Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- crypto_mining
- https://github.com/stamparm/maltrail/blob/master/trails/static/suspicious/crypto_mining.txt
- # Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
- # See the file 'LICENSE' for copying permission
- # Reference: https://hackforums.net/printthread.php?tid=5655422
- # Reference: https://twitter.com/r3dbU7z/status/1347527548977242116
- # Reference: https://www.virustotal.com/gui/file/6cd557cb2582ab5cf8d0e77131479ab91c00bfdf9c775c170809d5265bf0477a/detection
- 107.191.47.239:3333
- 176.31.105.53:3333
- 45.32.233.191:3333
- 51.144.104.161:3333
- 51.144.119.120:3333
- 54.37.7.208:3333
- 94.23.251.22:3333
- 107.191.47.239:7777
- 176.31.105.53:7777
- 45.32.233.191:7777
- 51.144.104.161:7777
- 51.144.119.120:7777
- 54.37.7.208:7777
- 94.23.251.22:7777
- minergate.com
- pool.minergate.com
- xmr.pool.minergate.com
- miningpoolhub.com
- minexmr.com
- pool.minexmr.com
- moneropool.com
- crypto-pool.fr
- dwarfpool.com
- xmrpool.eu
- prohash.net
- nanopool.org
- ethereumpool.co
- suprnova.cc
- siamining.com
- # Reference: https://www.virustotal.com/gui/file/7738ad1029f1709ec86c8ba24e04b3f71edf671b64681b884ccd70725a1674a5/detection
- 94.130.143.162:45700
- # Reference: https://www.multipool.us/
- multipool.us
- # Reference: https://mining-help.ru/
- mining-help.ru
- # Reference: https://xmrminer.cc/
- xmrminer.cc
- # Reference: https://www.monero.how/tutorial-how-to-mine-monero
- supportxmr.com
- monero.hashvault.pro
- monerohash.com
- monero.crypto-pool.fr
- xmrpool.net
- poolmining.org
- pool.xmr.pt
- xmr.prohash.net
- xmr.poolto.be
- # Reference: http://www.gandalph3000.com/
- gandalph3000.com
- # Reference: https://pangolinminer.com/
- pangolinminer.com
- # Reference: https://hellominer.com/
- hellominer.com
- # Reference: https://github.com/keraf/NoCoin/blob/master/src/blacklist.txt
- # coinhive.com
- # coin-hive.com
- # jsecoin.com
- # reasedoper.pw
- # mataharirama.xyz
- # listat.biz
- # lmodr.biz
- # minecrunch.co
- # minemytraffic.com
- # crypto-loot.com
- # Reference: https://www.virustotal.com/#/file/179c5390ba2023402283104fd85d6394033976bc2f21e45d32e7557cafaa7d41/detection
- sparechange.io
- # Reference: https://blog.talosintelligence.com/2018/08/rocke-champion-of-monero-miners.html
- 8282.space
- 3389.space
- # Reference: https://github.com/xmrig/xmrig/blob/master/src/net/strategies/DonateStrategy.cpp
- fee.xmrig.com
- # Reference: https://www.securityhome.eu/malware/malware.php?mal_id=7994909645aa0b75fc035d0.43847858
- donate.xmrig.com
- # Reference: https://isc.sans.edu/forums/diary/What+is+going+on+with+port+3333/23215
- mine.moneropool.com
- pool.cortins.tk
- pool.supportxmr.com
- xmr.crypto-pool.fr
- xmrpool.eu
- # Reference: https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/
- koto-pool.work
- # Reference: https://www.anomali.com/blog/rocke-evolves-its-arsenal-with-a-new-malware-family-written-in-golang
- 134.209.104.20:51640
- minerxmr.ru
- # Reference: https://twitter.com/bad_packets/status/1100625553822867456
- 119.23.222.239:26590
- # Reference: https://twitter.com/James_inthe_box/status/1115591879586795521
- 47.97.119.5:19988
- # Reference: https://twitter.com/infosec_dude/status/1117450131417313280
- # Reference: https://www.virustotal.com/gui/ip-address/45.43.27.214/relations
- # Reference: https://twitter.com/James_inthe_box/status/1117881448151666688
