API tools faq
paste
Advertisement
pandazheng

crypto_mining

pandazheng
Oct 25th, 2021
2,030
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 26.27 KB | None | 0 0
raw download clone embed print report
  1. crypto_mining
  2. https://github.com/stamparm/maltrail/blob/master/trails/static/suspicious/crypto_mining.txt
  3.  
  4. # Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
  5. # See the file 'LICENSE' for copying permission
  6.  
  7. # Reference: https://hackforums.net/printthread.php?tid=5655422
  8. # Reference: https://twitter.com/r3dbU7z/status/1347527548977242116
  9. # Reference: https://www.virustotal.com/gui/file/6cd557cb2582ab5cf8d0e77131479ab91c00bfdf9c775c170809d5265bf0477a/detection
  10.  
  11. 107.191.47.239:3333
  12. 176.31.105.53:3333
  13. 45.32.233.191:3333
  14. 51.144.104.161:3333
  15. 51.144.119.120:3333
  16. 54.37.7.208:3333
  17. 94.23.251.22:3333
  18. 107.191.47.239:7777
  19. 176.31.105.53:7777
  20. 45.32.233.191:7777
  21. 51.144.104.161:7777
  22. 51.144.119.120:7777
  23. 54.37.7.208:7777
  24. 94.23.251.22:7777
  25. minergate.com
  26. pool.minergate.com
  27. xmr.pool.minergate.com
  28. miningpoolhub.com
  29. minexmr.com
  30. pool.minexmr.com
  31. moneropool.com
  32. crypto-pool.fr
  33. dwarfpool.com
  34. xmrpool.eu
  35. prohash.net
  36. nanopool.org
  37. ethereumpool.co
  38. suprnova.cc
  39. siamining.com
  40.  
  41. # Reference: https://www.virustotal.com/gui/file/7738ad1029f1709ec86c8ba24e04b3f71edf671b64681b884ccd70725a1674a5/detection
  42.  
  43. 94.130.143.162:45700
  44.  
  45. # Reference: https://www.multipool.us/
  46.  
  47. multipool.us
  48.  
  49. # Reference: https://mining-help.ru/
  50.  
  51. mining-help.ru
  52.  
  53. # Reference: https://xmrminer.cc/
  54.  
  55. xmrminer.cc
  56.  
  57. # Reference: https://www.monero.how/tutorial-how-to-mine-monero
  58.  
  59. supportxmr.com
  60. monero.hashvault.pro
  61. monerohash.com
  62. monero.crypto-pool.fr
  63. xmrpool.net
  64. poolmining.org
  65. pool.xmr.pt
  66. xmr.prohash.net
  67. xmr.poolto.be
  68.  
  69. # Reference: http://www.gandalph3000.com/
  70.  
  71. gandalph3000.com
  72.  
  73. # Reference: https://pangolinminer.com/
  74.  
  75. pangolinminer.com
  76.  
  77. # Reference: https://hellominer.com/
  78.  
  79. hellominer.com
  80.  
  81. # Reference: https://github.com/keraf/NoCoin/blob/master/src/blacklist.txt
  82.  
  83. # coinhive.com
  84. # coin-hive.com
  85. # jsecoin.com
  86. # reasedoper.pw
  87. # mataharirama.xyz
  88. # listat.biz
  89. # lmodr.biz
  90. # minecrunch.co
  91. # minemytraffic.com
  92. # crypto-loot.com
  93.  
  94. # Reference: https://www.virustotal.com/#/file/179c5390ba2023402283104fd85d6394033976bc2f21e45d32e7557cafaa7d41/detection
  95.  
  96. sparechange.io
  97.  
  98. # Reference: https://blog.talosintelligence.com/2018/08/rocke-champion-of-monero-miners.html
  99.  
  100. 8282.space
  101. 3389.space
  102.  
  103. # Reference: https://github.com/xmrig/xmrig/blob/master/src/net/strategies/DonateStrategy.cpp
  104.  
  105. fee.xmrig.com
  106.  
  107. # Reference: https://www.securityhome.eu/malware/malware.php?mal_id=7994909645aa0b75fc035d0.43847858
  108.  
  109. donate.xmrig.com
  110.  
  111. # Reference: https://isc.sans.edu/forums/diary/What+is+going+on+with+port+3333/23215
  112.  
