# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://staging.nsfocusglobal.com/wp-content/uploads/2018/10/NuggetPhantom-Analysis-Report-V4.1.pdf 154.48.241.199:15912 98.126.1.26:15912 98.126.1.27:15917 98.126.80.90:15912 98.126.80.91:15912 # Reference: https://www.virustotal.com/gui/file/942411f2fa054ec621023c6b9b4ad3b92372697da43eb38d2b661f80e19e6deb/behavior /panel/mining/CPUMiner.files # Reference: https://www.virustotal.com/gui/file/0ac003e6d8091544f7b055d7295ded55de94576729ab13925cde17eb2dd4ceab/detection coin-pool.com give-us-ltc.com # Reference: https://www.virustotal.com/gui/file/c1d66b09938e5177a9406a8935f717cba888b06bc5ff74797e32c7b793d6a935/detection give-us-btc.pw # Reference: https://www.virustotal.com/gui/domain/give-us-btc.biz/relations # Reference: https://www.virustotal.com/gui/file/8678f395fb9ae84d495c669f056f8226d9b3dca85040e65d35fa4511f1ce48b8/detection # Reference: https://www.virustotal.com/gui/file/ecb40d340aee4666b7c3c2a0d1bbbcdcd9a92c578b15ba9dcce3bdabb3d528b6/detection # Reference: https://www.virustotal.com/gui/file/e91b5ee9a6130afad7dfe64e024b8bffcaf39079b17937c78e6b262bf5fc7442/detection 162.211.228.130:3333 188.40.65.132:3333 213.239.198.109:3333 give-us-btc.biz # Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz # Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz darxk.com # Reference: https://www.virustotal.com/gui/file/405a51b74c7c4e26ae112189e5ef071d6279b5fece6e2af08985306fdd28e223/detection # Reference: https://github.com/stamparm/maltrail/pull/14162 a0153884.xsph.ru # Reference: https://www.virustotal.com/gui/file/8e205172f1b49fe661e165ed633fcedb898ad7956ad71ee08e7b6c794148e9f4/detection a0154466.xsph.ru # Reference: https://www.virustotal.com/gui/file/67cec0a185c606a2ef972ed0c95b4cfc8b8a2c2d032c55b6c2058669ea216149/detection f0160735.xsph.ru # Reference: https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/ # Reference: https://www.virustotal.com/gui/domain/update.aegis.aliyun.com/relations update.aegis.aliyun.com # Reference: https://www.virustotal.com/gui/file/9ca8870623b9a5dc238975dcde1049fa66c7dab326b16b57f2146580f667ddb5/detection 185.25.50.217:14811 # Reference: https://www.virustotal.com/gui/file/9ff4bb63bec0cf9a7870ed5d283ad35726eab6b11c82ddce9e861374566049ea/detection # Reference: https://www.virustotal.com/gui/domain/itsupport.hldns.ru/relations 151.237.185.51:3333 185.60.133.214:3333 185.65.201.27:3333 188.64.170.220:3333 213.159.212.162:3333 37.252.7.150:3333 45.138.99.4:3333 46.249.59.91:3333 80.241.222.37:3333 82.146.50.128:3333 82.146.50.49:3333 82.202.167.202:3333 91.207.61.175:3333 95.181.178.66:3333 95.181.179.25:3333 itsupport.hldns.ru # Reference: https://twitter.com/r3dbU7z/status/1358998466735833088 134.209.65.62:5001 # Reference: https://twitter.com/r3dbU7z/status/1362399595519766530 # Reference: https://www.virustotal.com/gui/file/4a7937ab8db988782c15ea79a707c454798189744efe9f7a3f7825f501345990/details # Reference: https://www.virustotal.com/gui/file/a037c15659d91a7555fbd0ec17978c26f7974ea66909c8732629c4a1ec961f14/detection 194.5.249.224:8080 209.141.35.17:8080 212.114.52.24:8080 66.70.218.40:8080 xmr.givemexyz.in # Reference: https://twitter.com/xuy1202/status/1367814695143366657 # Reference: https://twitter.com/redbad2/status/1390978401985449987 150.109.99.116:8000 miner.awayfar.top fee.oldace.xyz gw.oldace.xyz