- 45.43.27.214:17555
- r.twotouchauthentication.online
- # Reference: https://twitter.com/luc4m/status/1123126706943008768
- 139.224.15.175:26591
- # Reference: https://www.gdatasoftware.com/blog/2019/05/31695-strange-bits-smuggling-malware-github
- zarabotaibitok.ru
- 61.128.111.164:3335
- # Reference: https://twitter.com/raby_mr/status/1133347073154097153
- # Reference: https://app.any.run/tasks/7e23f973-5f69-4ef0-af26-427e975e308d/
- # Reference: https://www.virustotal.com/gui/file/272e25e3aa9d792281a282c2f6cd40d59c5b8fe432ae93bb5015899ceb173dd1/behavior/Dr.Web%20vxCube
- # Reference: https://www.virustotal.com/gui/ip-address/94.130.64.225/relations
- # Reference: https://www.virustotal.com/gui/ip-address/46.4.119.208/relations
- 46.4.119.208:45700
- 94.130.64.225:45700
- # Reference: https://github.com/guardicore/labs_campaigns/blob/master/Nansh0u/mining_pools_domains.md
- lokiturtle.herominers.com
- trtl.cnpool.cc
- turtle.miner.rocks
- trtl.pool.mine2gether.com
- # Reference: https://twitter.com/liuya0904/status/1135901420958281729
- noobxmr.com
- minexmr.cn
- moriaxmr.com
- viaxmr.com
- xmr-us.suprnova.cc
- xmr.bohemianpool.com
- xmr-usa.dwarfpool.com
- miners.pro
- zer0day.ru
- # Reference: https://twitter.com/malware_traffic/status/1138999824613687298
- # Reference: https://twitter.com/VK_Intel/status/1139926661162512384
- # Reference: https://github.com/k-vitali/Malware-Misc-RE/blob/master/2019-06-14-tofsee-spambot-modules.notes.vk.txt
- 185.181.165.20:8087
- # Reference: https://twitter.com/Artilllerie/status/1115258738368294913
- 185.212.129.80:8087
- # Reference: https://otx.alienvault.com/pulse/5d0773672ba7e7853c4ad5cf
- 185.161.70.34:3333
- 202.144.193.184:3333
- 205.185.122.99:3333
- # Reference: https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/ (# Mining hosts)
- system-update.info
- system-check.services
- 185.193.126.114:443
- 185.193.126.114:8080
- 82.221.139.161:8080
- # Reference: https://twitter.com/28bit/status/1159906315642253312
- 121.42.151.137:28850
- # Reference: https://twitter.com/James_inthe_box/status/1165005466419658753
- 3.120.209.58:8080
- # Reference: https://habr.com/ru/company/pt/blog/466877/ (Russian)
- 154.16.67.133:80
- # Reference: https://twitter.com/Paladin3161/status/1171766464560238593
- # Reference: https://pastebin.com/YWXQFF3Q
- http://185.141.25.35
- solarray.club
- # Reference: https://twitter.com/pancak3lullz/status/1174012227130679297
- 65.154.226.109:14100
- 70.42.131.189:14100
- # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/fileless-cryptocurrency-miner-ghostminer-weaponizes-wmi-objects-kills-other-cryptocurrency-mining-payloads/
- pool.usa-138.com
- xmr.usa-138.com
- # Reference: https://twitter.com/MalwareTechBlog/status/1190730471321112577
- # Reference: https://otx.alienvault.com/pulse/5dbdf437299aea7cd396cd26
- # Reference: https://www.virustotal.com/gui/file/8a87a1261603af4d976faa57e49ebdd8fd8317e9dd13bd36ff2599d1031f53ce/detection
- # Reference: https://www.virustotal.com/gui/file/037dbddeda76d7a1be68a2b3098feabfbf5400a53e2606f5a0e445deb2e42959/detection
- 5.100.251.106:52057
- # Reference: https://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-botnets/
- myxmr.pw
- xmr.5b6b7b.ru
- # Reference: https://www.virustotal.com/gui/file/f99833ef4d4bcb6cf9abcaee6edd3d1ba5b5825af4fd3f609654d343b137a8af/detection
- 91.121.140.167:3333