  113. mine.moneropool.com
  114. pool.cortins.tk
  115. pool.supportxmr.com
  116. xmr.crypto-pool.fr
  117. xmrpool.eu
  118.  
  119. # Reference: https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/
  120.  
  121. koto-pool.work
  122.  
  123. # Reference: https://www.anomali.com/blog/rocke-evolves-its-arsenal-with-a-new-malware-family-written-in-golang
  124.  
  125. 134.209.104.20:51640
  126. minerxmr.ru
  127.  
  128. # Reference: https://twitter.com/bad_packets/status/1100625553822867456
  129.  
  130. 119.23.222.239:26590
  131.  
  132. # Reference: https://twitter.com/James_inthe_box/status/1115591879586795521
  133.  
  134. 47.97.119.5:19988
  135.  
  136. # Reference: https://twitter.com/infosec_dude/status/1117450131417313280
  137. # Reference: https://www.virustotal.com/gui/ip-address/45.43.27.214/relations
  138. # Reference: https://twitter.com/James_inthe_box/status/1117881448151666688
  139.  
  140. 45.43.27.214:17555
  141. r.twotouchauthentication.online
  142.  
  143. # Reference: https://twitter.com/luc4m/status/1123126706943008768
  144.  
  145. 139.224.15.175:26591
  146.  
  147. # Reference: https://www.gdatasoftware.com/blog/2019/05/31695-strange-bits-smuggling-malware-github
  148.  
  149. zarabotaibitok.ru
  150. 61.128.111.164:3335
  151.  
  152. # Reference: https://twitter.com/raby_mr/status/1133347073154097153
  153. # Reference: https://app.any.run/tasks/7e23f973-5f69-4ef0-af26-427e975e308d/
  154. # Reference: https://www.virustotal.com/gui/file/272e25e3aa9d792281a282c2f6cd40d59c5b8fe432ae93bb5015899ceb173dd1/behavior/Dr.Web%20vxCube
  155. # Reference: https://www.virustotal.com/gui/ip-address/94.130.64.225/relations
  156. # Reference: https://www.virustotal.com/gui/ip-address/46.4.119.208/relations
  157.  
  158. 46.4.119.208:45700
  159. 94.130.64.225:45700
  160.  
  161. # Reference: https://github.com/guardicore/labs_campaigns/blob/master/Nansh0u/mining_pools_domains.md
  162.  
  163. lokiturtle.herominers.com
  164. trtl.cnpool.cc
  165. turtle.miner.rocks
  166. trtl.pool.mine2gether.com
  167.  
  168. # Reference: https://twitter.com/liuya0904/status/1135901420958281729
  169.  
  170. noobxmr.com
  171. minexmr.cn
  172. moriaxmr.com
  173. viaxmr.com
  174. xmr-us.suprnova.cc
  175. xmr.bohemianpool.com
  176. xmr-usa.dwarfpool.com
  177. miners.pro
  178. zer0day.ru
  179.  
  180. # Reference: https://twitter.com/malware_traffic/status/1138999824613687298
  181. # Reference: https://twitter.com/VK_Intel/status/1139926661162512384
  182. # Reference: https://github.com/k-vitali/Malware-Misc-RE/blob/master/2019-06-14-tofsee-spambot-modules.notes.vk.txt
  183.  
  184. 185.181.165.20:8087
  185.  
  186. # Reference: https://twitter.com/Artilllerie/status/1115258738368294913
  187.  
  188. 185.212.129.80:8087
  189.  
  190. # Reference: https://otx.alienvault.com/pulse/5d0773672ba7e7853c4ad5cf
  191.  
  192. 185.161.70.34:3333
  193. 202.144.193.184:3333
  194. 205.185.122.99:3333
  195.  
  196. # Reference: https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/ (# Mining hosts)
  197.  
  198. system-update.info
  199. system-check.services
  200. 185.193.126.114:443
  201. 185.193.126.114:8080
  202. 82.221.139.161:8080
  203.  
  204. # Reference: https://twitter.com/28bit/status/1159906315642253312
  205.  
  206. 121.42.151.137:28850
  207.  
  208. # Reference: https://twitter.com/James_inthe_box/status/1165005466419658753
  209.  
  210. 3.120.209.58:8080
  211.  