miner.oldace.xyz raylee.5166.info # Reference: https://www.virustotal.com/gui/file/13345f418c210dee561872a5e21dc53b9f5a752110aca661647ac444ac4fa2cf/detection f0490769.xsph.ru # Reference: https://www.virustotal.com/gui/file/5f7b733e73ca432dce141e3cd3b07712a13b441d1cf4c09695e5ad07e917521a/detection minertest.niex.cc # Reference: https://securelist.com/ad-blocker-with-miner-included/101105/ # Reference: https://otx.alienvault.com/pulse/604a40993962cb029d4ee31a # Reference: https://github.com/stamparm/maltrail/pull/15250 adshield.pro netshieldkit.com opendns.info transmissionbt.org # Reference: https://twitter.com/r3dbU7z/status/1370348745586540544 lingx.club # Reference: https://twitter.com/r3dbU7z/status/1370460292577173513 # Reference: https://www.virustotal.com/gui/domain/miner.kek.gay/detection miner.kek.gay # Reference: https://www.virustotal.com/gui/file/60e6449b35fd1b91b0c700fc638a710b79ec8e3772617c5d60e6fcf2f314f726/detection pool.bmnr.pw # Reference: https://blog.netlab.360.com/necro-shi-yong-tor-dong-tai-yu-ming-dga-shuang-sha-windows-linux/ cloud-miner.de ublock-referer.dev # Reference: https://twitter.com/xuy1202/status/1372021764797079556 http://45.197.95.2 # Reference: https://www.virustotal.com/gui/file/1b4a9e2b766cbfe23c42dad7d1bf0ed73b7b10e940b936cb5b69ba07f84f8de5/detection cw02993.tmweb.ru # Reference: https://twitter.com/r3dbU7z/status/1375063266129555461 45.144.225.104:9999 # Reference: https://www.virustotal.com/gui/file/69cb2e279b941d04d2e06476915b5d03e92ad900b665175b4e667677de457a81/detection 552-39-1658.krebsonsecurity.top # Reference: https://www.virustotal.com/gui/file/4031b4d52db424a876a9af14c665cd166858eae1382e223147e67e728dd99146/detection 552-39-1659.krebsonsecurity.top # Reference: https://krebsonsecurity.com/2021/03/no-i-did-not-hack-your-ms-exchange-server/ # Reference: https://otx.alienvault.com/pulse/6061ebaf97943b790e97e899 # Reference: https://www.virustotal.com/gui/file/5f7d898ade3162bfb0c8d3006c42e934ff81fab3b4ad3b51c13441fd63e438cb/detection krebsonsecurity.top brian.krebsonsecurity.top # Reference: https://twitter.com/KorbenD_Intel/status/1379537565498363906 # Reference: https://twitter.com/James_inthe_box/status/1379538678356185088 # Reference: https://www.virustotal.com/gui/file/a7c8b4c917102a5578a504f9badea75602544d765dd0dacf31420e44cc7b7d4b/detection 999.accesscam.org # Reference: https://twitter.com/xuy1202/status/1387414908199866369 bmst.pw # Reference: https://twitter.com/xuy1202/status/1394882908704284672 http://192.227.185.106 # Reference: https://twitter.com/xuy1202/status/1396059012794224643 http://195.133.40.24 service-exec.net # Reference: https://www.virustotal.com/gui/file/ceb3a7a521dc830a603037c455ff61e8849235f74db3b5a482ad5dcf0a1cdbc5/detection http://209.141.40.190 194.5.249.24:8080 # Reference: https://twitter.com/r3dbU7z/status/1400841914933518340 # Reference: https://www.virustotal.com/gui/ip-address/172.93.96.59/relations # Reference: https://www.virustotal.com/gui/file/ae891eb02906204edc9abcfaaf3031b275d0e6fad472f49ee07dc189300ce87a/detection http://172.93.96.59 172.93.96.59:42350 # Reference: https://www.virustotal.com/gui/file/758ccdc9b720e0e849f2d9452f7c9c33bcf6789343f6de919f13bcc72a8ce00a/detection # Reference: https://www.virustotal.com/gui/file/5848e6c2e0776a59d8882b9df7fcc9af144a5c8f8e04f5ff8a5ec308228a1d4d/detection 93.179.121.215:3333 