- # Reference: https://www.accenture.com/_acnmedia/pdf-46/accenture-threat-analysis-monero-wannamine.pdf
- pool.supportxmr.com
- pool.minexmr.com
- pool.support
- pool.monero.hashvault.pro
- xmrpool.eu
- cryptonight-hub.miningpoolhub.com
- xmrpool.net
- xmr.nanopool.org
- mixpools.org
- minergate.com
- viaxmr.com
- moriaxmr.com
- xmr.suprnova.cc
- moneroocean.stream
- xmrpool.eu
- xmrpool.de
- poolto.be
- mineXMR.com
- xmr.prohash.net
- sheepman.mine.bz
- xmr.mypool.online
- bohemianpool.com
- moneropool.com
- moneropool.nl
- iwanttoearn.money
- pool.xmr.pt
- monero.crypto-pool.fr
- monero.miners.pro
- minercircle.com
- monero.lindon-pool.win
- cryptmonero.com
- teracycle.net
- ratchetmining.com
- dwarfpool.com
- monerohash.com
- monero.us.to
- usxmrpool.com
- xmrpool.xyz
- minemonero.gq
- alimabi.cn
- pooldd.com
- monero.riefly.id
- # Reference: https://blog.talosintelligence.com/2020/01/vivin-cryptomining-campaigns.html
- # Reference: https://otx.alienvault.com/pulse/5e29b7189d749995b2d4ea71
- # Reference: https://www.virustotal.com/gui/file/6bc118693d6e69081e5f39fdab20a613d7536d3199c029562c192c5dbc9d1d1c/detection
- 37.59.43.136:4444
- 37.59.54.205:4444
- # Reference: https://app.any.run/tasks/d6c87295-24a2-48eb-aef0-d3d5ac4ad2ae/
- # Reference: https://mining.bittube.app/
- mining.bittubeapp.com
- # Reference: https://www.virustotal.com/gui/file/5eda21ea41febbdc5b69840894cb37cba8206f2865dc07e2cb85c29db5240d04/detection
- # Reference: https://www.virustotal.com/gui/ip-address/163.172.204.213/relations
- # Reference: https://www.virustotal.com/gui/ip-address/163.172.204.219/relations
- 163.172.204.213:3333
- 163.172.204.219:3333
- 163.172.207.198:3333
- 163.172.207.71:3333
- crypto-pool.info
- monero-master.crypto-pool.fr
- pool.4i7i.com
- xmr.ip28.net
- xmr.simka.pw
- xmrpool.me
- xmr.crypto-pool.info
- xmrf.520fjh.org
- xmrf.fjhan.club
- xmr.somec.cc
- pool.somec.cc
- # Reference: https://www.first.org/resources/papers/amsterdam2019/FIRST-TC-pres-v1.1.pdf # Note: page 31
- # Reference: https://www.virustotal.com/gui/ip-address/163.172.226.194/relations
- # Reference: https://www.virustotal.com/gui/domain/xmr.crypto-pool.fr/relations
- # Reference: https://www.virustotal.com/gui/file/87f9a5a38c1dce92317c50fe66f2fdc0fcfac19f0ea58951b9a3e747915c1827/behavior/Rising%20MOVES # Note: different ports used
- 163.172.114.218
- 163.172.203.178
- 163.172.204.213
- 163.172.204.219
- 163.172.205.136
- 163.172.206.67
- 163.172.207.166
- 163.172.207.198
- 163.172.207.69
- 163.172.207.71
- 163.172.207.88
- 163.172.224.101
- 163.172.226.114
- 163.172.226.120
- 163.172.226.128
- 163.172.226.137
- 163.172.226.194
- 163.172.226.218
- # Reference: https://www.virustotal.com/gui/file/fbcdd5c542bb5c66303e621829f0cd654be0bfb38ed0c50a335ef3c9dae0201f/detection
- 138.201.20.89:45700
- 138.201.27.243:45700
- 78.46.87.181:45700
- 88.99.142.163:45700
- # Reference: https://www.virustotal.com/gui/file/c3affb76ff0fad78d77b0153b5c2a99d5bbd8d829ef13661c0af58d2988db344/detection
- 149.210.234.234:3333
- litecoinpool.org
- # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1240732487195688962
- covid19crypto.com
- # Reference: https://blog.360totalsecurity.com/en/crazycoin-the-master-of-double-mining-double-white-utilization-and-resource-utilization/
- 47.101.30.124:13531
- 47.108.119.77:6000
- f2pool.com
- hns.f2pool.com
- xmr.f2pool.com