  212. # Reference: https://habr.com/ru/company/pt/blog/466877/ (Russian)
  213.  
  214. 154.16.67.133:80
  215.  
  216. # Reference: https://twitter.com/Paladin3161/status/1171766464560238593
  217. # Reference: https://pastebin.com/YWXQFF3Q
  218.  
  219. http://185.141.25.35
  220. solarray.club
  221.  
  222. # Reference: https://twitter.com/pancak3lullz/status/1174012227130679297
  223.  
  224. 65.154.226.109:14100
  225. 70.42.131.189:14100
  226.  
  227. # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/fileless-cryptocurrency-miner-ghostminer-weaponizes-wmi-objects-kills-other-cryptocurrency-mining-payloads/
  228.  
  229. pool.usa-138.com
  230. xmr.usa-138.com
  231.  
  232. # Reference: https://twitter.com/MalwareTechBlog/status/1190730471321112577
  233. # Reference: https://otx.alienvault.com/pulse/5dbdf437299aea7cd396cd26
  234. # Reference: https://www.virustotal.com/gui/file/8a87a1261603af4d976faa57e49ebdd8fd8317e9dd13bd36ff2599d1031f53ce/detection
  235. # Reference: https://www.virustotal.com/gui/file/037dbddeda76d7a1be68a2b3098feabfbf5400a53e2606f5a0e445deb2e42959/detection
  236.  
  237. 5.100.251.106:52057
  238.  
  239. # Reference: https://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-botnets/
  240.  
  241. myxmr.pw
  242. xmr.5b6b7b.ru
  243.  
  244. # Reference: https://www.virustotal.com/gui/file/f99833ef4d4bcb6cf9abcaee6edd3d1ba5b5825af4fd3f609654d343b137a8af/detection
  245.  
  246. 91.121.140.167:3333
  247.  
  248. # Reference: https://www.accenture.com/_acnmedia/pdf-46/accenture-threat-analysis-monero-wannamine.pdf
  249.  
  250. pool.supportxmr.com
  251. pool.minexmr.com
  252. pool.support
  253. pool.monero.hashvault.pro
  254. xmrpool.eu
  255. cryptonight-hub.miningpoolhub.com
  256. xmrpool.net
  257. xmr.nanopool.org
  258. mixpools.org
  259. minergate.com
  260. viaxmr.com
  261. moriaxmr.com
  262. xmr.suprnova.cc
  263. moneroocean.stream
  264. xmrpool.eu
  265. xmrpool.de
  266. poolto.be
  267. mineXMR.com
  268. xmr.prohash.net
  269. sheepman.mine.bz
  270. xmr.mypool.online
  271. bohemianpool.com
  272. moneropool.com
  273. moneropool.nl
  274. iwanttoearn.money
  275. pool.xmr.pt
  276. monero.crypto-pool.fr
  277. monero.miners.pro
  278. minercircle.com
  279. monero.lindon-pool.win
  280. cryptmonero.com
  281. teracycle.net
  282. ratchetmining.com
  283. dwarfpool.com
  284. monerohash.com
  285. monero.us.to
  286. usxmrpool.com
  287. xmrpool.xyz
  288. minemonero.gq
  289. alimabi.cn
  290. pooldd.com
  291. monero.riefly.id
  292.  
  293. # Reference: https://blog.talosintelligence.com/2020/01/vivin-cryptomining-campaigns.html
  294. # Reference: https://otx.alienvault.com/pulse/5e29b7189d749995b2d4ea71
  295. # Reference: https://www.virustotal.com/gui/file/6bc118693d6e69081e5f39fdab20a613d7536d3199c029562c192c5dbc9d1d1c/detection
  296.  
  297. 37.59.43.136:4444
  298. 37.59.54.205:4444
  299.  
  300. # Reference: https://app.any.run/tasks/d6c87295-24a2-48eb-aef0-d3d5ac4ad2ae/
  301. # Reference: https://mining.bittube.app/
  302.  
  303. mining.bittubeapp.com
  304.  
  305. # Reference: https://www.virustotal.com/gui/file/5eda21ea41febbdc5b69840894cb37cba8206f2865dc07e2cb85c29db5240d04/detection
  306. # Reference: https://www.virustotal.com/gui/ip-address/163.172.204.213/relations
  307. # Reference: https://www.virustotal.com/gui/ip-address/163.172.204.219/relations
  308.  
