# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: awaken, awaken botnet, nova stealer

# Reference: https://twitter.com/FalconFeedsio/status/1730894850210537615
# Reference: https://www.virustotal.com/gui/ip-address/163.5.121.98/relations

nova-sentinel.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.nova/ (# 2024-08-25)

185.196.9.97:3000
185.196.9.97:443
89.213.140.115.nerozix.ovh
89.213.140.115:443
92.249.48.64:3000
92.249.48.64:443
awaken-network.net
ieatpoop.info
nova-screen-webview.com
onsttuiona.com

# Reference: https://app.validin.com/detail?find=Welcome%20To%20Awaken%20Network&type=raw&ref_id=680bb72ecb9#tab=host_pairs_v2

http://151.80.169.179
http://5.42.104.194
http://79.137.4.100
92.249.48.68:3000
92.249.48.68:443

# Reference: https://x.com/NDA0E/status/1827810997358461006

92.249.48.63:2000
92.249.48.63:443
92.249.48.79:3000
92.249.48.79:443

# Reference: https://x.com/NDA0E/status/1828045352785838172

185.196.10.128:2000
185.196.10.128:443
185.196.10.129:3000
185.196.10.129:443

# Reference: https://x.com/NDA0E/status/1828678990233481217
# Reference: https://www.virustotal.com/gui/ip-address/185.196.10.129/relations
# Reference: https://www.virustotal.com/gui/file/1ba4ec20ab8135a867590acf31ea6dae7f89373e7fd9b570d2bc40cd311d2e35/detection

nova-nation.pro

# Reference: https://x.com/NDA0E/status/1828986289938481549
# Reference: https://x.com/NDA0E/status/1830642000539930759
# Reference: https://www.virustotal.com/gui/ip-address/185.196.10.128/relations

nova-nation.org
nova-nation.online
nova-stealer.cloud
nova-stealer.com
nova-stealer.tech
nova-stealer.xyz

# Reference: https://app.validin.com/detail?find=Hawkish&type=raw#tab=host_pairs_v2

hectorcat.online
jaimelecaca.com

# Reference: https://x.com/ChickenWhisker/status/1958495633683419580
# Reference: https://www.elastic.co/es/security-labs/maas-appeal-an-infostealer-rises-from-the-ashes
# Reference: https://www.virustotal.com/gui/file/1505fdb0a4341c03018ea275ecb5c1f3eaf8e92f965a269eae798a305ff6fb1d/detection

nova-shadow.com
nova-shadow.pages.dev
nova-shadow.shop
nova-shadow.store
yarasahub.com
zszsszsz.pages.dev

# Reference: https://x.com/malwrhunterteam/status/1902417657023918435
# Reference: https://x.com/cepitaking/status/1905711135946666121
# Reference: https://www.elastic.co/es/security-labs/maas-appeal-an-infostealer-rises-from-the-ashes
# Reference: https://tria.ge/250328-wzx9asztb1/behavioral2
# Reference: https://www.virustotal.com/gui/file/ec587d2defea6984ded7577049ff22f414d8ca84e6ecac5530356d6ef481c483/detection

nova-blight.site
nova-blight.top
nova-blight.xyz
api.nova-blight.site
api.nova-blight.xyz
bamboulacity.nova-blight.xyz
shadow.nova-blight.top