betandwinornot.com red1r2.xyz # Reference: https://www.virustotal.com/gui/file/10432e31480b3e9f1e45dff5ed4b91a374b947cb4b86ce3a069ff74b7dbe9a22/detection xmrv7.sfwewtryhrerwewqretr.com xmrv7.weoqieqwuishdwuygqw.com # Reference: https://www.virustotal.com/gui/file/324438a817b0b3838d7e59ea2f2ba21e2ccf3da6a3501844915991ee9a82937a/detection swiftmining.win # Reference: https://www.virustotal.com/gui/file/3193b300523363511736fd6c6dfe49441d389acc0b654f7df72f16e42e05d0a7/detection ivansupermining.info # Reference: https://blog.group-ib.com/prometheus-tds honeyminer.live # Reference: https://twitter.com/James_inthe_box/status/1423632214172991488 # Reference: https://www.virustotal.com/gui/file/4940200e009c811c47fe102fe47b20f32cf6b1abf309759b24b6a4f79a26b708/detection 185.195.233.157:57484 185.65.135.248:58899 sanctam.net config.sanctam.net /assets/txt/resource_url.php?type=xmrig /resource_url.php?type=xmrig # Reference: https://www.virustotal.com/gui/file/270abae022a66939cc7ddc2dec35cae33a9796adb6e36114e09a7e8954254f72/detection 185.62.189.66:8000 185.62.188.59:8000 relay.100chickens.me # Reference: https://www.virustotal.com/gui/file/fa14c6a94b370a062658803d59cc516eb0e11655526e707f29c63576328f511e/detection 5.206.225.122:8000 relay.phatbois.biz # Reference: https://www.virustotal.com/gui/domain/k2ygoods.ydns.eu/relations k2ygoods.ydns.eu # Reference: https://www.virustotal.com/gui/file/04e0b91e1f39a16f5b2814d473f5d5ba5945b26d5912ef99932e9093a52c5584/detection killer5x.beget.tech # Reference: https://www.virustotal.com/gui/file/3648a38a2c01f49a1d3f536c184c110665d32bc4cf331475e219a3f07aaddede/detection # Reference: https://www.virustotal.com/gui/file/b79bc880122234796a52a80eb27446ddb6c68f5bbc86afaf947735847e6b587e/detection carraq7r.beget.tech excerptible-navigat.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/eab31e6869088065a7e82f3dcf0dbc96b80d962ce266c1be7cefa385827aa4a9/detection wuntedj2.beget.tech # Reference: https://www.virustotal.com/gui/file/4688539a79b4d7a680159419a23b3ee0802838f7f2d5598a6f61369c5ad1a50e/detection top1chqu.beget.tech # Reference: https://www.virustotal.com/gui/file/345dc95a2d9042a38497a6effa7e9125e59a0a475332a9d92124dc48062d7b03/detection koskiahg.beget.tech # Reference: https://www.virustotal.com/gui/file/5b1185beeadb639f323162915888ddec2b21d7c0def905cfccfb700668b57924/detection darksmtf.beget.tech # Reference: https://www.virustotal.com/gui/file/03e15c75c983fe3b555d48a31c77d1c09574980d805daeedab614d87bcb2f79e/detection maxnem8g.beget.tech # Reference: https://www.virustotal.com/gui/file/59f9e3d1e60698fa43b80699bead99271d8d2fbd3c3d99c4f7a11637a432d5b0/detection btcminws.beget.tech # Reference: https://www.virustotal.com/gui/file/f81f52daa847f5419d1643185db6e82891944373a848f0ec54c7ad31deb3eb21/detection gabataiser.beget.tech # Reference: https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/ 190.144.115.54:443 45.77.76.158:25643 # Reference: https://www.virustotal.com/gui/file/6e4b708017992a4600a644660b82c1068becb1c1d1212a70a14bbe89c3b211fd/detection http://195.201.124.214 # Reference: https://www.virustotal.com/gui/file/e9dfadacb0ec21e2c6c63e96401caae9a33c3e91d587bae63ea701bd2a067bd4/detection teamviewer.myvnc.com # Reference: https://twitter.com/r3dbU7z/status/1468869791633006599 http://104.192.82.138 # Reference: https://twitter.com/r3dbU7z/status/1469248862405767173 # Reference: https://www.virustotal.com/gui/ip-address/58.226.35.74/relations http://58.226.35.74 # Reference: https://blog.netlab.360.com/ten-families-of-malicious-samples-are-spreading-using-the-log4j2-vulnerability-now/ http://54.210.230.186 http://172.105.241.146 http://18.228.7.109 http://31.220.58.29 /wp-content/themes/twentysixteen/s.cmd # Reference: https://twitter.com/tolisec/status/1473515063030034433 http://150.60.139.51 /wp-content/themes/twentyseventeen/s.cmd # Reference: https://twitter.com/r3dbU7z/status/1474806398034796551 # Reference: https://twitter.com/r3dbU7z/status/1474810273047453701 106.53.115.114:443 116.62.203.85:443 # Reference: https://twitter.com/AffableKraut/status/1479487044808237061 # Reference: https://gist.github.com/krautface/58b8c2f58d1219065e26a48db6402c0b # Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-November/030797.html # Reference: https://www.virustotal.com/gui/file/2735862837aaaf77520131992bc3ee64c43a9984e436e5f3e6433706606b0734/detection 89.58.15.35:4444 binarybusiness.de bitcoin-cashcard.com bitcoin-cashcard.de bitcoin-cashcard.eu bitcoin-pocket.de bitcoin-pocket.eu cloud-miner.de cloud-miner.eu crypto-webminer.com dontbeevils.de donttbeevils.de easyhash.de eth-pocket.com eth-pocket.de ethereum-cashcard.com ethereum-cashcard.de ethereum-pocket.com ethereum-pocket.de ethtrader.de evilsbedont.de trustaproiam.de trustiseverything.de trustmeiamapro.de # Reference: https://twitter.com/Max_Mal_/status/1486252809901248514 # Reference: https://twitter.com/Max_Mal_/status/1486252808424804378 hxxp://141.85.161.18 http://195.154.187.240 http://72.46.52.135 http://80.71.158.96 51.222.121.180:82 # Reference: https://twitter.com/vinopaljiri/status/1487654354148634629 # Reference: https://www.virustotal.com/gui/domain/mine.gsbean.com/relations # Reference: https://www.virustotal.com/gui/file/ba3283863eb1f129120e653e532e40bfa3bfe7fe0a384c1ffc25a44404813300/detection 116.202.251.12:8585 116.202.251.41:8585 116.202.251.42:8585 141.255.164.2:8585 46.4.156.44:8585 80.255.3.69:8585 80.255.3.74:8585 gsbean.com mine.gsbean.com miner.gsbean.com # Reference: https://twitter.com/r3dbU7z/status/1487727533214912514 # Reference: https://www.virustotal.com/gui/file/e56eed035c9fab1b46d9c8d7fd3591796658ff6102f5d06bd73ab72edcdc5912/detection 211.84.240.57:19490 5.26.56.76:8081 guyeyuyu.com # Reference: https://www.virustotal.com/gui/file/00b3d63475d5dd8b1e5eb8ba396bc61db475742bad57e330af15ecf84e06e749/detection bnstarage.ru.swtest.ru # Reference: https://www.virustotal.com/gui/file/f1a36f6e52b1a4968e0e4555065533220d163f4dc2c3855ff3280a4bc2c51de9/detection dlxmrig.vaiwan.com # Reference: https://www.virustotal.com/gui/file/69db3286b4570897e6ca734770592e1cb21f9903bc757208e075b7c51d8c1524/detection 150.129.234.203:82 # Reference: https://www.virustotal.com/gui/file/efcf15f7c1f9f6fe1ac868cc663ccdb9ed5cba441d2b53afb2ef84d284f204fb/detection http://185.231.153.4 # Reference: https://www.virustotal.com/gui/file/3ccc53c4e0908ac1dc21a749f143774863a6604c04aa23f95433afd4d397f0e4/detection 104.131.13.127:11633 105.242.70.229:11633 135.181.105.21:11633 185.205.210.130:11633 43.252.75.246:11633 # Reference: https://www.virustotal.com/gui/file/0000b1219302efd9da56d67d180aa70f50651764fc125b5dcffc94add4f95c76/detection 3.120.98.217:8080 # Reference: https://www.virustotal.com/gui/file/2baba54bd1a2012c1fb1d6b56976ad6c6fa18c7eead791a49998179f8b15913c/detection titcoin.isasecret.com titcoin.slyip.com titcoin.sytes.net # Reference: https://www.virustotal.com/gui/file/60e3dde172b40ff64692a7107b7423f97bf733258adf1b69044ad0f7652ab571/detection ballsfguyjhgf.000webhostapp.com # Reference: https://www.virustotal.com/gui/domain/yvzgazds6d.com/relations # Reference: https://www.virustotal.com/gui/file/006d2e9c9f5e4e0c619bf9d1e8bf1af67c52d5f7591e5771feadb58c4ee6c1c8/detection yvzgazds6d.com # Reference: https://twitter.com/1ZRR4H/status/1523758843414847488 # Reference: https://www.virustotal.com/gui/file/01a1a733afc3a36f53ae87f8667741a0fbd047526ceb929305f36bf39a0dce81/detection http://199.247.0.216 # Reference: https://www.virustotal.com/gui/file/efe2755e1acc314f0e07c5e08de9957b012474450f89ef73c1ffe9cc3b5ed67c/detection # Reference: https://www.virustotal.com/gui/file/7b58cf2671c6a7aad37094e8f560b268635e88467b2bebf7c2ea83256d105bf5/detection # Reference: https://www.virustotal.com/gui/file/4091b3f789b2efe101cb6e1941bd0c613f9292fe750b5d6796e299b8477bbb46/detection 146.196.83.217:29324 # Reference: https://unit42.paloaltonetworks.com/cve-2022-22954-vmware-vulnerabilities/ http://113.185.0.244 http://185.157.160.214 103.64.13.51:8452 # Reference: https://www.virustotal.com/gui/file/430069f19ad4a8bc46ce8238e5d700813e50390bbf463c3bd7f3eb2f2a9af11b/detection http://94.130.227.45 # Reference: https://www.virustotal.com/gui/file/f1059c896152b8eb36c63478a4069b050557c7da07653b0fd35e0a52327068c1/detection 91.211.89.94:3333 patron1.chickenkiller.com # Reference: https://www.virustotal.com/gui/file/c53580ea73754a863e407da21103e586f6037cafc6bc2df8bd0f8ddd2a882ac7/detection http://116.203.223.201 # Reference: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/clipminer-bitcoin-mining-hijacking # Reference: https://otx.alienvault.com/pulse/6299eb63a8cedd5b3a7b83de 179.60.146.9:443 94.75.205.148:443 # Reference: https://www.virustotal.com/gui/file/9954c4b0efcb0e97d6045a2c4e0c3463d1d9d6fe207271751a292cfc1ecd5fed/detection # Reference: https://www.virustotal.com/gui/file/5392cba0421021e6c6b8b7dd69000638019d5e262ed5791c87fabe692712e8b3/detection 167.71.195.90:4242 xmrzone.net # Reference: https://twitter.com/samaritan_o/status/1546384948055138304 # Reference: https://thedfirreport.com/2022/07/11/select-xmrig-from-sqlserver/ 101.102.225.236:4000 101.102.225.236:8080 74.119.239.234:4000 74.119.239.234:8080 mymst007.info http.mymst007.info mst.mymst007.info mst2.mymst007.info # Reference: https://twitter.com/petrovic082/status/1551943731858866182 # Reference: https://www.virustotal.com/gui/file/2f9ed37872c061eae91bde834e7af4bbf7df360b740b4e3a960350d68be819db/detection pool.bmwebm.org wm.bmwebm.org # Reference: https://asec.ahnlab.com/en/37526/ # Reference: https://otx.alienvault.com/pulse/62f22183dafdbedf77a7e45a scmm.netlify.app # Reference: https://mobile.twitter.com/malwrhunterteam/status/1562886002880167936 # Reference: https://www.virustotal.com/gui/file/3770c35b96d937d2cda799713b36dbd8cd2b44a1dd8c44b3a9b7b24eb82046f5/detection yhkdm4cefxmzjkdzqtejagxi5t7mmkzq6i4oym4pmkevvflc3kihk3id.onion # Reference: https://twitter.com/malwrhunterteam/status/1564978499709984770 # Reference: https://twitter.com/malwrhunterteam/status/1564978899133538305 # Reference: https://www.virustotal.com/gui/file/45632e53ee2842145b341f38196504b076271fc477a0800dc6fd34d09652a0f9/detection # Reference: https://www.virustotal.com/gui/file/5af4dc5d6f4cf81a23bd22c37fcf0ca2ceebffcd095c2affede33d01c0748451/detection 73whsrbvydiamobabrxbgmxh76d3qpp4mqbajtxpkgj4zae3h2y6doad.onion yuid7lkv7h662me42y2nzpsyop46xov572hnfbhvifznjnwpmvi2prqd.onion # Reference: https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/ intelserviceupdate.com nitrokod.com nvidiacenter.com # Reference: https://www.virustotal.com/gui/file/35b1f430047720986cb15c3a4da6e608ddd0f915b0b360bdcc6fd881722b0c27/detection chc1.ignorelist.com chc2.ignorelist.com chc3.ignorelist.com chc4.ignorelist.com # Reference: https://blog.cyble.com/2022/11/23/fake-msi-afterburner-sites-delivering-coin-miner/ # Reference: https://otx.alienvault.com/pulse/637f8c6c3feec05efb23b514 matrizauto.net # Reference: https://www.virustotal.com/gui/file/4d956eb377c43410a276bc5beb5c46885f51152f80e5000b4148293a1e3c9a97/detection sil5.com /adm777/g.php # Reference: https://blog.morphisec.com/proxyshellminer-campaign # Reference: https://otx.alienvault.com/pulse/63ee553446d81209663d0797 # Reference: https://www.virustotal.com/gui/file/2bb26e1ad01d13c2c7675b8c5bae9aaa4eae12ebcc613a6f18f2d6f49654765e/detection # Reference: https://www.virustotal.com/gui/file/62d198f9d1753c5b1ec4c6d197f0628857c7e2e05a570009e78b17a1cd4bfc77/detection mail.itseasy.com/resources/files/ mail.ghmproperties.com/resources/files/ mail.shaferglazer.com/resources/files/ # Reference: https://www.virustotal.com/gui/file/2037befe04bacf6dff12e9a3fc533cc920aa2e9b7cdc1141d47aa9cee496e237/detection http://91.198.22.70 # Reference: https://twitter.com/r3dbU7z/status/1628658194917490689 http://139.59.150.7 139.59.150.7:443 rxmxpzfkydkulhhqnuftbmf6d5q67jjchopmh4ofszfwwnmz4bqq2fid.tor2web.in # Reference: https://twitter.com/g0njxa/status/1659563136737738754 # Reference: https://app.any.run/tasks/02488673-70ae-4475-ae50-100e6861c6d3/ 51.81.168.158:8083 51.81.168.158:9999 papa1122.com # Reference: https://twitter.com/SecureSh3ll/status/1663560017797332999 exanimate-tolerance.000webhostapp.com exanimate-tolerance.us-east-1.route-1.000webhost.awex.io # Reference: https://www.virustotal.com/gui/file/5f231555c13ea76ce311bd38dd17756cc6c071b09e44f5e12159e91694afd9a0/detection # Reference: https://www.virustotal.com/gui/file/eeed7ce800a9714b65aaae4f1d61deb83d3f0cbcfd814372807b73c940d4bb8f/detection devupdates.in # Reference: https://www.virustotal.com/gui/file/d7e538f2706c6de8ebc8756d302b444334e9286b9dd35f7687c83f71af543062/detection http://45.142.182.146 # Reference: https://www.virustotal.com/gui/file/3d2a5f279b1def8985566d2e2694158e1dd22718d1b65980dbd847218b48b391/detection 45.142.182.146:39001 # Reference: https://unit42.paloaltonetworks.com/peer-to-peer-worm-p2pinfect/ /miner_sigg /winminer /winminer_sign # Reference: https://twitter.com/g0njxa/status/1686073290845011969 # Reference: https://app.any.run/tasks/ae15896e-4668-4186-add5-7acee638ca86/ padnel2myajfeqniq.xyz # Reference: https://www.virustotal.com/gui/file/eee03d3ec87cb61fb30aab3e3b9fb4a8e6c668f5c88db28e1882e2c76c67bcd6/detection 193.124.119.202:2244 paravozik.dynnamn.ru # Reference: https://www.virustotal.com/gui/file/15442176aaf35ce26e2999d62d6d683679e5692324c4db75449104bce2f37171/detection 185.154.14.5:3333 pococo.cc # Reference: https://twitter.com/karol_paciorek/status/1704047037577072654 # Reference: https://tria.ge/230919-jjm26sfe8t/behavioral2 89.175.24.90:8080 # Reference: https://www.virustotal.com/gui/file/00a4f27d146ce06557f889c1b4f689d094d6a8f8aa911410c4f9dbbb45539a31/detection windowsupdatesupport.org m.windowsupdatesupport.org mail.windowsupdatesupport.org ns1.windowsupdatesupport.org # Reference: https://twitter.com/Jane_0sint/status/1738264140446339528 # Reference: https://www.virustotal.com/gui/file/b2823679fc85abd40d50cc1bec18ce4bc803fc78e2597a92c32dec4ff63ffcaf/detection # Reference: https://www.virustotal.com/gui/file/3826953ded758361f9783d67242e4ba87092d637d72bcf81c649e52665c57de4/detection http://5.133.65.53 http://5.133.65.54 5.133.65.53:1444 5.133.65.53:443 5.133.65.53:5655 5.133.65.54:1444 5.133.65.55:1444 5.133.65.56:1444 77.247.243.43:5655 msupdate.info # Reference: https://app.validin.com/axon?source=DNS&type=ip&find=45.132.1.1 trapminer.biz # Reference: https://threatfox.abuse.ch/browse/tag/UNAM/ (# 2024-01-05) http://122.169.64.215 http://158.247.198.75 http://185.117.3.110 http://194.33.191.246 http://195.3.223.172 http://2.58.113.172 http://2.58.113.220 http://51.195.35.200 http://54.36.127.183 http://85.209.176.126 http://85.209.176.178 http://91.92.254.72 102.50.247.129:443 130.162.178.229:443 14.225.8.224:8081 158.247.198.75:443 172.111.239.90:443 176.119.35.43:443 185.117.3.110:443 193.105.135.135:443 195.3.223.172:443 197.91.182.171:443 197.91.182.171:86 2.58.113.172:443 45.120.177.17:443 45.67.230.182:443 47.87.145.154:443 51.195.35.200:443 54.36.127.183:443 54.38.193.134:443 82.66.185.138:8080 85.209.176.178:443 95.214.24.45:443 144920-1-76bedd-01.services.oktawave.com ads.thebestonline24.com api.hostinguje.me auth.xy0ke.pro bankcashcredit.ru beylikotomasyon.com bixby.lat bumbiz.xyz caboshed-rations.000webhostapp.com clarenssbodiker.ru crypticgamings.com data.shopvigil.com demo.citichoice.ca dsadw33fdsfs.buzz fanklubziuta.pl fortunagamez.com frazedev.xyz gfdwertwdd.xyz ghostmain.site host.jjzpanel.xyz hotspot.mom info.thebestonline24.com jf832nfds90vxcj893422m.store jjzpanel.xyz kaspersky-secure.ru klaster.pp.ua krypto.itwu.pl law.fan mail.crypticgamings.com mail.ok.adaklab.ir mail.strongsteelhomes.com main-node.incaves.fr microsoftcom.gfdwertwdd.xyz minehidden-gpu.ru miner.sjzh.top minerchenzhi888.top minernumberone.org moner0000f5rvt.site mx.thebestonline24.com newstroczvmonmy3ne1w.su ok.adaklab.ir owenkruse.click panfsaafcxzelkfsha31523.xyz paquerasfacilitadas.fun.g10corretora.com.br px1.bankcashcredit.ru rawrie.eu rede.tphost.com.br rex-exploits.ru seanhenning-101.ddns.net servermethod.net sjzh.top smartpanel.top snsnuji.com strongsteelhomes.com swapme.fun system.xnesa.in telefonemusk.ru thebestonline24.com unam.farorsps.com vps-228ceefa.vps.ovh.net webpanel777.pl willyman.org windowsupdate.love-network.cc xm.centralmarketingkur.com xmr.r4nd0m.anondns.net xmr.sjzh.top xmrpool.shop xy0ke.pro zel.bio # Reference: https://threatfox.abuse.ch/browse/tag/UNAM/ (# 2024-01-16) http://103.54.57.251 http://122.169.90.181 http://141.98.7.8 http://188.120.232.53 http://193.222.96.183 http://217.196.107.29 http://24.199.71.49 http://64.23.168.181 http://91.194.135.254 http://91.92.243.55 http://94.156.71.78 102.50.247.129:84 103.54.57.251:443 193.222.96.183:443 195.242.218.22:443 2.58.113.172:4433 8.218.155.228:443 alexs404.fvds.ru