  309. 163.172.204.213:3333
  310. 163.172.204.219:3333
  311. 163.172.207.198:3333
  312. 163.172.207.71:3333
  313. crypto-pool.info
  314. monero-master.crypto-pool.fr
  315. pool.4i7i.com
  316. xmr.ip28.net
  317. xmr.simka.pw
  318. xmrpool.me
  319. xmr.crypto-pool.info
  320. xmrf.520fjh.org
  321. xmrf.fjhan.club
  322. xmr.somec.cc
  323. pool.somec.cc
  324.  
  325. # Reference: https://www.first.org/resources/papers/amsterdam2019/FIRST-TC-pres-v1.1.pdf # Note: page 31
  326. # Reference: https://www.virustotal.com/gui/ip-address/163.172.226.194/relations
  327. # Reference: https://www.virustotal.com/gui/domain/xmr.crypto-pool.fr/relations
  328. # Reference: https://www.virustotal.com/gui/file/87f9a5a38c1dce92317c50fe66f2fdc0fcfac19f0ea58951b9a3e747915c1827/behavior/Rising%20MOVES # Note: different ports used
  329.  
  330. 163.172.114.218
  331. 163.172.203.178
  332. 163.172.204.213
  333. 163.172.204.219
  334. 163.172.205.136
  335. 163.172.206.67
  336. 163.172.207.166
  337. 163.172.207.198
  338. 163.172.207.69
  339. 163.172.207.71
  340. 163.172.207.88
  341. 163.172.224.101
  342. 163.172.226.114
  343. 163.172.226.120
  344. 163.172.226.128
  345. 163.172.226.137
  346. 163.172.226.194
  347. 163.172.226.218
  348.  
  349. # Reference: https://www.virustotal.com/gui/file/fbcdd5c542bb5c66303e621829f0cd654be0bfb38ed0c50a335ef3c9dae0201f/detection
  350.  
  351. 138.201.20.89:45700
  352. 138.201.27.243:45700
  353. 78.46.87.181:45700
  354. 88.99.142.163:45700
  355.  
  356. # Reference: https://www.virustotal.com/gui/file/c3affb76ff0fad78d77b0153b5c2a99d5bbd8d829ef13661c0af58d2988db344/detection
  357.  
  358. 149.210.234.234:3333
  359. litecoinpool.org
  360.  
  361. # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1240732487195688962
  362.  
  363. covid19crypto.com
  364.  
  365. # Reference: https://blog.360totalsecurity.com/en/crazycoin-the-master-of-double-mining-double-white-utilization-and-resource-utilization/
  366.  
  367. 47.101.30.124:13531
  368. 47.108.119.77:6000
  369. f2pool.com
  370. hns.f2pool.com
  371. xmr.f2pool.com
  372.  
  373. # Reference: https://github.com/Monero-Monitor/monero-monitor/blob/master/data/html/options.html
  374.  
  375. monero.crypto-pool.fr
  376. monerohash.com
  377. moneropool.com
  378. drill.moneroworld.com
  379. cryptmonero.com
  380. xmr.prohash.net
  381. xmr.alimabi.cn
  382. xmrpool.eu
  383. supportxmr.com
  384. minexmr.com
  385.  
  386. # Reference: https://www.virustotal.com/gui/file/eaef82223eeb8cf404a1d46613d36b9e582304b215201b5e557db578dd73e04e/behavior/Dr.Web%20vxCube
  387.  
  388. 37.59.43.131:5555
  389. 37.59.43.136:5555
  390. 91.121.2.76:5555
  391. 37.59.45.174:5555
  392. 176.9.2.144:5555
  393. 78.46.91.134:5555
  394. 78.46.89.102:5555
  395. 37.187.154.79:5555
  396. 37.59.54.205:5555
  397. 37.59.55.60:5555
  398.  
  399. # Reference: https://s.tencent.com/research/report/948.html (Paragraph 6)
  400. # Reference: https://otx.alienvault.com/pulse/5e863edb03f9ddbc8bc15b60
  401.  
  402. 103.195.4.139:443
  403. 178.128.108.158:443
  404. 68.183.182.120:443
  405.  
