# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://www.virustotal.com/en/file/0687cd8d38c334a970b81b1ba9bb2e18aa66424edba3f33b61f7d03e35d5db20/analysis/ # Reference: https://isc.sans.edu/forums/diary/Crypto+Mining+Is+More+Popular+Than+Ever/24050 # Reference: https://www.alibabacloud.com/blog/jbossminer-mining-malware-analysis_593804 # Reference: https://blog.talosintelligence.com/2018/08/rocke-champion-of-monero-miners.html # Reference: https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-evade-detection-by-cloud-security-products/ 3g2upl4pq6kufc4m.tk a.ssvs.space aybc.so blockbitcoin.com d3goboxon32grk2l.tk d20blzxlz9ydha.cloudfront.net dazqc4f140wtl.cloudfront.net dwn.rundll32.ml enjoytopic.tk realtimenews.tk sydwzl.cn # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/linux-coin-miner-copied-scripts-from-korkerds-removes-all-other-malware-and-miners/ drnfbu.xyz yxarsh.shop # Reference: https://www.anomali.com/blog/rocke-evolves-its-arsenal-with-a-new-malware-family-written-in-golang # Reference: https://otx.alienvault.com/pulse/5c8bff7c52e568275bf09e0b sowcar.com w2wz.com # Generic link path signs for sh-loaders of ELF-coinminer /bonn.sh /conn.sh /Duck.sh /kw.sh /lower.sh /lowerv2.sh /lowerv3.sh /pro.sh /r88.sh /root.sh /rootv2.sh /rootv3.sh # Reference: https://twitter.com/bad_packets/status/1106094104520253441 # Reference: https://www.virustotal.com/#/file/5c1439c0db107cb5f3a9b9c239652b26935a2badaf1d840812702267290ebcac/detection /a_thk.sh # Reference: https://twitter.com/SugitaMuchi/status/1075352914221121537 103.55.13.68:13333 # Reference: https://twitter.com/bad_packets/status/1123473023313616896 45.67.14.152:1337 # Reference: https://twitter.com/liuya0904/status/1135901420958281729 # Reference: https://pastebin.com/5Ee4Xevs 220.194.237.43:43768 w.21-3n.xyz w.3ei.xyz w.lazer-n.com # Reference: https://otx.alienvault.com/pulse/5d0773672ba7e7853c4ad5cf 51.15.56.161:443 51.38.133.232:80 51.38.133.232:201 http://107.173.102.59 http://107.174.47.156 http://107.174.47.181 http://51.15.56.161 # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-botnet-arrives-through-adb-and-spreads-through-ssh/ 198.98.51.104:282 # Reference: https://twitter.com/KernelD0wn/status/1144379473585983493 http://112.216.100.210 # Reference: https://twitter.com/bad_packets/status/1151785688360075264 http://185.181.10.234 # Reference: https://www.alibabacloud.com/blog/return-of-watchbog-exploiting-jenkins-cve-2018-1000861_594798 # Reference: https://otx.alienvault.com/pulse/5d35958a9983df3a51f1a3b9 # Reference: https://blog.talosintelligence.com/2019/09/watchbog-patching.html # Reference: https://otx.alienvault.com/pulse/5d794c4a25c9e790d1f66f01 http://45.55.211.79 z5r6anrjbcasuikp.onion.to aziplcr72qjhzvin.onion.to # Reference: https://otx.alienvault.com/pulse/5d44442ef2bd636085171214 # Reference: https://unit42.paloaltonetworks.com/rockein-the-netflow/ # Reference: https://otx.alienvault.com/pulse/5db2e2a517e95c5c22817055 # Reference: https://www.anomali.com/blog/illicit-cryptomining-threat-actor-rocke-changes-tactics-now-more-difficult-to-detect z9ls.com gwjyhs.com heheda.tk systemten.org sowcar.com baocangwh.cn cloudappconfig.com