# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://www.virustotal.com/en/file/0687cd8d38c334a970b81b1ba9bb2e18aa66424edba3f33b61f7d03e35d5db20/analysis/ # Reference: https://isc.sans.edu/forums/diary/Crypto+Mining+Is+More+Popular+Than+Ever/24050 # Reference: https://www.alibabacloud.com/blog/jbossminer-mining-malware-analysis_593804 # Reference: https://blog.talosintelligence.com/2018/08/rocke-champion-of-monero-miners.html # Reference: https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-evade-detection-by-cloud-security-products/ 3g2upl4pq6kufc4m.tk a.ssvs.space aybc.so blockbitcoin.com d3goboxon32grk2l.tk d20blzxlz9ydha.cloudfront.net dazqc4f140wtl.cloudfront.net dwn.rundll32.ml enjoytopic.tk realtimenews.tk sydwzl.cn # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/linux-coin-miner-copied-scripts-from-korkerds-removes-all-other-malware-and-miners/ drnfbu.xyz yxarsh.shop # Reference: https://www.anomali.com/blog/rocke-evolves-its-arsenal-with-a-new-malware-family-written-in-golang # Reference: https://otx.alienvault.com/pulse/5c8bff7c52e568275bf09e0b sowcar.com w2wz.com # Generic link path signs for sh-loaders of ELF-coinminer /bonn.sh /conn.sh /Duck.sh /kw.sh /lower.sh /lowerv2.sh /lowerv3.sh /pro.sh /r88.sh /root.sh /rootv2.sh /rootv3.sh # Reference: https://twitter.com/bad_packets/status/1106094104520253441 # Reference: https://www.virustotal.com/#/file/5c1439c0db107cb5f3a9b9c239652b26935a2badaf1d840812702267290ebcac/detection /a_thk.sh # Reference: https://twitter.com/SugitaMuchi/status/1075352914221121537 103.55.13.68:13333 # Reference: https://twitter.com/bad_packets/status/1123473023313616896 45.67.14.152:1337 # Reference: https://twitter.com/liuya0904/status/1135901420958281729 # Reference: https://pastebin.com/5Ee4Xevs 220.194.237.43:43768 w.21-3n.xyz w.3ei.xyz w.lazer-n.com # Reference: https://otx.alienvault.com/pulse/5d0773672ba7e7853c4ad5cf 51.15.56.161:443 51.38.133.232:80 51.38.133.232:201 http://107.173.102.59 http://107.174.47.156 http://107.174.47.181 http://51.15.56.161 # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-botnet-arrives-through-adb-and-spreads-through-ssh/ 198.98.51.104:282 # Reference: https://twitter.com/KernelD0wn/status/1144379473585983493 http://112.216.100.210 # Reference: https://twitter.com/bad_packets/status/1151785688360075264 http://185.181.10.234 # Reference: https://www.alibabacloud.com/blog/return-of-watchbog-exploiting-jenkins-cve-2018-1000861_594798 # Reference: https://otx.alienvault.com/pulse/5d35958a9983df3a51f1a3b9 # Reference: https://blog.talosintelligence.com/2019/09/watchbog-patching.html # Reference: https://otx.alienvault.com/pulse/5d794c4a25c9e790d1f66f01 http://45.55.211.79 z5r6anrjbcasuikp.onion.to aziplcr72qjhzvin.onion.to # Reference: https://otx.alienvault.com/pulse/5d44442ef2bd636085171214 # Reference: https://unit42.paloaltonetworks.com/rockein-the-netflow/ # Reference: https://otx.alienvault.com/pulse/5db2e2a517e95c5c22817055 # Reference: https://www.anomali.com/blog/illicit-cryptomining-threat-actor-rocke-changes-tactics-now-more-difficult-to-detect z9ls.com gwjyhs.com heheda.tk systemten.org sowcar.com baocangwh.cn cloudappconfig.com w2wz.cn iap5u1rbety6vifaxsi9vovnc9jjay2l.com # Reference: https://twitter.com/28bit/status/1159906315642253312 http://96.32.50.131 http://188.192.40.43 /racks_s # Reference: https://habr.com/ru/company/pt/blog/466877/ (Russian) http://107.174.47.156 http://154.16.67.135 http://154.16.67.136 # Reference: https://blog.sucuri.net/2019/10/cryptominers-backdoors-found-in-fake-plugins.html xfer.abcxyz.stream # Reference: https://www.virustotal.com/gui/file/2d9fb5ea6356fba9734673ba4ed1653ff7e887875cc3bfc9da7669c80a53a93b/detection # Reference: https://twitter.com/luc4m/status/1202311106187821056 (Note: not perl ircbot) # Reference: https://yoroi.company/research/outlaw-is-back-a-new-crypto-botnet-targets-european-organizations/ # Reference: https://otx.alienvault.com/pulse/5eb984d90091572e80b24197 45.9.148.125:80 45.9.148.125:443 45.9.148.129:80 45.9.148.129:443 debian-package.center # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/outlaw-updates-kit-to-kill-older-miner-versions-targets-more-systems/ # Reference: https://otx.alienvault.com/pulse/5e42eb027242294dd0f82358 104.236.192.6:80 159.203.141.208:80 minpop.com/sk12pack/idents.php minpop.com/sk12pack/names.php # Reference: https://unit42.paloaltonetworks.com/los-zetas-from-eleethub-botnet/ # Reference: https://otx.alienvault.com/pulse/5ec4066fef9efdf091b20025 # Reference: https://www.virustotal.com/gui/file/14c351d76c4e1866bca30d65e0538d94df19b0b3927437bda653b7a73bd36358/detection # Reference: https://www.virustotal.com/gui/file/9ae6fba4d9359a85984377dc9795de422bd9fbfa41558372ba8be9d5b9c9aa14/detection 62.210.119.142:80 62.210.119.142:4444 eleethub.com # Reference: https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/ # Reference: https://otx.alienvault.com/pulse/5ef4b1a819214546dc8ef774 144.202.23.108:4444 155.138.227.135:442 155.138.234.122:442 66.42.53.57:442 66.42.93.164:442 5pwcq42aa42fjzel.onion 73avhutb24chfsh6.onion # Reference: https://twitter.com/IntezerLabs/status/1300757052940263425 http://195.226.222.209 34.235.65.248:443 cdn.interakt.md # Reference: https://www.trendmicro.com/en_us/research/20/i/exposed-docker-server-abused-to-drop-cryptominer-ddos-bot-.html # Reference: https://otx.alienvault.com/pulse/5f622709681c2f7c568f13f4 http://104.244.75.25 http://107.189.11.170 http://205.185.113.151 c4k.xpl.pwndns.pw # Reference: https://securelist.com/miner-xmrig/99151/ # Reference: https://otx.alienvault.com/pulse/5f91a968694f84319b78938c 2fsdfsdgvsdvzxcwwef-defender.xyz sihost.xyz srhost.xyz svchost.xyz # Reference: https://twitter.com/VessOnSecurity/status/1325090726187851777 # Reference: https://www.virustotal.com/gui/file/e2a4507f53247b0b4ca2040dd637118538fafd59cb47a186798a858fd43a7fb8/detection http://103.125.218.107 global.bitmex.com.de/b2f627fff19fda/ # Reference: https://twitter.com/IntezerLabs/status/1334147151329435650 # Reference: https://www.virustotal.com/gui/file/876881f4c658ce8525f54e0eb06bfc8721f238878c3ff3e7f8387d7f84e13150/detection hellomeyou.cyou json.hellomeyou.cyou # Reference: https://twitter.com/r3dbU7z/status/1338245237517520898 # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/exposed-redis-instances-abused-for-remote-code-execution-cryptocurrency-mining/ # Reference: https://www.virustotal.com/gui/file/ea55a206f7047f54a9e97cc3234848dfd3e49d0b5f9569b08545f1ad0e733286/detection # Reference: https://www.virustotal.com/gui/file/3c7faf7512565d86b1ec4fe2810b2006b75c3476b4a5b955f0141d9a1c237d38/detection http://178.157.91.26 http://45.137.151.106 178.157.91.26:1433 178.157.91.26:6379 178.157.91.26:6380 178.157.91.26:7001 178.157.91.26:7002 178.157.91.26:8080 178.157.91.26:8088 178.157.91.26:9200 /hrh8rjmb95n8t7t/ # Reference: https://www.virustotal.com/gui/file/969094571f6fcfd22238fe3163b7742a13402357961cda66acb3f192edd2d25b/detection tyz2020.top # Reference: https://twitter.com/r3dbU7z/status/1362716682507210755 http://47.114.157.117 # Reference: https://www.virustotal.com/gui/file/e1d7014b84618cd7fbf94439c78fe7d67f351cbc5536885fa3d94ea15325d83b/detection http://199.19.226.117 # Reference: https://twitter.com/r3dbU7z/status/1366886386985545728 http://34.107.61.31 # Reference: https://twitter.com/xuy1202/status/1371307049221382147 zzhreceive.anondns.net # Reference: https://twitter.com/r3dbU7z/status/1406295518213517320 # Reference: https://twitter.com/r3dbU7z/status/1406298605712031751 http://104.236.13.229 http://174.138.117.79 # Reference: https://blog.netlab.360.com/ten-families-of-malicious-samples-are-spreading-using-the-log4j2-vulnerability-now/ http://129.226.180.53 # Reference: https://twitter.com/BushidoToken/status/1479400276859801603 # Reference: https://cystack.net/research/the-attack-on-onus-a-real-life-case-of-the-log4shell-vulnerability # Reference: https://www.virustotal.com/gui/file/d9e6eaeaacb3feb6e32482301f918f19727466e13bc0bef5323a1c86f42a8ca2/detection http://45.147.230.219 45.147.230.219:8001 45.147.230.219:81 # Reference: https://twitter.com/t0001100000/status/1446048755577458694 # Reference: https://www.anomali.com/blog/inside-teamtnts-impressive-arsenal-a-look-into-a-teamtnt-server /chimaeraxmr.c /chimaeraxmr.h /docker.ethminer.sh /my.xmr.sh /Setup_ETH_Miner.sh /Setup_ETH_MinerService.sh /setup_c3pool_miner.sh /setup_moneroocean_miner.sh /Setup_RainBow_Miner.sh /xmrigCC/ /xmrig_setup/ # Reference: https://blog.netlab.360.com/li-yong-namesilo-parkinghe-googlede-zi-ding-yi-ye-mian-lai-chuan-bo-e-yi-ruan-jian/ # Reference: https://otx.alienvault.com/pulse/618cfe9c6d8832f3adde566b gannimachoubi.cyou hvtde6ew5.top # Reference: https://www.virustotal.com/gui/file/ce278388efbe6072bef8fea520946b5b9f4c35e694476c49747164d580e0b28d/detection 195.2.93.34:443 # Reference: https://www.trendmicro.com/en_us/research/22/e/patch-your-wso2-cve-2022-29464-exploited-to-install-linux-compatible-cobalt-strike-beacons-other-malware.html 13.94.40.162:8088 # Reference: https://twitter.com/1ZRR4H/status/1557851650433642496 198.98.59.44:8812 205.185.125.45:8080 # Reference: https://twitter.com/TekDefense/status/1577650055057739777 # Reference: https://www.virustotal.com/gui/file/447fec7fd70235bd0072f829b29dc951232f339c9566b8bd9dbf2e3bd3e41907/detection 45.141.157.113:82 # Reference: https://twitter.com/1ZRR4H/status/1579569830751252481 # Reference: https://www.virustotal.com/gui/file/d4c364b1e30174387d4650d2869765e1fb620a73724ce5f64593b50567cdc241/detection 122.181.174.44:8888 oednikufecin.cl # Reference: https://www.virustotal.com/gui/file/04ee0bbb8ba84eeac2f4af133dc8ceff6b5c9159729d937875a89762bc5b6e29/detection # Reference: https://www.virustotal.com/gui/file/1abceb0e87ed9314de31d8bf2c2a38000d6fc67be1322787913ed744cbdf54d9/detection 146.59.198.38:8080 c4k-rx0.pwndns.pw work.onlypirate.top # Reference: https://www.virustotal.com/gui/file/89c31b380ee72c4a85927c1c148f974572c228c8152e9038c1668ea933f140f8/detection # Reference: https://elfdigest.com/brief/e2c3e81aa24b20ac71147340adc1eaedf077ad00e4a2359e3db47b166cf5411a 137.184.82.101:8080 167.114.114.169:8080 su1001-2.top fbi.su1001-2.top # Reference: https://asec.ahnlab.com/ko/44885/ # Reference: https://otx.alienvault.com/pulse/63ac153614c9db1f6699fa19 # Reference: https://www.virustotal.com/gui/file/d2626acc7753a067014f9d5726f0e44ceba1063a1cd193e7004351c90875f071/detection http://167.172.103.111 http://172.104.170.240 http://172.105.211.21 hostname.help ic.hostname.help