# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: awaken, awaken botnet, nova stealer, electron stealer

# Reference: https://twitter.com/FalconFeedsio/status/1730894850210537615
# Reference: https://www.virustotal.com/gui/ip-address/163.5.121.98/relations

nova-sentinel.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.nova/ (# 2024-08-25)

185.196.9.97:3000
185.196.9.97:443
89.213.140.115.nerozix.ovh
89.213.140.115:443
92.249.48.64:3000
92.249.48.64:443
awaken-network.net
ieatpoop.info
nova-screen-webview.com
onsttuiona.com

# Reference: https://app.validin.com/detail?find=Welcome%20To%20Awaken%20Network&type=raw&ref_id=680bb72ecb9#tab=host_pairs_v2

http://151.80.169.179
http://5.42.104.194
http://79.137.4.100
92.249.48.68:3000
92.249.48.68:443

# Reference: https://x.com/NDA0E/status/1827810997358461006

92.249.48.63:2000
92.249.48.63:443
92.249.48.79:3000
92.249.48.79:443

# Reference: https://x.com/NDA0E/status/1828045352785838172

185.196.10.128:2000
185.196.10.128:443
185.196.10.129:3000
185.196.10.129:443

# Reference: https://x.com/NDA0E/status/1828678990233481217
# Reference: https://www.virustotal.com/gui/ip-address/185.196.10.129/relations
# Reference: https://www.virustotal.com/gui/file/1ba4ec20ab8135a867590acf31ea6dae7f89373e7fd9b570d2bc40cd311d2e35/detection

nova-nation.pro

# Reference: https://x.com/NDA0E/status/1828986289938481549
# Reference: https://x.com/NDA0E/status/1830642000539930759
# Reference: https://www.virustotal.com/gui/ip-address/185.196.10.128/relations

nova-nation.org
nova-nation.online
nova-stealer.cloud
nova-stealer.com
nova-stealer.tech
nova-stealer.xyz

# Reference: https://app.validin.com/detail?find=Hawkish&type=raw#tab=host_pairs_v2

hectorcat.online
jaimelecaca.com

# Reference: https://x.com/ChickenWhisker/status/1958495633683419580
# Reference: https://www.elastic.co/es/security-labs/maas-appeal-an-infostealer-rises-from-the-ashes
# Reference: https://www.virustotal.com/gui/file/1505fdb0a4341c03018ea275ecb5c1f3eaf8e92f965a269eae798a305ff6fb1d/detection

nova-shadow.com
nova-shadow.pages.dev
nova-shadow.shop
nova-shadow.store
yarasahub.com
zszsszsz.pages.dev

# Reference: https://x.com/malwrhunterteam/status/1902417657023918435
# Reference: https://x.com/cepitaking/status/1905711135946666121
# Reference: https://www.elastic.co/es/security-labs/maas-appeal-an-infostealer-rises-from-the-ashes
# Reference: https://tria.ge/250328-wzx9asztb1/behavioral2
# Reference: https://www.virustotal.com/gui/file/ec587d2defea6984ded7577049ff22f414d8ca84e6ecac5530356d6ef481c483/detection

nova-blight.site
nova-blight.top
nova-blight.xyz
api.nova-blight.site
api.nova-blight.xyz
bamboulacity.nova-blight.xyz
shadow.nova-blight.top

# Reference: https://x.com/suyog41/status/1980177758522126603
# Reference: https://x.com/ShadowOpCode/status/1980539706376114684
# Reference: https://www.virustotal.com/gui/file/1ce4c572685b6effb9009fe757cab567cd1eb37b4be709806d7a5e7796107e5a/detection
# Reference: https://www.virustotal.com/gui/file/06f6a3c0f9ecb47ef6c20f5cb3c74c71fa94d4637d4a105dde1162927834c4fe/detection

nova-shadow.cc
nova-shadow.sellhub.cx

# Reference: https://x.com/struppigel/status/2029571910615351455
# Reference: https://www.virustotal.com/gui/file/7d68ff23ba4173e1cfe98e2b1e43c96ade9ebc3a960a72a09b52f3e3c25f309e/detection
# Reference: https://www.virustotal.com/gui/file/33a584f4c6ad49b2034a9629834e59d3d88876468a3541c1bc07e45051a32854/detection
# CLASS_0_HASH-HOST=30f434fe3c6f0f5e51434eb9f5588bf5
# FAVICON_HASH-HOST=f64c531b8d8694ec94828db66fa1ce25
# TITLE-HOST=Stellarconquest | Sapir Wharf

gonefishe.com
stellar-conquest.fr
stellar-conquest.online
stellarconquest.fr

# Reference: https://x.com/rifteyy/status/2038191929045737622
# Reference: https://www.virustotal.com/gui/file/be1762627070078722cff01af73a388017283b0aa87f4c34e86fa0ceb8012b2d/detection

193.222.99.18:3000