w2wz.cn iap5u1rbety6vifaxsi9vovnc9jjay2l.com # Reference: https://twitter.com/28bit/status/1159906315642253312 http://96.32.50.131 http://188.192.40.43 /racks_s # Reference: https://habr.com/ru/company/pt/blog/466877/ (Russian) http://107.174.47.156 http://154.16.67.135 http://154.16.67.136 # Reference: https://blog.sucuri.net/2019/10/cryptominers-backdoors-found-in-fake-plugins.html xfer.abcxyz.stream # Reference: https://www.virustotal.com/gui/file/2d9fb5ea6356fba9734673ba4ed1653ff7e887875cc3bfc9da7669c80a53a93b/detection # Reference: https://twitter.com/luc4m/status/1202311106187821056 (Note: not perl ircbot) # Reference: https://yoroi.company/research/outlaw-is-back-a-new-crypto-botnet-targets-european-organizations/ # Reference: https://otx.alienvault.com/pulse/5eb984d90091572e80b24197 45.9.148.125:80 45.9.148.125:443 45.9.148.129:80 45.9.148.129:443 debian-package.center # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/outlaw-updates-kit-to-kill-older-miner-versions-targets-more-systems/ # Reference: https://otx.alienvault.com/pulse/5e42eb027242294dd0f82358 104.236.192.6:80 159.203.141.208:80 minpop.com/sk12pack/idents.php minpop.com/sk12pack/names.php # Reference: https://unit42.paloaltonetworks.com/los-zetas-from-eleethub-botnet/ # Reference: https://otx.alienvault.com/pulse/5ec4066fef9efdf091b20025 # Reference: https://www.virustotal.com/gui/file/14c351d76c4e1866bca30d65e0538d94df19b0b3927437bda653b7a73bd36358/detection # Reference: https://www.virustotal.com/gui/file/9ae6fba4d9359a85984377dc9795de422bd9fbfa41558372ba8be9d5b9c9aa14/detection 62.210.119.142:80 62.210.119.142:4444 eleethub.com # Reference: https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/ # Reference: https://otx.alienvault.com/pulse/5ef4b1a819214546dc8ef774 144.202.23.108:4444 155.138.227.135:442 155.138.234.122:442 66.42.53.57:442 66.42.93.164:442 5pwcq42aa42fjzel.onion 73avhutb24chfsh6.onion # Reference: https://twitter.com/IntezerLabs/status/1300757052940263425 http://195.226.222.209 34.235.65.248:443 cdn.interakt.md # Reference: https://www.trendmicro.com/en_us/research/20/i/exposed-docker-server-abused-to-drop-cryptominer-ddos-bot-.html # Reference: https://otx.alienvault.com/pulse/5f622709681c2f7c568f13f4 http://104.244.75.25 http://107.189.11.170 http://205.185.113.151 c4k.xpl.pwndns.pw # Reference: https://securelist.com/miner-xmrig/99151/ # Reference: https://otx.alienvault.com/pulse/5f91a968694f84319b78938c 2fsdfsdgvsdvzxcwwef-defender.xyz sihost.xyz srhost.xyz svchost.xyz # Reference: https://twitter.com/VessOnSecurity/status/1325090726187851777 # Reference: https://www.virustotal.com/gui/file/e2a4507f53247b0b4ca2040dd637118538fafd59cb47a186798a858fd43a7fb8/detection http://103.125.218.107 global.bitmex.com.de/b2f627fff19fda/ # Reference: https://twitter.com/IntezerLabs/status/1334147151329435650 # Reference: https://www.virustotal.com/gui/file/876881f4c658ce8525f54e0eb06bfc8721f238878c3ff3e7f8387d7f84e13150/detection hellomeyou.cyou json.hellomeyou.cyou # Reference: https://twitter.com/r3dbU7z/status/1338245237517520898 # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/exposed-redis-instances-abused-for-remote-code-execution-cryptocurrency-mining/ # Reference: https://www.virustotal.com/gui/file/ea55a206f7047f54a9e97cc3234848dfd3e49d0b5f9569b08545f1ad0e733286/detection # Reference: https://www.virustotal.com/gui/file/3c7faf7512565d86b1ec4fe2810b2006b75c3476b4a5b955f0141d9a1c237d38/detection http://178.157.91.26 http://45.137.151.106 178.157.91.26:1433 178.157.91.26:6379 178.157.91.26:6380 178.157.91.26:7001 178.157.91.26:7002 178.157.91.26:8080 178.157.91.26:8088 178.157.91.26:9200 /hrh8rjmb95n8t7t/ # Reference: https://www.virustotal.com/gui/file/969094571f6fcfd22238fe3163b7742a13402357961cda66acb3f192edd2d25b/detection tyz2020.top # Reference: https://twitter.com/r3dbU7z/status/1362716682507210755 http://47.114.157.117 # Reference: https://www.virustotal.com/gui/file/e1d7014b84618cd7fbf94439c78fe7d67f351cbc5536885fa3d94ea15325d83b/detection http://199.19.226.117 # Reference: https://twitter.com/r3dbU7z/status/1366886386985545728 http://34.107.61.31 # Reference: https://twitter.com/xuy1202/status/1371307049221382147 zzhreceive.anondns.net # Reference: https://twitter.com/r3dbU7z/status/1406295518213517320 # Reference: https://twitter.com/r3dbU7z/status/1406298605712031751 http://104.236.13.229 http://174.138.117.79 # Reference: https://blog.netlab.360.com/ten-families-of-malicious-samples-are-spreading-using-the-log4j2-vulnerability-now/ http://129.226.180.53 # Reference: https://twitter.com/BushidoToken/status/1479400276859801603 # Reference: https://cystack.net/research/the-attack-on-onus-a-real-life-case-of-the-log4shell-vulnerability # Reference: https://www.virustotal.com/gui/file/d9e6eaeaacb3feb6e32482301f918f19727466e13bc0bef5323a1c86f42a8ca2/detection http://45.147.230.219 45.147.230.219:8001 45.147.230.219:81 # Reference: https://twitter.com/t0001100000/status/1446048755577458694 # Reference: https://www.anomali.com/blog/inside-teamtnts-impressive-arsenal-a-look-into-a-teamtnt-server /chimaeraxmr.c /chimaeraxmr.h /docker.ethminer.sh /my.xmr.sh /Setup_ETH_Miner.sh /Setup_ETH_MinerService.sh /setup_c3pool_miner.sh /setup_moneroocean_miner.sh /Setup_RainBow_Miner.sh /xmrigCC/ /xmrig_setup/ # Reference: https://blog.netlab.360.com/li-yong-namesilo-parkinghe-googlede-zi-ding-yi-ye-mian-lai-chuan-bo-e-yi-ruan-jian/ # Reference: https://otx.alienvault.com/pulse/618cfe9c6d8832f3adde566b gannimachoubi.cyou hvtde6ew5.top # Reference: https://www.virustotal.com/gui/file/ce278388efbe6072bef8fea520946b5b9f4c35e694476c49747164d580e0b28d/detection 195.2.93.34:443 # Reference: https://www.trendmicro.com/en_us/research/22/e/patch-your-wso2-cve-2022-29464-exploited-to-install-linux-compatible-cobalt-strike-beacons-other-malware.html 13.94.40.162:8088 # Reference: https://twitter.com/1ZRR4H/status/1557851650433642496 198.98.59.44:8812 205.185.125.45:8080 # Reference: https://twitter.com/TekDefense/status/1577650055057739777 # Reference: https://www.virustotal.com/gui/file/447fec7fd70235bd0072f829b29dc951232f339c9566b8bd9dbf2e3bd3e41907/detection 45.141.157.113:82 # Reference: https://twitter.com/1ZRR4H/status/1579569830751252481 # Reference: https://www.virustotal.com/gui/file/d4c364b1e30174387d4650d2869765e1fb620a73724ce5f64593b50567cdc241/detection 