wget.hostname.help # Reference: https://twitter.com/SecureSh3ll/status/1614708088828837889 39.165.53.17:8088 # Reference: https://twitter.com/SecureSh3ll/status/1614755430651105281 http://185.216.71.148 /minerus-dark # Reference: https://twitter.com/suyog41/status/1618135008283332608 # Reference: https://www.virustotal.com/gui/file/61db2eb29b89370e3f32ac9dcf1b172c9a4a115598c4b22bfa6802804692ce25/detection http://185.106.94.146 45.142.122.11:8080 bpdeliver.ru dw.bpdeliver.ru # Reference: https://elfdigest.com/brief/d318cdb5fee75d647c784a6dcb2a5a613143caf7740087726911bab35206b666 # Reference: https://www.virustotal.com/gui/file/d318cdb5fee75d647c784a6dcb2a5a613143caf7740087726911bab35206b666/detection http://194.87.102.77 # Reference: https://mp.weixin.qq.com/s/-mZD0pPbeIgxoTUNNFBnrw # Reference: https://otx.alienvault.com/pulse/63ff9e52727a0663f1e78001 whitesnake.church load.whitesnake.church pool.whitesnake.church # Reference: https://www.virustotal.com/gui/file/b092385641c3b87f1fcfec515c29962272ac253a9cbc7d987e05740d5af597a6/detection 185.252.178.82:6972 45.10.20.100:1010 45.10.20.100:2008 # Reference: https://www.virustotal.com/gui/file/d21de0d62549c6a22a3f170b0bf0b0083d87908b1dad6f95d2e6c254f13451c2/detection 95.214.24.102:6972 # Reference: https://www.virustotal.com/gui/file/8690240b6df9e303b66d1b0622aa249e1b19db29aa80edaa6a3ba79667544d95/detection bdg0b50yfhqg7.cfc-execute.bj.baidubce.com # Reference: https://twitter.com/sicehice/status/1640135678947217408 http://47.87.236.177 # Reference: https://twitter.com/sicehice/status/1645918416660996096 45.61.137.96:8081 # Reference: https://twitter.com/SecureSh3ll/status/1719826326981403116 # Reference: https://www.akamai.com/blog/security-research/mexals-cryptojacking-malware-resurgence # Reference: https://github.com/akamai/akamai-security-research/blob/main/malware/mexals/iocs.csv # Reference: https://otx.alienvault.com/pulse/6437fd922644796c1e12055a # Reference: https://otx.alienvault.com/pulse/64906f1ae8efba6ea78b79ee # Reference: https://www.virustotal.com/gui/file/815dd34957f6c640ff6a70b16a71c5781a4618fe51d5d77a6e51526eb49cf2f5/detection # Reference: https://www.virustotal.com/gui/file/f1e03af7a7f683e4b5555dfc7660aa4fc1c6d87ee674dba2dea9a238dd38548b/detection http://139.99.123.196 http://91.92.247.224 http://95.214.27.89 212.193.30.11:2121 45.139.105.222:2121 45.88.67.94:2121 45.9.148.108:2121 95.214.27.89:1337 arhivehaceru.com dinpasiune.com nasa.arhivehaceru.com # Reference: https://twitter.com/r3dbU7z/status/1648586927266832384 178.62.44.152:9000 # Reference: https://twitter.com/abuse_ch/status/1648926739232432128 # Reference: https://twitter.com/sicehice/status/1676332839254597633 http://45.81.243.128 45.81.243.128:3333 # Reference: https://www.virustotal.com/gui/file/812133033ba969731b66c63d5468556e42048bad396ef1026b5a91dda98bc289/detection # Reference: https://www.virustotal.com/gui/file/1f66675d2102e5d4ac89a239f9022c48b3bf23fe92dadb832d84e0eac6e476d6/detection # Reference: https://elfdigest.com/brief/1f66675d2102e5d4ac89a239f9022c48b3bf23fe92dadb832d84e0eac6e476d6 107.189.6.203:62652 # Reference: https://www.virustotal.com/gui/file/8a29dfe241a86c8f1ebf8984b8f4f4f9de5f904b930a44a99d139358c733b4ec/detection 193.47.61.251:3333 # Reference: https://twitter.com/sicehice/status/1686384236155346945 http://109.206.242.251 # Reference: https://sysdig.com/blog/labrat-cryptojacking-proxyjacking-campaign/ # Reference: https://www.virustotal.com/gui/file/d329f248910dd66c4fa9c514f79d876da56ba85c4b5d756002cb13c0c4409588/detection # Reference: https://www.virustotal.com/gui/file/d329f248910dd66c4fa9c514f79d876da56ba85c4b5d756002cb13c0c4409588/detection # Reference: https://www.virustotal.com/gui/file/7162a27a795d3ae13d0b8a6df0d7aa75fbefa74f8cb086ee46fdab0368d8ea07/detection 107.173.154.7:6969 172.245.226.47:5858 192.227.165.88:4443 192.227.165.88:6666 23.94.204.157:44445 23.94.204.157:7773 desertplanets.com # Reference: https://twitter.com/sicehice/status/1694051971055976811 # Reference: https://www.virustotal.com/gui/file/4c14d9dad1342819f2e1033e7cd48ec56965bc5aa1d308b952d80fc8d8812a83/detection # Reference: https://www.virustotal.com/gui/file/a52f49b7726293d8e2d60006b44eba5fb2c23966851eaf22ce9d15267440a1e2/detection asyncfox.xyz c2.asyncfox.xyz download.asyncfox.xyz xmr-pool.asyncfox.xyz # Reference: https://twitter.com/sicehice/status/1694546485864435835 # Reference: https://www.virustotal.com/gui/file/0f881a02d257f5679f0fbf7ec4ac491cbc28ad80b01db0df8275406aa9dbb56e/detection 94.130.144.19:19029 94.130.144.19:3333 94.130.144.19:5556 94.130.144.19:8000 # Reference: https://threatfox.abuse.ch/browse/malware/elf.cpuminer/ (# 2023-10-07) http://135.125.217.87 http://165.227.239.108 http://185.225.75.242 http://45.9.148.117 # Reference: https://twitter.com/SecureSh3ll/status/1738286142569504771 # Reference: https://www.virustotal.com/gui/file/e99f367777fa43405bc3c8db59258d1713ce18e5d7a7a264e8cd0eeea0f1e787/detection # Reference: https://www.virustotal.com/gui/file/b949767cd60c8d5d5260c5a9f682462f62f04d3dddbe4d3e4c450992fcd572cc/detection # Reference: https://www.virustotal.com/gui/file/b4373ac8abdd83fd1af8b93ddd292070080a96e2130e17a97ec1eebf2a8c0bea/detection # Reference: https://www.virustotal.com/gui/file/4a5965b0eab64c56adcc2e19513f6eba72d6103e5e156f14ba2f9d7b05a4edc5/detection # Reference: https://www.virustotal.com/gui/file/49a9b59eaf650ca8f0b7e50c10140c2d6dfe328bc131347ec360e0e537fff37b/detection # Reference: https://www.virustotal.com/gui/file/66b8cba29258740ad26da0706649dc2ad90f7b29397fe6da37753f0d2ea97561/detection http://208.68.38.81 http://91.121.68.60 128.199.210.191:8080 164.90.205.244:443 91.121.68.60:81 # Reference: https://twitter.com/sicehice/status/1740862006213882116 # Reference: https://www.virustotal.com/gui/file/58837808bcc1a8337b04da4aab97414e102e9724197de674275d3a4ab7cd420c/detection # Reference: https://www.virustotal.com/gui/file/1533a6bcd1ebe0455d6e00ced421dd5dc0caa01c21c30acbffbb932929cc4ac7/detection http://45.95.147.236 45.95.147.236:2137 45.95.147.236:43782 ohuyal.xyz cnc.ohuyal.xyz dw.ohuyal.xyz xmr.ohuyal.xyz # Reference: https://twitter.com/SecureSh3ll/status/1674512017053343745 # Reference: https://twitter.com/SecureSh3ll/status/1740878747740549485 141.98.6.76:6972 91.92.240.70:6972 /xrx.gpg /xrx.tar # Reference: https://twitter.com/malwrhunterteam/status/1745578479284871267 # Reference: https://www.virustotal.com/gui/file/cee6b19d4712ffce74d4b1a35ccaf7c2b4a32ab496712095c2d2b5c125f40608/detection # Reference: https://www.virustotal.com/gui/file/fb396e959f004fbaf291ee2e141562d3d41a6795bde35b90279f84c26dc600ec/detection # Reference: https://www.virustotal.com/gui/file/e2a3a3c68caadcf6589b7b10779dedd75a6e06dc1b9a81f8427f7e3451ef42b6/detection # Reference: https://www.virustotal.com/gui/file/a20d484ca79052a9fd85e5d3d92bf0ee2ec7ca70dc2b843e9154f44b6da2efa1/detection # Reference: https://www.virustotal.com/gui/file/05d09e5db6a3a784e8ff9df97e38e7a0c73d016d6dcaf74e106647a9cdaf2bd4/detection # Reference: https://www.virustotal.com/gui/file/cfc1d6a38eb7c6bd6a32ce2ebb07413e897a378198e70ba1882eb810182261bd/detection http://139.162.43.28 http://2.59.254.30 http://91.92.250.29 xkobeimparatu.net dragosteftp.xkobeimparatu.net dragosteproxy.xkobeimparatu.net split.xkobeimparatu.net xkobeproxy.xkobeimparatu.net /.mini/.hellenergy /mini/hellenergy /.dragosteftp /dragosteftp /.dragosteproxy /dragosteproxy /.hellenergy /hellenergy # Reference: https://www.cadosecurity.com/containerised-clicks-malicious-use-of-9hits-on-vulnerable-docker-hosts/ /v1.43/containers/create?name=faucet /v1.43/images/create?fromImage=9hitste%2Fapp /v1.43/images/create?fromImage=minerboy%2FXMRig # Reference: https://twitter.com/TheDFIRReport/status/1749494909910807020 # Reference: https://www.virustotal.com/gui/file/0d748f9a76c8b7fdba515ca0ad062a8a2d629cb1e3822182593c8df5113daf1a/detection 23.94.214.119:55535 23.94.214.119:8010 # Reference: https://www.virustotal.com/gui/file/2dd720d7cf395b32456fb2ed6b376321c6b29bdcd1bf349a7455414e9d564a3e/detection 154.9.28.112:8081 # Reference: https://twitter.com/Jane_0sint/status/1757309497482035244 # Reference: https://app.any.run/tasks/df53f74e-98c3-4123-82c4-ecd95a8dbd5e/ # Reference: https://www.virustotal.com/gui/file/0046342a57cfdc865eacd99b3fa62d4f6365ddc3392677b730f96eadb0a497e6/detection 45.95.147.236:43782 # Reference: https://twitter.com/cyber_ra1/status/1763209823590797701 18.208.164.74:17070 # Reference: https://twitter.com/banthisguy9349/status/1764374398515949824 http://93.123.85.129 # Reference: https://twitter.com/banthisguy9349/status/1764380866317279422 http://94.156.64.143 # Reference: https://www.virustotal.com/gui/file/43acd4f8911fe96ebf1fec468da32582da52552240a71e767713dbed0f7def49/detection http://94.156.64.195 /.x/muciacio3 # Reference: https://twitter.com/banthisguy9349/status/1764640298473243035 # Reference: https://www.virustotal.com/gui/file/c1b30f420b79d04310b798d545acbb93fc7c15ba34982ddf73e80a76e124b940/detection http://91.92.241.219 91.92.241.219:3333 91.92.241.219:8181 # Reference: https://www.virustotal.com/gui/ip-address/5.253.37.37/relations http://5.253.37.37 /jtminer-0.4-SNAPSHOT-jar-with-dependencies.jar /jtminer-0.4.1-SNAPSHOT-jar-with-dependencies.jar # Reference: https://twitter.com/banthisguy9349/status/1767111553189298359 http://94.156.68.141 # Reference: https://twitter.com/naumovax/status/1776240946167824545 # Reference: https://www.virustotal.com/gui/file/78f6886ce0c49121a1f487bea1d75644ee389842bb45d3f230236bb99f77471e/detection 166.88.209.25:110 # Reference: https://twitter.com/sicehice/status/1780256008549650898 /asfffffffffffa /31ciberke # Reference: https://twitter.com/sicehice/status/1781146516905677069 # Reference: https://twitter.com/sicehice/status/1781146695775986022 116.213.40.102:9999 206.238.221.2:19490 # Reference: https://x.com/banthisguy9349/status/1792641338560622609 # Reference: https://www.virustotal.com/gui/file/28fed3dd2368f26c3734663ad17c52a510666ae0596a76330f20f16eec3d08b5/detection http://46.17.44.199 y.shavsl.com z.shavsl.com # Reference: https://x.com/cyber_ra1/status/1795725302670479825 158.255.215.239:5271 194.68.225.71:5271 194.68.225.95:5271 mpool.live eu.mpool.live # Reference: https://www.virustotal.com/gui/file/ed8fe6eb98c8a487c631dee11ddbe11c322e446666280f7b97844d259fdb10f5/detection # Reference: https://www.virustotal.com/gui/file/2c602147c727621c5e98525466b8ea78832abe2c3de10f0b33ce9a4adea205eb/detection http://185.172.128.93 # Reference: https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/ # Reference: https://otx.alienvault.com/pulse/65aa779d249935925e76fe93 # Reference: https://github.com/volexity/threat-intel/blob/main/2024/2024-01-18%20Ivanti%20Connect%20Secure%20pt3/indicators/iocs.csv 192.252.183.116:8089 # Reference: https://x.com/lontze7/status/1810186603848962288 http://52.74.88.50 # Reference: https://www.virustotal.com/gui/file/b9221d0e63da518f15d96085697ecc203084a9509f4fc8775bb2e1ab7ae01831/detection 38.207.173.58:5452 # Reference: https://x.com/malwrhunterteam/status/1818245100251615266 # Reference: https://www.virustotal.com/gui/file/3bb3dbb608780e8d14193100dd7fcbcd8a68cb43fe2ad705c990fe8015f2a99a/detection http://192.210.206.76 # Reference: https://x.com/malwrhunterteam/status/1819727322657742977 # Reference: https://www.virustotal.com/gui/ip-address/192.3.60.13/relations # Reference: https://www.virustotal.com/gui/file/c69418a4328b7c5cf95ac49bb40a8c7e6b5795a2b84d018f2f6f5d599d6a02c5/detection # Reference: https://www.virustotal.com/gui/file/7fb470f2402e0e0863c9248763e8c1a37f39028855229572b0439f8540849ea9/detection # Reference: https://www.virustotal.com/gui/file/79da44233426c1b9e7549c94a838de89a4d69f15938889936b5083cee6b66144/detection aptssl.com yumssl.com # Reference: https://www.virustotal.com/gui/file/42e81138cc11ac1d325cff7b4fefea2f032dcd195f2fdf57618092c9303fefbc/detection 107.189.5.210:61438 # Reference: https://www.virustotal.com/gui/file/046e040c848b29abcc326b613da242b478c5085090bb89c2cf07485e6a4877be/detection # Reference: https://www.virustotal.com/gui/file/b74059f94eb1f7be688d7c5c93b9a0b3f8c6f25335cb2dfd491e88775bde3d73/detection 107.175.77.206:3399 discipline-pad-driver-cheaper.trycloudflare.com # Reference: https://www.virustotal.com/gui/file/06059ec518d1ff1cb8dbda3f5491e68c02095feb6de5cc469bc54a35702746a2/detection 91.92.241.134:3693 pay-framework-trials-shadow.trycloudflare.com # Reference: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401 # Reference: https://otx.alienvault.com/pulse/66e0b0caffa8120f0871c74b # Reference: https://www.virustotal.com/gui/file/47e52ff8d26f6c796789ae2d641c183885b16b1f15ebb3b50806e20ccd5ed701/detection # Reference: https://www.virustotal.com/gui/file/ca96479473879deabf7182976c75a7fdb9b3731a7c52083946def1e32315bc01/detection # Reference: https://www.virustotal.com/gui/file/776fed3e2c6b4d4f3ec908ffc6d41c252dd55ecc936fcf912620370d236c7c30/detection # Reference: https://www.virustotal.com/gui/file/7d052cffcf97b303d11c5d35fa9bc860155601cdea21e38447401571b35d2db1/detection # Reference: https://www.virustotal.com/gui/file/c81d4770e812ddc883ead8ff41fd2e5a7d5bc8056521219ccf8784219d1bd819/detection # Reference: https://www.virustotal.com/gui/file/e23b9cae980fa0271cd0a2301f3d4cb67b55c689fd9e1f499b875f61487fcdce/detection http://112.133.194.254 http://95.85.93.196 103.99.178.90:81 185.183.84.197:81 185.238.250.137:81 38.180.188.158:3333 45.138.209.46:81 95.85.93.196:4443 96.43.101.213:3333 9527527.xyz asdfghjk.youdontcare.com gsdasdfadfs.9527527.xyz sdfasdfsf.9527527.xyz oss.17ww.vip ec2-13-250-11-113.ap-southeast-1.compute.amazonaws.com ec2-54-191-168-81.us-west-2.compute.amazonaws.com /asdfakjg.sh # Reference: https://x.com/banthisguy9349/status/1838307510769360966 http://66.70.242.174 # Reference: https://x.com/Ap0phis133/status/1838377287474958717 # Reference: https://www.virustotal.com/gui/file/167f071ee0381a998e50b95914b95bc66fe72173791a0c7003ffd439daeff808/detection http://121.40.85.244 # Reference: https://x.com/sicehice/status/1838649318892540082 4thepool.lol download.4thepool.lol # Reference: https://urlhaus.abuse.ch/host/154.216.19.227/ http://154.216.19.227 # Reference: https://x.com/redrabytes/status/1851565777175863788 154.213.192.3:666 auroraaarcportal.cfd mta.auroraaarcportal.cfd # Reference: https://x.com/SecureSh3ll/status/1860779796763955547 # Reference: https://www.virustotal.com/gui/file/bfb06e80c738fba92af89351a9b7fc600ea0f2451d9af5cf08095ddc3c810592/detection # Reference: https://www.virustotal.com/gui/file/b7507d7f4206878342e94a512ef06d552b7ce057c4cfa4af0095a2faaa5836d4/detection # Reference: https://www.virustotal.com/gui/file/968ecb29b2ebce44f843b48fb98a8622caa4a01ef93e61011970ab8081dc1ca5/detection http://80.76.51.5 87.120.116.35:1337 87.120.116.35:1418 87.120.116.35:42 digitaldatainsights.org digital.digitaldatainsights.org /.x/black3 # Reference: https://www.virustotal.com/gui/file/6db7881a0c06d024573974d1314fa05803af8f81a2d9be6d2330b089cb5da84b/detection 107.172.43.186:3939 # Reference: https://www.virustotal.com/gui/file/cb687db5c46de18ab3804b44e5a8af6ecb8c33e6355c6e60a187450750d4b3df/detection http://45.83.122.25 # Reference: https://x.com/redrabytes/status/1888639800057405576/history http://77.75.230.87 101.126.134.3:1919 101.126.142.20:1919 101.126.71.151:1919 101.36.109.45:1919 101.58.55.11:1919 101.58.58.98:1919 101.91.181.235:1919 102.211.152.45:1919 103.102.216.138:1919 103.104.169.53:1919 103.117.57.70:1919 103.124.101.54:1919 103.145.145.76:1919 103.145.145.78:1919 103.145.145.79:1919 103.149.114.17:1919 103.164.9.212:1919 103.169.87.86:1919 103.170.123.42:1919 103.174.9.66:1919 103.191.63.132:1919 103.195.101.126:1919 103.205.60.32:1919 103.246.244.102:1919 103.28.53.102:1919 103.96.72.194:1919 104.131.44.239:1919 104.218.122.61:1919 104.234.184.21:1919 