- # Reference: https://github.com/Monero-Monitor/monero-monitor/blob/master/data/html/options.html
- monero.crypto-pool.fr
- monerohash.com
- moneropool.com
- drill.moneroworld.com
- cryptmonero.com
- xmr.prohash.net
- xmr.alimabi.cn
- xmrpool.eu
- supportxmr.com
- minexmr.com
- # Reference: https://www.virustotal.com/gui/file/eaef82223eeb8cf404a1d46613d36b9e582304b215201b5e557db578dd73e04e/behavior/Dr.Web%20vxCube
- 37.59.43.131:5555
- 37.59.43.136:5555
- 91.121.2.76:5555
- 37.59.45.174:5555
- 176.9.2.144:5555
- 78.46.91.134:5555
- 78.46.89.102:5555
- 37.187.154.79:5555
- 37.59.54.205:5555
- 37.59.55.60:5555
- # Reference: https://s.tencent.com/research/report/948.html (Paragraph 6)
- # Reference: https://otx.alienvault.com/pulse/5e863edb03f9ddbc8bc15b60
- 103.195.4.139:443
- 178.128.108.158:443
- 68.183.182.120:443
- # Reference: https://www.virustotal.com/gui/file/455224893e266c7f5781bdc2e0c1cbb1a4f3c71c8a63ba7c690cd3067949ed5c/detection
- 178.63.48.196:5555
- # Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt
- minerpool.pw
- /xmrig/
- # Reference: https://www.virustotal.com/gui/file/a38216166e363d752f37bdf0419d2e2694279beab8df66d40f56c679563e7a4f/detection
- pool.hashvault.pro
- # Reference: https://www.virustotal.com/gui/file/f47aa2f661eec457e659d0c0867902e4ed851993f8b884e03c22e27403f4876c/detection
- # Reference: https://www.virustotal.com/gui/file/6eb73cfa98e35282a6f9a6d028f3f5ad84cf29ed4deb33b262d682c8bd246466/detection
- # Reference: https://www.virustotal.com/gui/file/44cd3c7c0acb590fd5f1d5175171accedc602c702139ea47017dea782b859a8b/detection
- # Reference: https://www.virustotal.com/gui/domain/hex7e4.ru/relations
- 134.122.57.234:3333
- 185.212.128.180:8080
- 45.61.136.51:3333
- 45.61.136.51:8080
- 97.68.239.202:3333
- d1pool.ddns.net
- d5pool.us
- xmr.hex7e4.ru
- xxx.hex7e4.ru
- # Reference: https://www.virustotal.com/gui/file/f0fa9f69e15c349511fc1d2928507a69aefa908726d5c3aa5cd7e3ae83b412c5/detection
- 107.175.127.22:6661
- emercoin.com
- emercoin.net
- emergate.net
- seed.emercoin.com
- seed.emercoin.net
- seed.emergate.net
- # Reference: https://twitter.com/r3dbU7z/status/1323120001604341760
- 13.77.155.141:5000
- xmr.bepooh.com
- # Reference: https://www.virustotal.com/gui/file/f1f8d8e09da07736059c4388bfdf35318d3e34726c5d362c5f986e5ed8d6a0d4/detection
- 51.81.245.40:5555
- us-west.minexmr.com
- webservicepag.webhop.net
- # Reference: https://thedfirreport.com/2020/11/12/cryptominers-exploiting-weblogic-rce-cve-2020-14882/
- # Reference: https://otx.alienvault.com/pulse/5fad78631749dbff71a31f55
- # Reference: https://www.virustotal.com/gui/ip-address/178.128.242.134/relations
- # Reference: https://www.virustotal.com/gui/ip-address/185.92.222.223/relations
- # Reference: https://www.virustotal.com/gui/file/58bb90f11070a114442c4fa1cbbccefadcdf954510ae2b8d91c9b22b1a8a42d5/detection
- 178.128.242.134:443
- 185.92.222.223:443
- 104.140.244.186:3333
- 37.59.44.193:3333
- 45.136.244.146:3333
- 94.23.23.52:3333
- donate.ssl.xmrig.com
- donate.v2.xmrig.com
- randomx.xmrig.com
- # Reference: https://twitter.com/r3dbU7z/status/1326915356028493826
- 131.153.76.130:3333
- # Reference: https://www.virustotal.com/gui/file/91c051a316c234d4f29a1ae939baa2b3ce28d8cc536442fc829c268d72b1cbcd/detection
- 109.94.208.3:28734
- 110.93.227.135:28734
- 182.1.2.238:28734
- 27.67.182.91:28734
- 35.225.125.226:28734
- 37.214.86.162:28734