122.181.174.44:8888 oednikufecin.cl # Reference: https://www.virustotal.com/gui/file/04ee0bbb8ba84eeac2f4af133dc8ceff6b5c9159729d937875a89762bc5b6e29/detection # Reference: https://www.virustotal.com/gui/file/1abceb0e87ed9314de31d8bf2c2a38000d6fc67be1322787913ed744cbdf54d9/detection 146.59.198.38:8080 c4k-rx0.pwndns.pw work.onlypirate.top # Reference: https://www.virustotal.com/gui/file/89c31b380ee72c4a85927c1c148f974572c228c8152e9038c1668ea933f140f8/detection # Reference: https://elfdigest.com/brief/e2c3e81aa24b20ac71147340adc1eaedf077ad00e4a2359e3db47b166cf5411a 137.184.82.101:8080 167.114.114.169:8080 su1001-2.top fbi.su1001-2.top # Reference: https://asec.ahnlab.com/ko/44885/ # Reference: https://otx.alienvault.com/pulse/63ac153614c9db1f6699fa19 # Reference: https://www.virustotal.com/gui/file/d2626acc7753a067014f9d5726f0e44ceba1063a1cd193e7004351c90875f071/detection http://167.172.103.111 http://172.104.170.240 http://172.105.211.21 hostname.help ic.hostname.help wget.hostname.help # Reference: https://twitter.com/SecureSh3ll/status/1614708088828837889 39.165.53.17:8088 # Reference: https://twitter.com/SecureSh3ll/status/1614755430651105281 http://185.216.71.148 /minerus-dark # Reference: https://twitter.com/suyog41/status/1618135008283332608 # Reference: https://www.virustotal.com/gui/file/61db2eb29b89370e3f32ac9dcf1b172c9a4a115598c4b22bfa6802804692ce25/detection http://185.106.94.146 45.142.122.11:8080 bpdeliver.ru dw.bpdeliver.ru # Reference: https://elfdigest.com/brief/d318cdb5fee75d647c784a6dcb2a5a613143caf7740087726911bab35206b666 # Reference: https://www.virustotal.com/gui/file/d318cdb5fee75d647c784a6dcb2a5a613143caf7740087726911bab35206b666/detection http://194.87.102.77 # Reference: https://mp.weixin.qq.com/s/-mZD0pPbeIgxoTUNNFBnrw # Reference: https://otx.alienvault.com/pulse/63ff9e52727a0663f1e78001 whitesnake.church load.whitesnake.church pool.whitesnake.church # Reference: https://www.virustotal.com/gui/file/b092385641c3b87f1fcfec515c29962272ac253a9cbc7d987e05740d5af597a6/detection 185.252.178.82:6972 45.10.20.100:1010 45.10.20.100:2008 # Reference: https://www.virustotal.com/gui/file/d21de0d62549c6a22a3f170b0bf0b0083d87908b1dad6f95d2e6c254f13451c2/detection 95.214.24.102:6972 # Reference: https://www.virustotal.com/gui/file/8690240b6df9e303b66d1b0622aa249e1b19db29aa80edaa6a3ba79667544d95/detection bdg0b50yfhqg7.cfc-execute.bj.baidubce.com # Reference: https://twitter.com/sicehice/status/1640135678947217408 http://47.87.236.177 # Reference: https://twitter.com/sicehice/status/1645918416660996096 45.61.137.96:8081 # Reference: https://twitter.com/SecureSh3ll/status/1719826326981403116 # Reference: https://www.akamai.com/blog/security-research/mexals-cryptojacking-malware-resurgence # Reference: https://github.com/akamai/akamai-security-research/blob/main/malware/mexals/iocs.csv # Reference: https://otx.alienvault.com/pulse/6437fd922644796c1e12055a # Reference: https://otx.alienvault.com/pulse/64906f1ae8efba6ea78b79ee # Reference: https://www.virustotal.com/gui/file/815dd34957f6c640ff6a70b16a71c5781a4618fe51d5d77a6e51526eb49cf2f5/detection # Reference: https://www.virustotal.com/gui/file/f1e03af7a7f683e4b5555dfc7660aa4fc1c6d87ee674dba2dea9a238dd38548b/detection