104.248.63.189:1919 106.58.211.121:1919 107.172.239.49:1919 107.22.100.179:1919 108.181.105.209:1919 109.199.108.133:1919 109.206.241.199:1919 110.45.159.141:1919 111.17.175.221:1919 111.53.150.170:1919 111.67.202.63:1919 112.99.46.42:1919 113.125.26.208:1919 114.96.84.122:1919 115.144.170.82:1919 116.142.242.168:1919 116.181.16.239:1919 117.157.246.56:1919 117.157.246.57:1919 119.167.167.91:1919 119.84.66.98:1919 120.133.79.69:1919 120.133.83.146:1919 120.236.244.219:1919 121.14.195.11:1919 121.166.241.35:1919 121.41.95.224:1919 125.124.106.113:1919 125.124.215.61:1919 125.124.83.191:1919 125.72.54.172:1919 125.87.80.11:1919 125.87.80.161:1919 125.87.80.166:1919 125.87.80.180:1919 125.87.80.191:1919 125.87.80.206:1919 125.87.80.216:1919 125.87.80.240:1919 125.87.80.46:1919 125.87.80.74:1919 125.87.80.97:1919 125.87.81.102:1919 125.87.81.104:1919 125.87.81.123:1919 125.87.81.193:1919 125.87.81.22:1919 125.87.81.83:1919 125.87.82.0:1919 125.87.82.112:1919 125.87.82.121:1919 125.87.82.146:1919 125.87.82.156:1919 125.87.82.177:1919 125.87.82.178:1919 125.87.82.206:1919 125.87.82.214:1919 125.87.82.244:1919 125.87.82.255:1919 125.87.82.38:1919 125.87.82.75:1919 125.87.82.94:1919 125.87.83.10:1919 125.87.83.138:1919 125.87.83.146:1919 125.87.83.152:1919 125.87.83.192:1919 125.87.83.209:1919 125.87.83.211:1919 125.87.83.245:1919 125.87.83.249:1919 125.87.83.84:1919 125.87.83.85:1919 125.87.83.92:1919 125.87.83.99:1919 125.87.84.110:1919 125.87.84.113:1919 125.87.84.115:1919 125.87.84.12:1919 125.87.84.132:1919 125.87.84.134:1919 125.87.84.147:1919 125.87.84.18:1919 125.87.84.196:1919 125.87.84.78:1919 125.87.84.93:1919 125.87.84.9:1919 125.87.85.100:1919 125.87.85.11:1919 125.87.85.157:1919 125.87.85.15:1919 125.87.85.178:1919 125.87.85.219:1919 125.87.85.221:1919 125.87.85.229:1919 125.87.85.237:1919 125.87.85.250:1919 125.87.85.47:1919 125.87.85.82:1919 125.87.85.85:1919 125.87.86.117:1919 125.87.86.151:1919 125.87.86.167:1919 125.87.86.197:1919 125.87.86.249:1919 125.87.86.24:1919 125.87.86.255:1919 125.87.86.6:1919 125.87.87.116:1919 125.87.87.188:1919 125.87.87.244:1919 125.87.87.49:1919 125.87.87.61:1919 125.87.88.118:1919 125.87.88.147:1919 125.87.88.18:1919 125.87.88.208:1919 125.87.88.224:1919 125.87.88.229:1919 125.87.88.40:1919 125.87.88.74:1919 125.87.89.115:1919 125.87.89.241:1919 125.87.89.252:1919 125.87.89.27:1919 125.87.89.52:1919 125.87.89.89:1919 125.87.90.125:1919 125.87.90.135:1919 125.87.90.139:1919 125.87.90.148:1919 125.87.90.186:1919 125.87.90.205:1919 125.87.90.207:1919 125.87.90.224:1919 125.87.90.22:1919 125.87.90.239:1919 125.87.90.34:1919 125.87.90.38:1919 125.87.90.43:1919 125.87.90.57:1919 125.87.90.86:1919 125.87.90.94:1919 125.87.91.133:1919 125.87.91.134:1919 125.87.91.212:1919 125.87.91.251:1919 125.87.91.33:1919 125.87.91.88:1919 125.87.91.89:1919 125.87.91.92:1919 125.87.92.0:1919 125.87.92.104:1919 125.87.92.213:1919 125.87.92.223:1919 125.87.92.45:1919 125.87.92.64:1919 125.87.92.65:1919 125.87.92.86:1919 125.87.93.10:1919 125.87.93.182:1919 125.87.93.24:1919 125.87.93.32:1919 125.87.93.46:1919 125.87.93.91:1919 125.87.94.137:1919 125.87.94.139:1919 125.87.94.194:1919 125.87.94.225:1919 125.87.94.250:1919 125.87.94.254:1919 125.87.94.92:1919 125.87.95.169:1919 125.87.95.170:1919 125.87.95.188:1919 125.87.95.193:1919 125.87.95.23:1919 125.87.95.4:1919 125.87.95.60:1919 125.88.247.98:1919 129.226.12.158:1919 13.230.183.198:1919 131.153.231.56:1919 134.209.188.18:1919 138.124.19.102:1919 138.2.137.24:1919 138.2.159.100:1919 138.68.170.5:1919 139.159.102.236:1919 139.196.170.249:1919 139.224.186.12:1919 139.9.230.16:1919 141.11.25.156:1919 143.244.139.236:1919 144.22.254.125:1919 146.19.170.47:1919 147.185.246.189:1919 147.45.48.138:1919 147.93.0.108:1919 148.72.168.29:1919 15.207.116.86:1919 150.241.107.235:1919 151.115.121.150:1919 154.12.234.31:1919 154.212.139.79:1919 154.44.12.171:1919 154.86.156.69:1919 154.90.51.86:1919 156.238.99.111:1919 156.238.99.143:1919 156.238.99.168:1919 156.238.99.184:1919 156.238.99.209:1919 157.119.41.239:1919 157.180.19.155:1919 157.245.137.163:1919 157.255.137.26:1919 158.51.96.38:1919 159.203.108.2:1919 159.223.62.175:1919 16.171.153.13:1919 160.250.133.192:1919 162.248.103.24:1919 163.172.34.113:1919 164.138.14.208:1919 168.119.181.147:1919 170.238.45.73:1919 171.244.199.72:1919 173.231.184.125:1919 173.231.184.126:1919 176.65.138.133:1919 177.116.236.80:1919 177.116.254.173:1919 178.128.23.116:1919 18.208.188.215:1919 180.173.75.75:1919 180.188.226.115:1919 181.214.99.34:1919 182.151.13.134:1919 182.184.65.70:1919 182.44.20.242:1919 182.45.198.246:1919 182.49.250.150:1919 185.169.253.157:1919 185.181.210.57:1919 185.193.157.99:1919 185.213.173.44:1919 185.233.36.111:1919 185.241.40.134:1919 186.195.55.8:1919 186.224.204.142:1919 187.141.210.92:1919 188.121.102.132:1919 188.245.252.43:1919 188.245.254.196:1919 188.253.26.236:1919 189.15.97.211:1919 190.131.237.100:1919 190.89.44.242:1919 191.96.31.46:1919 193.151.154.16:1919 193.233.18.126:1919 195.88.87.235:1919 196.64.126.218:1919 196.75.186.43:1919 198.46.173.153:1919 2.33.239.68:1919 200.156.29.17:1919 200.90.0.21:1919 202.10.42.152:1919 202.30.7.190:1919 209.141.57.99:1919 209.145.50.53:1919 211.140.107.227:1919 211.154.16.218:1919 211.154.194.22:1919 211.158.170.249:1919 211.158.34.32:1919 211.158.36.217:1919 212.113.112.44:1919 212.132.93.112:1919 212.87.223.78:1919 213.176.65.122:1919 213.21.237.0:1919 217.128.159.25:1919 220.181.126.65:1919 221.179.57.254:1919 222.186.141.224:1919 223.197.34.158:1919 223.221.180.155:1919 223.240.79.237:1919 223.242.69.168:1919 23.157.88.103:1919 23.164.57.25:1919 23.182.128.13:1919 23.94.194.210:1919 27.124.21.86:1919 27.155.98.147:1919 3.101.37.217:1919 3.136.22.250:1919 3.86.31.127:1919 34.101.223.138:1919 35.180.32.44:1919 35.229.240.71:1919 35.247.243.10:1919 35.77.83.86:1919 35.78.175.49:1919 36.129.53.172:1919 36.137.164.43:1919 36.213.200.69:1919 36.26.70.16:1919 36.41.172.79:1919 38.11.90.140:1919 38.188.201.230:1919 39.109.123.178:1919 4.4.66.82:1919 42.123.127.90:1919 42.249.232.114:1919 42.81.205.82:1919 43.138.215.41:1919 43.207.171.4:1919 43.207.55.236:1919 43.207.79.87:1919 43.239.110.69:1919 43.247.68.87:1919 45.147.76.155:1919 45.159.211.228:1919 45.251.115.48:1919 45.33.13.164:1919 45.95.146.8:1919 45.95.147.221:1919 46.101.222.148:1919 46.8.231.45:1919 47.129.59.152:1919 47.130.74.231:1919 47.236.124.71:1919 47.76.222.178:1919 47.94.158.98:1919 5.161.179.99:1919 5.187.83.197:1919 5.34.206.189:1919 50.7.40.60:1919 50.7.40.84:1919 50.7.40.91:1919 52.65.160.199:1919 52.79.239.243:1919 54.159.112.99:1919 54.161.201.231:1919 54.87.30.253:1919 54.95.31.114:1919 57.128.174.73:1919 57.129.62.235:1919 58.215.30.149:1919 58.49.140.148:1919 60.121.162.164:1919 60.16.8.124:1919 60.190.165.70:1919 61.74.135.124:1919 62.164.210.220:1919 62.210.114.90:1919 63.176.110.249:1919 64.225.76.134:1919 67.159.17.16:1919 68.183.93.206:1919 69.87.207.133:1919 74.80.40.80:1919 77.105.167.102:1919 77.111.100.105:1919 77.237.237.59:1919 77.74.83.196:1919 77.90.5.96:1919 78.110.160.172:1919 78.153.149.215:1919 79.120.74.12:1919 8.219.9.18:1919 8.245.24.52:1919 80.251.210.95:1919 81.177.160.230:1919 81.94.150.53:1919 82.66.244.27:1919 84.21.173.166:1919 84.21.173.52:1919 84.21.173.97:1919 85.234.100.140:1919 86.104.220.73:1919 87.120.165.242:1919 87.120.165.245:1919 87.120.165.246:1919 87.120.165.56:1919 87.121.98.207:1919 88.151.34.37:1919 88.80.135.247:1919 89.169.145.237:1919 89.19.222.49:1919 89.19.222.66:1919 89.39.70.206:1919 91.107.250.155:1919 91.132.132.200:1919 91.214.112.17:1919 91.254.182.174:1919 91.92.120.31:1919 93.123.82.249:1919 94.159.102.167:1919 99.71.75.215:1919 # Reference: https://x.com/redrabytes/status/1889297505772335535 87.120.113.231:23232 moneroed.net # Reference: https://www.virustotal.com/gui/file/af508a2d4957cc29eb75519ea027bce5ed412f0b8bda9193dd3b4673eae7df28/detection http://104.245.240.20 /.puscarie/.report_system # Reference: https://www.elastic.co/security-labs/outlaw-linux-malware 104.194.151.101:22 104.237.145.240:22 104.254.92.82:22 109.172.88.16:22 134.209.42.7:22 135.181.139.72:22 137.110.133.146:22 138.197.212.204:22 138.201.127.36:22 138.68.140.83:22 146.190.154.178:22 149.202.87.176:22 150.128.97.41:22 151.80.60.214:22 152.32.202.213:22 157.230.127.232:22 157.245.129.95:22 159.203.59.241:22 159.223.105.130:22 161.35.180.46:22 161.35.198.197:22 161.35.212.32:22 161.35.212.49:22 161.35.231.77:22 161.35.72.143:22 161.97.155.235:22 162.62.119.8:22 167.172.213.233:22 171.22.31.23:22 178.128.19.209:22 179.43.139.83:22 179.43.139.84:22 179.43.139.85:22 179.43.139.86:22 179.43.180.82:22 179.43.180.83:22 185.140.12.250:22 185.165.169.188:22 185.196.8.139:22 185.196.9.59:22 185.217.131.229:22 185.247.224.154:22 185.31.200.33:22 188.165.194.59:22 188.68.222.164:22 192.227.87.87:22 193.86.16.40:22 194.195.87.185:22 195.3.223.76:22 198.199.109.204:22 207.244.252.98:22 208.109.214.175:22 208.109.39.41:22 212.234.225.29:22 212.83.142.161:22 213.165.82.144:22 213.199.46.247:22 216.70.68.24:22 217.160.20.207:22 23.95.88.161:22 23.97.216.213:22 37.139.10.109:22 37.252.7.2:22 37.27.199.65:22 38.153.121.114:22 45.136.17.53:22 45.175.75.254:22 46.101.121.35:22 5.180.174.50:22 5.189.140.128:22 5.196.88.152:22 5.75.193.141:22 51.161.82.138:22 51.222.157.209:22 51.77.42.80:22 51.79.68.96:22 62.169.20.214:22 67.205.134.224:22 68.183.221.93:22 69.176.201.30:22 80.79.125.90:22 85.190.254.87:22 87.106.232.3:22 91.107.150.117:22 # Reference: https://www.elastic.co/security-labs/betting-on-bots # Reference: https://www.virustotal.com/gui/file/c43f400b5dd971a93ffac590b016660be7a139bdd17e8a7eaa1ba077e0316d36/detection # Reference: https://www.virustotal.com/gui/file/ed0f5bcfbca985865be45278a346313ef738f19837da0357360225875436fafd/detection 34.162.20.94:8080 35.184.163.38:8080 pagaelrescate.com gcp.pagaelrescate.com /t9r/SystemdXC /SystemdXC # Reference: https://x.com/TrendMicroRSRCH/status/1939564559242510700 # Reference: https://www.trendmicro.com/en_us/research/25/f/tor-enabled-docker-exploit.html # Reference: https://www.virustotal.com/gui/file/1bb95a02f1c12c142e4e34014412608668c56502f28520c07cad979fa8ea6455/detection 198.199.72.27:2375 198.199.72.27:8000 2hdv5kven4m422wx4dmqabotumkeisrstzkzaotvuhwx3aebdig573qd.onion wtxqf54djhp5pskv2lfyduub5ievxbyvlzjgjopk6hxge5umombr63ad.onion # Reference: https://x.com/BlinkzSec/status/1954200067339882732 # Reference: https://urlhaus.abuse.ch/host/162.248.53.119/ # Reference: https://www.virustotal.com/gui/file/01766ca71e09d5a4a24de3d683887f5d9a68b232e668db514dd5ea0acd84f028/detection 