- 89.183.110.221:28734
- 93.81.162.103:28734
- # Reference: https://twitter.com/r3dbU7z/status/1330843370244214784
- bizxmr.cc
- # Reference: https://www.virustotal.com/gui/file/f2519c4978dd4339e0b625b875343bb4ae03c504268da799c4ec694802770585/detection
- # Reference: https://twitter.com/rootprivilege/status/1331348542028275712
- 198.50.168.213:6233
- 198.50.152.135:6233
- 149.56.122.72:6233
- 144.217.67.71:6233
- 144.217.111.81:6233
- 192.99.233.217:6233
- 149.56.122.79:6233
- 192.99.203.53:6233
- 198.50.168.213:6234
- 198.50.152.135:6234
- 149.56.122.72:6234
- 144.217.67.71:6234
- 144.217.111.81:6234
- 192.99.233.217:6234
- 149.56.122.79:6234
- 192.99.203.53:6234
- mine.zpool.ca
- # Reference: https://www.virustotal.com/gui/ip-address/3.120.98.217/relations
- 3.120.98.217:8080
- # Reference: https://www.virustotal.com/gui/file/49a326ef65fb6a7f8e778fb2104aa2708e38601348ddbc04e8cbd9117af0458a/detection
- 172.65.200.133:3380
- # Reference: https://www.virustotal.com/gui/file/a8174c8d4169bafa791bdaba5033bf0b67a6ab7dde9a362c5f04ac6d2088a677/detection
- 172.65.200.133:3357
- # Reference: https://www.virustotal.com/gui/file/692627b99dc224be5f31321b5628c9736bc0b43a87358ccf544e39453d27eb4e/detection
- # Reference: https://www.virustotal.com/gui/file/1d8c8e42e73eea50e0ca09124c0c2c3e7da21c5b232246129528cc955dc5a25f/detection
- 172.65.200.133:3333
- 172.65.245.55:3333
- # Reference: https://www.virustotal.com/gui/file/f89c6d288cadbd5924496b664f6138c14523c338bef44407c0ed1a449b11e466/detection
- # Reference: https://www.virustotal.com/gui/file/8b7aac6ab2d4b4a128c11c02b9b0269c08dec2c935c92e45804756a4ee5878e5/detection
- 172.65.195.177:3341
- 172.65.200.133:3341
- # Reference: https://www.virustotal.com/gui/file/fd1d919e012353386a9d20af761109eaaa3099eec0bebec107b3bf000348f3fe/detection
- 172.65.200.133:3375
- # Reference: https://www.virustotal.com/gui/file/1d1d2b6edf51a4262795b2d99f4bf21f2c71b68d2001f74a6d1b24b077a890f0/detection
- 172.65.200.133:3334
- # Reference: https://www.virustotal.com/gui/file/09fb4ee5038c7f273273642b83926c84361ef34ae43ac835542c1ff065734437/detection
- 172.65.200.133:3347
- # Reference: https://www.virustotal.com/gui/file/a9510408f55684801300e3bcb9df0405bd620091dc635493b190dc749d743f93/detection
- 172.65.192.67:3353
- 172.65.196.90:3353
- 172.65.200.133:3353
- 172.65.223.147:3353
- 172.65.229.122:3353
- 172.65.255.250:3353
- # Reference: https://twitter.com/IntezerLabs/status/1341010531902050305
- # Reference: https://www.virustotal.com/gui/ip-address/80.211.206.105/relations
- # Reference: https://www.virustotal.com/gui/file/1ce687b9d97bc0932bc3bc107a6b5c9363bb5a6f1c2391a59f1664dfa68a2228/detection
- # Reference: https://www.virustotal.com/gui/file/b0c8667eba81af1069e310055acea49e4f08fed8a071cb33da64a3d1e154d75d/detection
- # Reference: https://www.virustotal.com/gui/file/402ce23a6b8c718d31a203eb27d1ac97dc614499b542ab630afcb5ac629d934a/detection
- # Reference: https://www.virustotal.com/gui/file/603585df24d799e13d80145f071b2fbc3d81493d098a0df5e474ef4405b61fe4/detection
- # Reference: https://www.virustotal.com/gui/file/3373bdf62d72c6f8ab62797aeda4f2b993f0d950964c3b5f9b8f96774abc25a6/detection
- # Reference: https://www.virustotal.com/gui/file/037f28da0a7e825a21176c27123c9333bca46d37a8faf378c31766b82c653bbb/detection
- # Reference: https://www.virustotal.com/gui/file/64db532ccfa34e01e697e68d5ee6d7360c9641440c38d2fd7850687837b24039/detection