cdnupdateservice.com controlpanel29.com doobiefly.com downhimse.com gptchatpro.online intro.su mycontrolpanel29.com nanasuuakiaa.host panelbar.ct8.pl panitor.xyz shikkiy.fvds.ru # Reference: https://tria.ge/240212-pz8lpsde6w/behavioral1 dham2fjg7wsuiqovkuaqkfc42rhfbctvzf4filsx5kq7iqvvd5n2tuad.onion.ly # Reference: https://twitter.com/karol_paciorek/status/1758506840822894993 45.200.14.77:88 # Reference: https://www.virustotal.com/gui/file/87f6e9f0e2b2251c6e4a1bc94b8f30c1d86e69955067f5cf989e457abfcf67d3/detection 154.12.33.4:33370 xmr.awuam.com # Reference: https://www.virustotal.com/gui/file/cd47f987e36e2afd5d05802d768726a6a526500a13b1511c883f4136c8ac715f/detection # Reference: https://www.virustotal.com/gui/file/d78a652f5bbf7f3c03a8628da604db23a7c901b5c6c6848852b4848079165cdb/detection http://47.105.86.47 47.105.86.47:3306 47.105.86.47:54253 47.105.86.47:54254 hansenserver.top db.hansenserver.top remote.hansenserver.top serverchain.hansenserver.top # Reference: https://www.virustotal.com/gui/file/671cb459608e8db68aa48e8bd51aa4bcf1caa14fe014dcd82c36868c3b1d30b8/detection http://91.92.242.200 91.92.242.200:62659 # Reference: https://www.virustotal.com/gui/file/fb22a89b757f26048ef0e1704b17dfcb4540dec9b0d57c8c234b331920bc809f/detection # Reference: https://www.virustotal.com/gui/file/db51bbf76672c02bc0248d242efde621cf8809ed4c8a2ea4c2ca0176c7b07623/detection # Reference: https://www.virustotal.com/gui/file/5353127308732b5a30d96259d0448c5bf92fba25ebc73bfea014f11cebb21990/detection http://91.92.249.202 134.255.232.79:30123 91.92.249.202:21 91.92.249.202:62659 # Reference: https://www.virustotal.com/gui/ip-address/218.28.249.14/relations # Reference: https://www.virustotal.com/gui/file/e770d014c39b16344d77732368134400386342c09058318f141cfd27decb667a/detection # Reference: https://www.virustotal.com/gui/file/41cc2e29d9651a1b7590dbce59d3ee18c9749397536ef97b8d7e176d24ba33bc/detection 218.28.249.14:3335 218.28.249.14:8080 domain004.gleeze.com gamepanel.gleeze.com gamepanel2.theworkpc.com test1000.ooguy.com test1001.blogsite.xyz test1003.accesscam.org # Reference: https://www.virustotal.com/gui/file/78f6886ce0c49121a1f487bea1d75644ee389842bb45d3f230236bb99f77471e/detection # Reference: https://www.virustotal.com/gui/file/293b7cf8bbdfaa4c997ef8914a7e7ba845be03206421e63bd07507450b651409/detection # Reference: https://www.virustotal.com/gui/file/f40e7e35fcb6c546d49a041899fba78002a275fe35cc6de09f06aef8b785fe9c/detection 156.227.0.125:6363 166.88.209.25:110 166.88.209.25:17763 166.88.209.25:18080 166.88.209.25:6363 54.153.56.183:6363 94.63.34.213:6363 # Reference: https://www.virustotal.com/gui/file/ba75bf06d239cf48e35bd920c35da82f3b505bb6cd05d122d1f3dc5bda525083/detection 94.156.67.16:443 wmubot.ddns.net # Reference: https://www.virustotal.com/gui/file/1bd1c442a4622499471978b49ade289e296bf01a56d01ef0348d4d362fcf995d/detection 108.61.215.239:23888 45.32.199.3:23888 45.32.203.114:23888 45.63.43.26:23888 45.76.115.89:23888 # Generic /bot/miner.php /cpuminer-opt-linux.tar.gz /honeyminer.exe /pool_mine_example.cmd /setup_xmr.sh /xdi-performance.exe /xmr.ino /xmr.plg /xmr64.exe /xmr64.plg /xmr64.zip /xmrig.exe /xmr.sh.sh /xmrig.tar.gz /xmrig.so /xmrig-1.zip /xmrig-2.zip /xmrig-3.zip /xmrig-4.zip /xmrig-5.zip /xmrig-6.zip /xmrig-7.zip /xmrig-8.zip /xmrig-9.zip /xmrigdaemon /xmr/config.json /xmr/xmrig.service /xmr/xmrig