162.248.53.119:8000 # Reference: https://x.com/_JohnHammond/status/1996997129743536390 # Reference: https://www.virustotal.com/gui/file/0f0f9c339fcc267ec3d560c7168c56f607232cbeb158cb02a0818720a54e72ce/detection # Reference: https://www.virustotal.com/gui/file/0d2304898a39b105269034ef4aaf927fca008218facc90508f3e637d63899f91/detection # Reference: https://www.virustotal.com/gui/file/3f79603a160c00528946f4a0eb496b4ad9721e635bb925857b1b439dcf36d71d/detection # Reference: https://www.virustotal.com/gui/file/f8f275cd13f29c5b154efcb1a92cd2688164eb947f89fe311f530f56e151ef4f/detection http://193.34.213.150 http://45.76.155.14 45.76.155.14:443 qtss.cc api.qtss.cc # Reference: https://x.com/smica83/status/1998002729885581437 # Reference: https://www.virustotal.com/gui/file/01fde5d4d9dd4d6eea551162a9e9a22941c29ee1faf7dfeeb5e7f4958f85a167/detection 5.161.255.228:8081 # Reference: https://x.com/blackorbird/status/1998235681500651898 # Reference: https://mp.weixin.qq.com/s/a0uB8-dr25TSdeIb2Towrw # Reference: https://bi-zone.medium.com/adversaries-exploit-cve-2025-55182-to-attack-russian-companies-1b4e98ca5804 # Reference: https://www.virustotal.com/gui/ip-address/154.89.152.244/detection # Reference: https://www.virustotal.com/gui/file/b67221d6057a2a08bd19cdebf22e6d5557a8794463413e6fc128c7ec15a41415/detection 106.15.124.100:6666 128.199.194.97:9001 154.89.152.151:9200 154.89.152.168:9200 154.89.152.170:9200 154.89.152.247:9200 171.252.32.135:7700 38.246.244.223:12233 65.49.236.227:6666 66.154.106.246:50317 66.154.106.246:8088 8.155.144.158:8892 chatgptaiweb.top checkstauts.site clearskyspark.top deepcloudspark.top digitaloceana.top githubabout.top greenhillmatrix.top silentmountcode.top youyutebuae.xyz dashboard.checkstauts.site # Reference: https://x.com/malwrhunterteam/status/1998144124902580592 # Reference: https://www.virustotal.com/gui/file/abcfac672ce387984197f68bb8d99c5963ca15763034ec7d37e82ff8275f58d0/detection http://185.164.163.34 185.164.163.34:8181 91.108.243.251:9999 /.rupemnasa/.config3.json /.rupemnasa/.system3d /.rupemnasa/ /fakewhiteblack.sh # Reference: https://tlpblack.net/blog/20251209-the-anatomy-of-a-react2shell-compromise # Reference: https://www.virustotal.com/gui/file/5bae25736a09de5f4a0f9761d2b7bfa81ca8dba39de2a724473c9d021a65daa9/detection # Reference: https://www.virustotal.com/gui/file/69f2789a539fc2867570f3bbb71102373a94c7153239599478af84b9c81f2a03/detection 192.9.245.121:3000 39.97.229.220:8006 43.247.134.215:8998 46.36.37.85:12000 # Reference: https://x.com/malwrhunterteam/status/2003053690899628421 # Reference: https://www.virustotal.com/gui/file/068476276613bd967303b1fb4177d013933f1ea2f16c5903ad6463a5a9ec48cf/detection 45.156.87.92:1337 # Reference: https://socket.dev/blog/pypi-package-impersonates-sympy-to-deliver-cryptomining-malware http://185.167.99.46 http://63.250.56.54 185.167.99.46:3333 63.250.56.54:3333 # Reference: https://bi-zone.medium.com/adversaries-exploit-cve-2025-55182-to-attack-russian-companies-1b4e98ca5804 http://109.238.92.111 sitiolibre.com/wp/wp-content/plugins/gassembly/js/love0 /wp-content/plugins/gassembly/js/love0 # Reference: https://www.virustotal.com/gui/file/ee32c7c0b480bbd90e51f4d44d5e53cea5b149defbcd2aa9e306716d418503d4/detection 88.156.30.96:20736 88.156.30.96:2137 cdn.novoline.top pool.novoline.top vnc.novoline.top # Generic link path signs for ELF-coinminer /accounts-daemon /askdljlqw /AnXqV.yam /bashf /bashg /BI5zj /bonns /conns /cpuminer-sse2 /cranberry /cryptonight /crypto-pool /donns /gekoCrw /gekoCrw32 /gekoba2anc1 /gekoba5xnc1 /gekobalanc1 /gekobalance /gekobalanq1 /gekobnc1 /ihhnk /install_c3pool_miner.sh /ir29xc1 /jaav /jIuc2ggfCAvYmluL2Jhc2gi /JnKihGjn /jva /KGlJwfWDbCPnvwEJupeivI1FXsSptuyh /kworker /kworker34 /kxjd /lexarbalanc1 /ltcminerd /miner.sh /minerd /minergate /minergate-cli /minerd /mixnerdx /minerd64_s /minexmr /nativesvc /NXLAi /oanacroner /pvv /rig1 /rig2 /servcesa /stratum /sourplum /t0mcat /thisxxs /uninstall_c3pool_miner.sh /watch-smart /watch-smartd /xig /xige /XJnRj /xmr-stak-rx-linux-1.0.5-cpu.tar.xz /xmr-stak-rx-linux-1.0.5-cpu/ /xmrig.service /xmrig /xmrig1 /xmrig2 /xmrig_s /xmrig_darwin /xmrig_linux2 /xmrig_win32 /xmrig-6.19.2-linux-static-x64.tar.gz /xmrig-6.21.3-msvc-win64.zip /xmrigARM /xmrig.x86_64 /xmrig.32 /xmrig.64 /xmrig.arc /xmrig.arcle-hs38 /xmrig.arm /xmrig.arm4 /xmrig.arm4l /xmrig.arm4t /xmrig.arm4tl /xmrig.arm4tll /xmrig.arm5 /xmrig.arm5l /xmrig.arm5n /xmrig.arm6 /xmrig.arm64 /xmrig.arm6l /xmrig.arm7 /xmrig.arm7l /xmrig.arm8 /xmrig.armv4 /xmrig.armv4l /xmrig.armv5l /xmrig.armv6 /xmrig.armv61 /xmrig.armv6l /xmrig.armv7l /xmrig.dbg /xmrig.exploit /xmrig.i4 /xmrig.i486 /xmrig.i586 /xmrig.i6 /xmrig.i686 /xmrig.kill /xmrig.m68 /xmrig.m68k /xmrig.mips /xmrig.mips64 /xmrig.mipseb /xmrig.mipsel /xmrig.mpsl /xmrig.pcc /xmrig.powerpc /xmrig.powerpc-440fp /xmrig.powerppc /xmrig.pp-c /xmrig.ppc /xmrig.ppc2 /xmrig.ppc440 /xmrig.ppc440fp /xmrig.root /xmrig.root32 /xmrig.sh /xmrig.sh4 /xmrig.sparc /xmrig.spc /xmrig.ssh4 /xmrig.x32 /xmrig.x32_64 /xmrig.x64 /xmrig.x86_32 /xmrig-6.16.4-linux-x64.tar.gz /xmrig-6.20.0-linux-static-x64.tar.gz /xmrig-6.21.2-linux-static-x64.tar.gz /xmrig-6.16.4/ /xmrig-6.20.0/ /xmrig-6.21.2/ /yam /yam32 /ysaydh /zbjnu