  406. # Reference: https://www.virustotal.com/gui/file/455224893e266c7f5781bdc2e0c1cbb1a4f3c71c8a63ba7c690cd3067949ed5c/detection
  407.  
  408. 178.63.48.196:5555
  409.  
  410. # Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt
  411.  
  412. minerpool.pw
  413. /xmrig/
  414.  
  415. # Reference: https://www.virustotal.com/gui/file/a38216166e363d752f37bdf0419d2e2694279beab8df66d40f56c679563e7a4f/detection
  416.  
  417. pool.hashvault.pro
  418.  
  419. # Reference: https://www.virustotal.com/gui/file/f47aa2f661eec457e659d0c0867902e4ed851993f8b884e03c22e27403f4876c/detection
  420. # Reference: https://www.virustotal.com/gui/file/6eb73cfa98e35282a6f9a6d028f3f5ad84cf29ed4deb33b262d682c8bd246466/detection
  421. # Reference: https://www.virustotal.com/gui/file/44cd3c7c0acb590fd5f1d5175171accedc602c702139ea47017dea782b859a8b/detection
  422. # Reference: https://www.virustotal.com/gui/domain/hex7e4.ru/relations
  423.  
  424. 134.122.57.234:3333
  425. 185.212.128.180:8080
  426. 45.61.136.51:3333
  427. 45.61.136.51:8080
  428. 97.68.239.202:3333
  429. d1pool.ddns.net
  430. d5pool.us
  431. xmr.hex7e4.ru
  432. xxx.hex7e4.ru
  433.  
  434. # Reference: https://www.virustotal.com/gui/file/f0fa9f69e15c349511fc1d2928507a69aefa908726d5c3aa5cd7e3ae83b412c5/detection
  435.  
  436. 107.175.127.22:6661
  437. emercoin.com
  438. emercoin.net
  439. emergate.net
  440. seed.emercoin.com
  441. seed.emercoin.net
  442. seed.emergate.net
  443.  
  444. # Reference: https://twitter.com/r3dbU7z/status/1323120001604341760
  445.  
  446. 13.77.155.141:5000
  447. xmr.bepooh.com
  448.  
  449. # Reference: https://www.virustotal.com/gui/file/f1f8d8e09da07736059c4388bfdf35318d3e34726c5d362c5f986e5ed8d6a0d4/detection
  450.  
  451. 51.81.245.40:5555
  452. us-west.minexmr.com
  453. webservicepag.webhop.net
  454.  
  455. # Reference: https://thedfirreport.com/2020/11/12/cryptominers-exploiting-weblogic-rce-cve-2020-14882/
  456. # Reference: https://otx.alienvault.com/pulse/5fad78631749dbff71a31f55
  457. # Reference: https://www.virustotal.com/gui/ip-address/178.128.242.134/relations
  458. # Reference: https://www.virustotal.com/gui/ip-address/185.92.222.223/relations
  459. # Reference: https://www.virustotal.com/gui/file/58bb90f11070a114442c4fa1cbbccefadcdf954510ae2b8d91c9b22b1a8a42d5/detection
  460.  
  461. 178.128.242.134:443
  462. 185.92.222.223:443
  463. 104.140.244.186:3333
  464. 37.59.44.193:3333
  465. 45.136.244.146:3333
  466. 94.23.23.52:3333
  467. donate.ssl.xmrig.com
  468. donate.v2.xmrig.com
  469. randomx.xmrig.com
  470.  
  471. # Reference: https://twitter.com/r3dbU7z/status/1326915356028493826
  472.  
  473. 131.153.76.130:3333
  474.  
  475. # Reference: https://www.virustotal.com/gui/file/91c051a316c234d4f29a1ae939baa2b3ce28d8cc536442fc829c268d72b1cbcd/detection
  476.  
  477. 109.94.208.3:28734
  478. 110.93.227.135:28734
  479. 182.1.2.238:28734
  480. 27.67.182.91:28734
  481. 35.225.125.226:28734
  482. 37.214.86.162:28734
  483. 89.183.110.221:28734
  484. 93.81.162.103:28734
  485.  
  486. # Reference: https://twitter.com/r3dbU7z/status/1330843370244214784
  487.  
  488. bizxmr.cc
  489.  
