IOCs · Havoc · threatengine.sh

Home/Havoc/IOCs

IOCs

Indicators for Havoc

98 indicators · scoped to malware families · back to Havoc

Live IOCs from URLhaus, ThreatFox, MalwareBazaar, and abuse.ch SSLBL for malware families this tool uses. All indicators are defanged for safe handling.

⚠

Indicators

98 of 98

url

hxxps://github.com/chromawashere/Security/raw/refs/heads/main/SysUpdate.exe

family Havoc source urlhaus first seen 2026-05-30T19:39:41Z

VirusTotal urlscan OTX URLhaus Pulsedive

sslbl_sha1

64791ca37e56aa878c44021a630634bca999cdbe

family Havoc source sslbl first seen 2026-03-24 07:40:43

VirusTotal OTX

url

hxxps://raw.githubusercontent.com/twitodaniel10-sudo/Security/refs/heads/main/runner.exe

family Havoc source urlhaus first seen 2026-03-22 18:05:12 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://raw.githubusercontent.com/twitodaniel10-sudo/Security/refs/heads/main/old.exe

family Havoc source urlhaus first seen 2026-03-22 18:05:10 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://raw.githubusercontent.com/twitodaniel10-sudo/Security/main/SysAuditHost.exe

family Havoc source urlhaus first seen 2026-03-22 18:05:08 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

url

hxxps://raw.githubusercontent.com/twitodaniel10-sudo/Security/refs/heads/main/toogood.exe

family Havoc source urlhaus first seen 2026-03-22 18:05:08 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

sslbl_sha1

c1c0073363896e9c687faf206199b45ffe4297b6

family Havoc source sslbl first seen 2026-02-12 17:48:37

VirusTotal OTX

sslbl_sha1

bd906a4c3e6d1498f8b883c1fa00666d70096850

family Havoc source sslbl first seen 2026-01-07 13:50:48

VirusTotal OTX

sslbl_sha1

9cc8b187f164e52b6652317c01658435019bdce8

family Havoc source sslbl first seen 2025-12-03 14:51:44

VirusTotal OTX

url

hxxps://fb6390d5.infinityindians.pages.dev/stage1.ps1

family Havoc source urlhaus first seen 2025-11-21 12:39:10 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