http://139.99.123.196 http://91.92.247.224 http://95.214.27.89 212.193.30.11:2121 45.139.105.222:2121 45.88.67.94:2121 45.9.148.108:2121 95.214.27.89:1337 arhivehaceru.com dinpasiune.com nasa.arhivehaceru.com # Reference: https://twitter.com/r3dbU7z/status/1648586927266832384 178.62.44.152:9000 # Reference: https://twitter.com/abuse_ch/status/1648926739232432128 # Reference: https://twitter.com/sicehice/status/1676332839254597633 http://45.81.243.128 45.81.243.128:3333 # Reference: https://www.virustotal.com/gui/file/812133033ba969731b66c63d5468556e42048bad396ef1026b5a91dda98bc289/detection # Reference: https://www.virustotal.com/gui/file/1f66675d2102e5d4ac89a239f9022c48b3bf23fe92dadb832d84e0eac6e476d6/detection # Reference: https://elfdigest.com/brief/1f66675d2102e5d4ac89a239f9022c48b3bf23fe92dadb832d84e0eac6e476d6 107.189.6.203:62652 # Reference: https://www.virustotal.com/gui/file/8a29dfe241a86c8f1ebf8984b8f4f4f9de5f904b930a44a99d139358c733b4ec/detection 193.47.61.251:3333 # Reference: https://twitter.com/sicehice/status/1686384236155346945 http://109.206.242.251 # Reference: https://sysdig.com/blog/labrat-cryptojacking-proxyjacking-campaign/ # Reference: https://www.virustotal.com/gui/file/d329f248910dd66c4fa9c514f79d876da56ba85c4b5d756002cb13c0c4409588/detection # Reference: https://www.virustotal.com/gui/file/d329f248910dd66c4fa9c514f79d876da56ba85c4b5d756002cb13c0c4409588/detection # Reference: https://www.virustotal.com/gui/file/7162a27a795d3ae13d0b8a6df0d7aa75fbefa74f8cb086ee46fdab0368d8ea07/detection 107.173.154.7:6969 172.245.226.47:5858 192.227.165.88:4443 192.227.165.88:6666 23.94.204.157:44445 23.94.204.157:7773 desertplanets.com # Reference: https://twitter.com/sicehice/status/1694051971055976811 # Reference: https://www.virustotal.com/gui/file/4c14d9dad1342819f2e1033e7cd48ec56965bc5aa1d308b952d80fc8d8812a83/detection # Reference: https://www.virustotal.com/gui/file/a52f49b7726293d8e2d60006b44eba5fb2c23966851eaf22ce9d15267440a1e2/detection asyncfox.xyz c2.asyncfox.xyz download.asyncfox.xyz xmr-pool.asyncfox.xyz # Reference: https://twitter.com/sicehice/status/1694546485864435835 # Reference: https://www.virustotal.com/gui/file/0f881a02d257f5679f0fbf7ec4ac491cbc28ad80b01db0df8275406aa9dbb56e/detection 94.130.144.19:19029 94.130.144.19:3333 94.130.144.19:5556 94.130.144.19:8000 # Reference: https://threatfox.abuse.ch/browse/malware/elf.cpuminer/ (# 2023-10-07) http://135.125.217.87 http://165.227.239.108 http://185.225.75.242 http://45.9.148.117 # Reference: https://twitter.com/SecureSh3ll/status/1738286142569504771 # Reference: https://www.virustotal.com/gui/file/e99f367777fa43405bc3c8db59258d1713ce18e5d7a7a264e8cd0eeea0f1e787/detection # Reference: https://www.virustotal.com/gui/file/b949767cd60c8d5d5260c5a9f682462f62f04d3dddbe4d3e4c450992fcd572cc/detection # Reference: https://www.virustotal.com/gui/file/b4373ac8abdd83fd1af8b93ddd292070080a96e2130e17a97ec1eebf2a8c0bea/detection # Reference: https://www.virustotal.com/gui/file/4a5965b0eab64c56adcc2e19513f6eba72d6103e5e156f14ba2f9d7b05a4edc5/detection # Reference: https://www.virustotal.com/gui/file/49a9b59eaf650ca8f0b7e50c10140c2d6dfe328bc131347ec360e0e537fff37b/detection # Reference: https://www.virustotal.com/gui/file/66b8cba29258740ad26da0706649dc2ad90f7b29397fe6da37753f0d2ea97561/detection http://208.68.38.81 http://91.121.68.60 128.199.210.191:8080 164.90.205.244:443 91.121.68.60:81 # Reference: https://twitter.com/sicehice/status/1740862006213882116 # Reference: https://www.virustotal.com/gui/file/58837808bcc1a8337b04da4aab97414e102e9724197de674275d3a4ab7cd420c/detection # Reference: https://www.virustotal.com/gui/file/1533a6bcd1ebe0455d6e00ced421dd5dc0caa01c21c30acbffbb932929cc4ac7/detection http://45.95.147.236 45.95.147.236:2137 45.95.147.236:43782 ohuyal.xyz cnc.ohuyal.xyz dw.ohuyal.xyz xmr.ohuyal.xyz # Reference: https://twitter.com/SecureSh3ll/status/1674512017053343745 # Reference: https://twitter.com/SecureSh3ll/status/1740878747740549485 141.98.6.76:6972 91.92.240.70:6972 /xrx.gpg /xrx.tar # Reference: https://twitter.com/malwrhunterteam/status/1745578479284871267 # Reference: https://www.virustotal.com/gui/file/cee6b19d4712ffce74d4b1a35ccaf7c2b4a32ab496712095c2d2b5c125f40608/detection # Reference: https://www.virustotal.com/gui/file/fb396e959f004fbaf291ee2e141562d3d41a6795bde35b90279f84c26dc600ec/detection # Reference: https://www.virustotal.com/gui/file/e2a3a3c68caadcf6589b7b10779dedd75a6e06dc1b9a81f8427f7e3451ef42b6/detection # Reference: https://www.virustotal.com/gui/file/a20d484ca79052a9fd85e5d3d92bf0ee2ec7ca70dc2b843e9154f44b6da2efa1/detection # Reference: https://www.virustotal.com/gui/file/05d09e5db6a3a784e8ff9df97e38e7a0c73d016d6dcaf74e106647a9cdaf2bd4/detection # Reference: https://www.virustotal.com/gui/file/cfc1d6a38eb7c6bd6a32ce2ebb07413e897a378198e70ba1882eb810182261bd/detection http://139.162.43.28 http://2.59.254.30 http://91.92.250.29 xkobeimparatu.net dragosteftp.xkobeimparatu.net dragosteproxy.xkobeimparatu.net split.xkobeimparatu.net xkobeproxy.xkobeimparatu.net /.mini/.hellenergy /mini/hellenergy /.dragosteftp /dragosteftp /.dragosteproxy /dragosteproxy /.hellenergy /hellenergy # Reference: https://www.cadosecurity.com/containerised-clicks-malicious-use-of-9hits-on-vulnerable-docker-hosts/ /v1.43/containers/create?name=faucet /v1.43/images/create?fromImage=9hitste%2Fapp /v1.43/images/create?fromImage=minerboy%2FXMRig # Reference: https://twitter.com/TheDFIRReport/status/1749494909910807020 # Reference: https://www.virustotal.com/gui/file/0d748f9a76c8b7fdba515ca0ad062a8a2d629cb1e3822182593c8df5113daf1a/detection 23.94.214.119:55535 23.94.214.119:8010 # Reference: https://www.virustotal.com/gui/file/2dd720d7cf395b32456fb2ed6b376321c6b29bdcd1bf349a7455414e9d564a3e/detection 154.9.28.112:8081 # Reference: https://twitter.com/Jane_0sint/status/1757309497482035244 # Reference: https://app.any.run/tasks/df53f74e-98c3-4123-82c4-ecd95a8dbd5e/ # Reference: https://www.virustotal.com/gui/file/0046342a57cfdc865eacd99b3fa62d4f6365ddc3392677b730f96eadb0a497e6/detection 45.95.147.236:43782 # Reference: https://twitter.com/cyber_ra1/status/1763209823590797701 18.208.164.74:17070 # Reference: https://twitter.com/sicehice/status/1763739244541919656 # Reference: https://www.virustotal.com/gui/file/298edc45b70b1548df2c1293ba3938376778e34cd7b91dbd8ad939c5ef10c111/detection # Reference: https://www.virustotal.com/gui/file/f61b55a58f227a057c71d5b0d76d6288f8861278d10be8a4bee7d7ddf81b82da/detection http://185.216.70.138 # Reference: https://twitter.com/banthisguy9349/status/1764374398515949824 http://93.123.85.129 # Reference: https://twitter.com/banthisguy9349/status/1764380866317279422 http://94.156.64.143 # Reference: https://www.virustotal.com/gui/file/43acd4f8911fe96ebf1fec468da32582da52552240a71e767713dbed0f7def49/detection http://94.156.64.195 /.x/muciacio3 # Reference: https://twitter.com/banthisguy9349/status/1764640298473243035 # Reference: https://www.virustotal.com/gui/file/c1b30f420b79d04310b798d545acbb93fc7c15ba34982ddf73e80a76e124b940/detection http://91.92.241.219 91.92.241.219:3333 91.92.241.219:8181 # Reference: https://www.virustotal.com/gui/ip-address/5.253.37.37/relations http://5.253.37.37 /jtminer-0.4-SNAPSHOT-jar-with-dependencies.jar /jtminer-0.4.1-SNAPSHOT-jar-with-dependencies.jar # Reference: https://twitter.com/banthisguy9349/status/1767111553189298359 http://94.156.68.141 # Reference: https://twitter.com/naumovax/status/1776240946167824545 # Reference: https://www.virustotal.com/gui/file/78f6886ce0c49121a1f487bea1d75644ee389842bb45d3f230236bb99f77471e/detection 166.88.209.25:110 # Reference: https://twitter.com/sicehice/status/1780256008549650898 /asfffffffffffa /31ciberke # Generic link path signs for ELF-coinminer /accounts-daemon /askdljlqw /AnXqV.yam /bashf /bashg /BI5zj /bonns /conns /cranberry /cryptonight /crypto-pool /donns /gekoCrw /gekoCrw32 /gekoba2anc1 /gekoba5xnc1 /gekobalanc1 /gekobalance /gekobalanq1 /gekobnc1 /ihhnk /install_c3pool_miner.sh /ir29xc1 /jaav /jIuc2ggfCAvYmluL2Jhc2gi /JnKihGjn /jva /KGlJwfWDbCPnvwEJupeivI1FXsSptuyh /kworker /kworker34 /kxjd /lexarbalanc1 /ltcminerd /minerd /minergate /minergate-cli /minerd /mixnerdx /minerd64_s /minexmr /nativesvc /NXLAi /oanacroner /pvv /rig1 /rig2 /servcesa /stratum /sourplum /t0mcat /thisxxs /uninstall_c3pool_miner.sh /watch-smart /watch-smartd /xig /xige /XJnRj /xmrig.service /xmrig /xmrig1 /xmrig2 /xmrig_s /xmrig_darwin /xmrig_linux2 /xmrig_win32 /xmrig-6.19.2-linux-static-x64.tar.gz /xmrigARM /xmrig.x86_64 /xmrig.32 /xmrig.64 /xmrig.arc /xmrig.arcle-hs38 /xmrig.arm /xmrig.arm4 /xmrig.arm4l /xmrig.arm4t /xmrig.arm4tl /xmrig.arm4tll /xmrig.arm5 /xmrig.arm5l /xmrig.arm5n /xmrig.arm6 /xmrig.arm64 /xmrig.arm6l /xmrig.arm7 /xmrig.arm7l /xmrig.arm8 /xmrig.armv4 /xmrig.armv4l /xmrig.armv5l /xmrig.armv6 /xmrig.armv61 /xmrig.armv6l /xmrig.armv7l /xmrig.dbg /xmrig.exploit /xmrig.i4 /xmrig.i486 /xmrig.i586 /xmrig.i6 /xmrig.i686 /xmrig.kill /xmrig.m68 /xmrig.m68k /xmrig.mips /xmrig.mips64 /xmrig.mipseb /xmrig.mipsel /xmrig.mpsl /xmrig.pcc /xmrig.powerpc /xmrig.powerpc-440fp /xmrig.powerppc /xmrig.pp-c /xmrig.ppc /xmrig.ppc2 /xmrig.ppc440 /xmrig.ppc440fp /xmrig.root /xmrig.root32 /xmrig.sh /xmrig.sh4 /xmrig.sparc /xmrig.spc /xmrig.ssh4 /xmrig.x32 /xmrig.x32_64 /xmrig.x64 /xmrig.x86_32 /xmrig-6.16.4-linux-x64.tar.gz /xmrig-6.20.0-linux-static-x64.tar.gz /xmrig-6.21.2-linux-static-x64.tar.gz /xmrig-6.16.4/ /xmrig-6.20.0/ /xmrig-6.21.2/ /yam /yam32 /ysaydh /zbjnu