  490. # Reference: https://www.virustotal.com/gui/file/f2519c4978dd4339e0b625b875343bb4ae03c504268da799c4ec694802770585/detection
  491. # Reference: https://twitter.com/rootprivilege/status/1331348542028275712
  492.  
  493. 198.50.168.213:6233
  494. 198.50.152.135:6233
  495. 149.56.122.72:6233
  496. 144.217.67.71:6233
  497. 144.217.111.81:6233
  498. 192.99.233.217:6233
  499. 149.56.122.79:6233
  500. 192.99.203.53:6233
  501. 198.50.168.213:6234
  502. 198.50.152.135:6234
  503. 149.56.122.72:6234
  504. 144.217.67.71:6234
  505. 144.217.111.81:6234
  506. 192.99.233.217:6234
  507. 149.56.122.79:6234
  508. 192.99.203.53:6234
  509. mine.zpool.ca
  510.  
  511. # Reference: https://www.virustotal.com/gui/ip-address/3.120.98.217/relations
  512.  
  513. 3.120.98.217:8080
  514.  
  515. # Reference: https://www.virustotal.com/gui/file/49a326ef65fb6a7f8e778fb2104aa2708e38601348ddbc04e8cbd9117af0458a/detection
  516.  
  517. 172.65.200.133:3380
  518.  
  519. # Reference: https://www.virustotal.com/gui/file/a8174c8d4169bafa791bdaba5033bf0b67a6ab7dde9a362c5f04ac6d2088a677/detection
  520.  
  521. 172.65.200.133:3357
  522.  
  523. # Reference: https://www.virustotal.com/gui/file/692627b99dc224be5f31321b5628c9736bc0b43a87358ccf544e39453d27eb4e/detection
  524. # Reference: https://www.virustotal.com/gui/file/1d8c8e42e73eea50e0ca09124c0c2c3e7da21c5b232246129528cc955dc5a25f/detection
  525.  
  526. 172.65.200.133:3333
  527. 172.65.245.55:3333
  528.  
  529. # Reference: https://www.virustotal.com/gui/file/f89c6d288cadbd5924496b664f6138c14523c338bef44407c0ed1a449b11e466/detection
  530. # Reference: https://www.virustotal.com/gui/file/8b7aac6ab2d4b4a128c11c02b9b0269c08dec2c935c92e45804756a4ee5878e5/detection
  531.  
  532. 172.65.195.177:3341
  533. 172.65.200.133:3341
  534.  
  535. # Reference: https://www.virustotal.com/gui/file/fd1d919e012353386a9d20af761109eaaa3099eec0bebec107b3bf000348f3fe/detection
  536.  
  537. 172.65.200.133:3375
  538.  
  539. # Reference: https://www.virustotal.com/gui/file/1d1d2b6edf51a4262795b2d99f4bf21f2c71b68d2001f74a6d1b24b077a890f0/detection
  540.  
  541. 172.65.200.133:3334
  542.  
  543. # Reference: https://www.virustotal.com/gui/file/09fb4ee5038c7f273273642b83926c84361ef34ae43ac835542c1ff065734437/detection
  544.  
  545. 172.65.200.133:3347
  546.  
  547. # Reference: https://www.virustotal.com/gui/file/a9510408f55684801300e3bcb9df0405bd620091dc635493b190dc749d743f93/detection
  548.  
  549. 172.65.192.67:3353
  550. 172.65.196.90:3353
  551. 172.65.200.133:3353
  552. 172.65.223.147:3353
  553. 172.65.229.122:3353
  554. 172.65.255.250:3353
  555.  