sslbl_sha1

4ecce8335d5a54f34f5d8542d646a8e4f077eb69

family Havoc source sslbl first seen 2025-09-08 12:15:57

VirusTotal OTX

sslbl_sha1

4c2ab1e806a01937dd1150b3a8ece6f2fbb4665c

family Havoc source sslbl first seen 2025-08-20 13:18:00

VirusTotal OTX

sslbl_sha1

3b1955afa9e1ee701966e1ad553064230a6c4452

family Havoc source sslbl first seen 2025-08-18 06:18:58

VirusTotal OTX

sslbl_sha1

b4c3c564fb085147d9bff80593a7ffcdd2949e35

family Havoc source sslbl first seen 2025-07-28 12:40:27

VirusTotal OTX

sslbl_sha1

e67418e586adf899a6bdd8401355e851eb8db9bb

family Havoc source sslbl first seen 2025-06-24 05:31:22

VirusTotal OTX

sslbl_sha1

2f28768eda7d542e3b177a621c2a477222c89686

family Havoc source sslbl first seen 2025-06-10 05:13:32

VirusTotal OTX

sslbl_sha1

bfe059b0195593107e1d35aa85f9468ea6bb811e

family Havoc source sslbl first seen 2025-03-30 08:09:29

VirusTotal OTX

sslbl_sha1

413ebc4b5c780fde38082487898391382d60e6bd

family Havoc source sslbl first seen 2024-11-14 06:55:23

VirusTotal OTX

url

hxxp://8.138.96.41:10050/demon.x64.bin

family Havoc source urlhaus first seen 2024-10-17 16:05:13 UTC

VirusTotal urlscan OTX URLhaus Pulsedive

sslbl_sha1

3ecd22a76155f63c9a83206a22a01279fe386ea5

family Havoc source sslbl first seen 2024-07-12 07:46:58

VirusTotal OTX

sslbl_sha1

6ae5aa534457e6c0d226353a234f84318492ca6a

family Havoc source sslbl first seen 2023-12-04 09:28:43

VirusTotal OTX

sslbl_sha1

b4bc174c1dd33972ed980f1e98ff709a3eb43ff2

family Havoc source sslbl first seen 2023-11-26 09:29:11

VirusTotal OTX

sslbl_sha1

c2788a698b49cef3e09a14d74bb1b78fb1a45f47

family Havoc source sslbl first seen 2023-05-25 12:56:26

VirusTotal OTX

ip:port

186[.]120[.]214[.]158:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

194[.]163[.]154[.]86:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

144[.]172[.]100[.]157:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

206[.]81[.]21[.]156:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

137[.]184[.]102[.]191:80

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

107[.]175[.]148[.]68:8080

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

80[.]78[.]30[.]62:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

85[.]120[.]252[.]124:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

83[.]217[.]215[.]55:80

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

2[.]26[.]96[.]209:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

194[.]33[.]48[.]221:8443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

91[.]134[.]139[.]176:8443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

194[.]33[.]48[.]221:8081

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

94[.]198[.]51[.]234:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

62[.]171[.]190[.]148:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

31[.]57[.]201[.]105:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

2[.]26[.]96[.]209:8080

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

44[.]215[.]161[.]149:4005

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

178[.]105[.]40[.]204:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

172[.]245[.]152[.]57:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

154[.]7[.]228[.]167:2443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

194[.]37[.]80[.]126:7543

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

192[.]227[.]232[.]124:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

172[.]245[.]54[.]187:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

66[.]85[.]27[.]18:80

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

52[.]198[.]162[.]251:16000

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

5[.]75[.]185[.]142:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

217[.]28[.]130[.]143:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

209[.]38[.]248[.]122:9443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

202[.]171[.]43[.]176:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

202[.]181[.]24[.]236:8443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

206[.]189[.]40[.]107:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

194[.]37[.]80[.]126:4430

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

150[.]230[.]160[.]171:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

142[.]93[.]88[.]220:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

164[.]92[.]67[.]70:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

100[.]52[.]66[.]182:8080

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]84[.]183[.]211:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

15[.]204[.]14[.]143:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

15[.]204[.]14[.]143:80

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

15[.]204[.]95[.]228:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

143[.]198[.]215[.]97:8080

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

143[.]198[.]215[.]97:8000

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

212[.]103[.]26[.]10:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

64[.]23[.]248[.]252:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

40[.]66[.]42[.]246:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

40[.]66[.]42[.]246:80

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

51[.]81[.]171[.]234:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

193[.]239[.]85[.]15:2083

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

161[.]35[.]176[.]231:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

41[.]216[.]189[.]77:2096

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]83[.]134[.]97:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

51[.]81[.]171[.]234:80

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

15[.]204[.]95[.]228:80

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

20[.]188[.]119[.]195:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

20[.]188[.]119[.]195:80

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

159[.]223[.]0[.]103:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

164[.]92[.]79[.]49:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

161[.]35[.]239[.]147:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

20[.]220[.]29[.]224:8443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

172[.]236[.]10[.]250:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

45[.]150[.]34[.]117:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

82[.]156[.]224[.]184:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]236[.]24[.]112:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

82[.]197[.]69[.]156:8443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

139[.]59[.]84[.]11:2053

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

43[.]106[.]14[.]139:8085

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

164[.]90[.]206[.]5:8443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

103[.]13[.]210[.]49:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

184[.]82[.]96[.]72:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

62[.]171[.]190[.]148:8081

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

207[.]154[.]243[.]85:8443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

20[.]104[.]107[.]19:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

154[.]205[.]145[.]109:2096

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

210[.]2[.]169[.]213:443

family Havoc source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

Showing 1-98 of 98

Prev 1 Next

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin