Literature
The following articles explain our unique predictive cyber threat intelligence:
- VulDB Cyber Threat Intelligence Documentation
- Cyber Threat Intelligence - Early Anticipation of Attacks
License
(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!