- # Reference: https://www.virustotal.com/gui/file/ee1024af67999dad6fc7a202f200526f70d54afbdf39f53121b020510fb103b8/detection
- # Reference: https://www.virustotal.com/gui/file/b0adb691cf67bbe881c5b1946eb31f99fdddacef06078b94b8fe56a611bbe897/detection
- # Reference: https://www.virustotal.com/gui/domain/donate.graef.in/relations
- 15.236.100.141:10001
- 15.236.100.141:10128
- 18.180.72.219:10001
- 18.180.72.219:10128
- 3.125.10.23:10001
- 3.125.10.23:10032
- 3.125.10.23:10128
- 34.252.195.254:10032
- 34.252.195.254:10128
- 80.211.206.105:5555
- donate.graef.in
- donate2.graef.in
- xmrigcc.graef.in
- # Reference: https://www.virustotal.com/gui/ip-address/61.147.103.140/relations
- # Reference: https://www.virustotal.com/gui/file/e52afc60918b6ba83cff5362344b4d712e9fa29b639ee70e25c1c650bf93360d/detection
- 61.147.103.140:20570
- # Reference: https://www.virustotal.com/gui/file/b7be211bbc842b461f8b729c3b6105c855df563e7b11e4fc51aaf9cafe250526/detection
- 185.154.13.213:3333
- # Reference: https://twitter.com/r3dbU7z/status/1341352776459272195
- 54.188.223.206:10128
- # Reference: https://twitter.com/r3dbU7z/status/1344547651564539904
- 149.248.6.193:13531
- # Reference: https://www.virustotal.com/gui/file/cd889a03ea69d14e772e1f0996dedf7fd18cc927de21d40785f5942320e35cd1/detection
- 47.100.95.105:13531
- # Misc (incidents)
- 213.252.245.67:450
- 213.252.245.67:453
- 213.252.245.67:454
- 213.252.245.67:457
- 213.252.245.157:450
- 213.252.245.157:451
- 213.252.245.157:452
- 213.252.245.157:454
- 213.252.245.157:457
- 213.252.245.197:451
- 213.252.245.197:452
- 213.252.245.197:453
- 213.252.245.197:454
- 213.252.245.197:457
- 213.252.245.223:450
- 213.252.245.223:451
- 213.252.245.223:452
- 213.252.245.223:457
- # Reference: https://s.tencent.com/research/report/1213.html
- # Reference: https://www.virustotal.com/gui/domain/mine.c3pool.com/relations
- 91.121.140.167:443
- 101.32.73.178:15555
- 116.203.61.78:15555
- 119.28.4.91:15555
- 149.202.214.40:15555
- 158.247.195.181:15555
- 3.112.214.88:15555
- 3.18.108.36:15555
- 35.153.203.86:15555
- 35.163.175.186:15555
- 47.241.2.137:15555
- 51.75.75.163:15555
- 52.195.14.54:15555
- 54.180.146.246:15555
- mine.c3pool.com
- # Reference: https://www.virustotal.com/gui/domain/winxmr.club/relations
- winxmr.club
- # Reference: https://twitter.com/r3dbU7z/status/1348015427541151745
- # Reference: https://www.virustotal.com/gui/file/f7a8d3fb89711f208f281c267ed8dd647cda207ecb514d37892b56a0ddafbe9a/relations
- monerogb.com
- monerorx.com
- # Reference: https://www.virustotal.com/gui/file/fd18bea214ae854e69e6775f6cdebb6bd6d378dee7854924cf3ae3bfb5173b94/detection
- 139.99.120.50:7777
- # Reference: https://www.virustotal.com/gui/file/405a51b74c7c4e26ae112189e5ef071d6279b5fece6e2af08985306fdd28e223/detection
- 49.12.80.38:45560
- 49.12.80.40:45560
- # Reference: https://www.virustotal.com/gui/file/167370f764174dce40f79a111ad8441df37c0af80eba4ba2e7a3b4d72e6e42e7/detection
- 51.254.84.37:4444
- # Reference: https://www.virustotal.com/gui/file/85b8e1e0746f3e62bf8d8d6473526b55b7c198cde13dd471469afd531f9e69e6/detection
- 49.12.80.40:45700
- # Reference: https://twitter.com/CUJOAI/status/1369653043281723400
- # Reference: https://cujo.com/iot-malware-journals-prometei-linux/
- 5.189.171.187:3333
- # Reference: https://blog.netlab.360.com/microsoft-exchange-vulnerability-cve-2021-26855-scan-analysis-3/
- 159.65.206.137:3333
- # Reference: https://twitter.com/KorbenD_Intel/status/1379537565498363906
- # Reference: https://twitter.com/James_inthe_box/status/1379538678356185088
- # Reference: https://github.com/stamparm/maltrail/pull/15811
- # Reference: https://www.virustotal.com/gui/file/a7c8b4c917102a5578a504f9badea75602544d765dd0dacf31420e44cc7b7d4b/detection
- 205.147.109.89:9000
- # Reference: https://unit42.paloaltonetworks.com/attackers-conducting-cryptojacking-u-s-education-organizations/
- 135.181.62.60:4555
- 135.181.62.60:6238
- miningrigrentals.com
- # Reference: https://www.virustotal.com/gui/file/ca7fb7f30484188410962403699ca8aaa567424dc64bf091c8d454af895ee507/detection
- # Reference: https://www.virustotal.com/gui/file/fe9817c1a253d4a1f051e565dba2a19e7cf07d30b1f59dd812a2bd9e8e9b1d6c/detection
- 109.122.17.187:58080
- 109.122.19.233:58080
- 109.122.21.57:58080
- 109.200.230.228:58080
- 109.200.239.116:58080
- 110.174.11.117:58080
- 115.196.176.31:58080
- 115.70.207.118:58080
- 132.255.172.2:58080
- 135.181.62.60:58080
- 141.255.84.48:58080
- 173.249.36.200:58080
- 179.203.251.42:58080
- 183.212.113.247:58080
- 185.103.153.205:58080
- 185.109.168.132:58080
- 185.220.101.18:58080
- 188.124.42.105:58080
- 188.166.113.181:58080
- 195.74.76.237:58080
- 2.229.120.121:58080
- 217.144.175.237:58080
- 217.146.82.102:58080
- 31.4.236.97:58080
- 31.4.247.155:58080
- 37.120.133.73:58080
- 45.154.14.95:58080
- 45.77.152.180:4001
- 45.77.152.180:58080
- 45.77.152.180:8117
- 46.250.25.121:58080
- 46.250.26.211:58080
- 52.143.28.3:58080
- 62.171.176.187:58080
- 62.80.191.164:58080
- 74.74.76.149:58080
- 77.247.181.163:58080
- 78.180.38.32:58080
- 79.147.150.181:58080
- 82.42.36.23:58080
- 83.51.143.62:58080
- 84.66.171.180:58080
- 87.168.45.14:58080
- 89.187.1.234:58080
- 93.73.141.143:58080
- 95.151.35.130:58080
- 95.213.193.198:58080
- 95.213.193.235:58080
- 95.26.150.131:58080
- pool.armornetwork.org
- pool2.armornetwork.org
- # Reference: https://blog.talosintelligence.com/2021/04/threat-roundup-0416-0423.html (# Win.Trojan.CoinMiner-9852807-1)
- # Reference: https://www.virustotal.com/gui/domain/herominers.com/relations
- 168.119.11.231:10451
- herominers.com
- # Reference: https://twitter.com/r3dbU7z/status/1385904261435887616
- miner.rocks
- minerrocks.com
- masari.miner.rocks
- sumokoin.minerrocks.com
- # Reference: https://www.trendmicro.com/en_us/research/21/d/tor-based-botnet-malware-targets-linux-systems-abuses-cloud-management-tools.html (# Monero pools chapter)
- 119.205.235.58:443
- 119.205.235.58:8080
- 136.243.90.99:443
- 136.243.90.99:8080
- 153.127.216.132:8080
- 94.176.237.229:443
- 94.176.237.229:80
- 94.176.237.229:8080
- # Reference: https://blog.netlab.360.com/wei-xie-kuai-xun-z0miner-zheng-zai-li-yong-elasticsearch-he-jenkins-lou-dong-da-si-chuan-bo/
- # Reference: https://www.virustotal.com/gui/domain/xmr-eu2.nanopool.org/relations
- # Reference: https://www.virustotal.com/gui/file/506d0ed05c5334cf4461380123eab85e46398220ed82386745f3d8ef3339adf9/detection
- # Reference: https://www.virustotal.com/gui/file/01453d9e9836474f22700a97b77c3e5a2c418a3474877d62467fe65ac2cf766e/detection
- # Reference: https://www.virustotal.com/gui/file/2e5c3f033990ce39eb6c50160a60256accd2d54550a071394d21a88cc089a134/detection
- 149.202.42.174:14444
- 151.80.144.188:14444
- 198.251.88.21:14444
- 213.32.74.157:14444
- 51.15.78.68:14444
- 5.196.26.96:14444
- 51.15.55.100:14444
- 51.15.55.162:14444
- 51.15.58.224:14444
- 51.15.67.17:14444
- 51.15.69.136:14444
- 51.255.34.118:14444
- 51.255.34.79:14444
- 51.255.34.80:14444
- 79.137.82.70:14444
- 92.222.10.59:14444
- 92.222.180.118:14444
- xmr-eu1.nanopool.org
- xmr-eu2.nanopool.org
- # Reference: https://www.virustotal.com/gui/file/d958cecf2197999b603b38cc136be8374fd108047be8c8d080b659c46d693cdf/behavior/C2AE
- 172.94.88.173:5501
- 49.12.80.40:45700
- # Reference: https://www.virustotal.com/gui/file/51929c3ab26fb6ad702929f577ff118dbe2b7f37d054740cc5697a278b01d125/detection
- pool-phx.supportxmr.com
- # Reference: https://www.virustotal.com/gui/file/ac8e067af887fbd8067943930b3224cdcaf4365de4b44532c248694f54a8bffb/detection
- 37.187.95.110:3333
- # Reference: https://blog.talosintelligence.com/2021/06/necro-python-bot-adds-new-tricks.html
- # Reference: https://www.virustotal.com/gui/file/850e7fef1ce35a66e9608aeb7c8249e7f7bfe2896209193600be610da3b9ff73/detection
- 159.65.30.104:3333
- unmineable.com
- rx.unmineable.com
- # Reference: https://www.virustotal.com/gui/file/fb8799ce1371689377771fb2368cf307693fca3fec98cd9e1629790055e696d0/detection
- 149.202.83.171:5555
- 37.187.95.110:5555
- 91.121.140.167:5555
- 94.23.23.52:5555
- 94.23.247.226:5555
- # Reference: https://twitter.com/unmaskparasites/status/1402346388617236481
- cryptominded.com
- # Reference: https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html (# Win.Dropper.CoinMiner-9868311-1)
- # Reference: https://www.virustotal.com/gui/domain/yiluzhuanqian.com/relations
- tpool.yiluzhuanqian.com
- xcn1.yiluzhuanqian.com
- xmr.yiluzhuanqian.com
- # Reference: https://www.virustotal.com/gui/ip-address/49.12.80.38/relations
- # Reference: https://www.virustotal.com/gui/file/4e5899b580a267ee13b74d2a45210cf40ccf5d87aa4d382495f77f786082ee3a/detection
- # Reference: https://www.virustotal.com/gui/file/330fdb64d04d6df3f122ee0a98b83d82b9acd764194a257aad54b94dc274aa29/detection
- 49.12.80.38:45700
- 49.12.80.39:45700
- # Reference: https://www.virustotal.com/gui/ip-address/178.32.120.127/relations
- # Reference: https://www.virustotal.com/gui/file/44faa82f7ab6fe3a40a57480504d2f7caf1d20b66656f02840e5ed83a6ad27b3/detection
- 178.32.120.127:4444
- googleminer.com
- fr.minexmr.com
- pool.minexmr.uk
- xmr.748pz.net
- # Reference: https://www.virustotal.com/gui/file/474553ee2993630e0431d2017b8412f9aa2a660594efc00db0058ff44ba86fa9/detection
- 192.110.160.114:5555
- # Reference: https://www.virustotal.com/gui/file/5f8e8989d2f98dd8b9d3e06903b8a38e71ebf85fd7a15ac6a36e58267586dc90/detection
- 2miners.com
- xmr.2miners.com
- # Reference: https://www.virustotal.com/gui/file/b96d67decf51cd2e2c96fd254d4b3cd7f5e3b181fe7d3c3f192aa39bba99df06/detection
- 157.90.156.89:6004
- bmpool.org
- mine.bmpool.org
- # Reference: https://www.virustotal.com/gui/file/78b362eaa3777e2c0a789071c72cc9fdcb541d47912b6c455b3fb4e7eb221f60/detection
- kronecoin.org
- seed.kronecoin.org
- # Reference: https://twitter.com/James_inthe_box/status/1423632214172991488
- # Reference: https://app.any.run/tasks/43cb89b5-8bba-4623-ac27-4e31f9ddb36b/
- 178.63.100.197:3333
- # Reference: https://www.virustotal.com/gui/file/46b35d7ba219ea10bc5b957ae7aabce4cbfe2903ea4744ca751a6167396601d2/detection
- 217.182.169.148:14433
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement