Hunting Havoc C2 🎯 Sometimes Threat Actors change certificates from defaults to custom ones, for example👇 165.227.106.175 <- Our hypothesis this could be Havoc C2 Looks like this IP is running with the LetsEncrypt certificate Now let's investigate this case🕵️♂️ https://t.co/vYPjhbkYLS
— Michael Koczwara (@MichalKoczwara) May 1, 2023
from Twitter https://twitter.com/MichalKoczwara
May 01, 2023 at 06:41AM
via IFTTT
Hunting Havoc C2 🎯 Sometimes Threat Actors change certificates from defaults to custom ones, for example👇 165.227.106.175 <- Our hypothesis this could be Havoc C2 Looks like this IP is running with the LetsEncrypt certificate Now let's investigate this case🕵️♂️ https://t.co/vYPjhbkYLS
MichalKoczwara
https://twitter.com/MichalKoczwara/status/1652986620658761729
https://t.co/vYPjhbkYLS