  556. # Reference: https://twitter.com/IntezerLabs/status/1341010531902050305
  557. # Reference: https://www.virustotal.com/gui/ip-address/80.211.206.105/relations
  558. # Reference: https://www.virustotal.com/gui/file/1ce687b9d97bc0932bc3bc107a6b5c9363bb5a6f1c2391a59f1664dfa68a2228/detection
  559. # Reference: https://www.virustotal.com/gui/file/b0c8667eba81af1069e310055acea49e4f08fed8a071cb33da64a3d1e154d75d/detection
  560. # Reference: https://www.virustotal.com/gui/file/402ce23a6b8c718d31a203eb27d1ac97dc614499b542ab630afcb5ac629d934a/detection
  561. # Reference: https://www.virustotal.com/gui/file/603585df24d799e13d80145f071b2fbc3d81493d098a0df5e474ef4405b61fe4/detection
  562. # Reference: https://www.virustotal.com/gui/file/3373bdf62d72c6f8ab62797aeda4f2b993f0d950964c3b5f9b8f96774abc25a6/detection
  563. # Reference: https://www.virustotal.com/gui/file/037f28da0a7e825a21176c27123c9333bca46d37a8faf378c31766b82c653bbb/detection
  564. # Reference: https://www.virustotal.com/gui/file/64db532ccfa34e01e697e68d5ee6d7360c9641440c38d2fd7850687837b24039/detection
  565. # Reference: https://www.virustotal.com/gui/file/ee1024af67999dad6fc7a202f200526f70d54afbdf39f53121b020510fb103b8/detection
  566. # Reference: https://www.virustotal.com/gui/file/b0adb691cf67bbe881c5b1946eb31f99fdddacef06078b94b8fe56a611bbe897/detection
  567. # Reference: https://www.virustotal.com/gui/domain/donate.graef.in/relations
  568.  
  569. 15.236.100.141:10001
  570. 15.236.100.141:10128
  571. 18.180.72.219:10001
  572. 18.180.72.219:10128
  573. 3.125.10.23:10001
  574. 3.125.10.23:10032
  575. 3.125.10.23:10128
  576. 34.252.195.254:10032
  577. 34.252.195.254:10128
  578. 80.211.206.105:5555
  579. donate.graef.in
  580. donate2.graef.in
  581. xmrigcc.graef.in
  582.  
  583. # Reference: https://www.virustotal.com/gui/ip-address/61.147.103.140/relations
  584. # Reference: https://www.virustotal.com/gui/file/e52afc60918b6ba83cff5362344b4d712e9fa29b639ee70e25c1c650bf93360d/detection
  585.  
  586. 61.147.103.140:20570
  587.  
  588. # Reference: https://www.virustotal.com/gui/file/b7be211bbc842b461f8b729c3b6105c855df563e7b11e4fc51aaf9cafe250526/detection
  589.  
  590. 185.154.13.213:3333
  591.  
  592. # Reference: https://twitter.com/r3dbU7z/status/1341352776459272195
  593.  
  594. 54.188.223.206:10128
  595.  
  596. # Reference: https://twitter.com/r3dbU7z/status/1344547651564539904
  597.  
  598. 149.248.6.193:13531
  599.  
  600. # Reference: https://www.virustotal.com/gui/file/cd889a03ea69d14e772e1f0996dedf7fd18cc927de21d40785f5942320e35cd1/detection
  601.  
  602. 47.100.95.105:13531
  603.  
  604. # Misc (incidents)
  605.  
  606. 213.252.245.67:450
  607. 213.252.245.67:453
  608. 213.252.245.67:454
  609. 213.252.245.67:457
  610. 213.252.245.157:450
  611. 213.252.245.157:451
  612. 213.252.245.157:452
  613. 213.252.245.157:454
  614. 213.252.245.157:457
  615. 213.252.245.197:451
  616. 213.252.245.197:452
  617. 213.252.245.197:453
  618. 213.252.245.197:454
  619. 213.252.245.197:457
  620. 213.252.245.223:450
  621. 213.252.245.223:451
  622. 213.252.245.223:452
  623. 213.252.245.223:457
  624.  
  625. # Reference: https://s.tencent.com/research/report/1213.html
  626. # Reference: https://www.virustotal.com/gui/domain/mine.c3pool.com/relations
  627.  
  628. 91.121.140.167:443
  629. 101.32.73.178:15555
  630. 116.203.61.78:15555
  631. 119.28.4.91:15555
  632. 149.202.214.40:15555
  633. 158.247.195.181:15555
  634. 3.112.214.88:15555
  635. 3.18.108.36:15555
  636. 35.153.203.86:15555
  637. 35.163.175.186:15555
  638. 47.241.2.137:15555
  639. 51.75.75.163:15555
  640. 52.195.14.54:15555
  641. 54.180.146.246:15555
  642. mine.c3pool.com
  643.  
  644. # Reference: https://www.virustotal.com/gui/domain/winxmr.club/relations
  645.  
  646. winxmr.club
  647.  
  648. # Reference: https://twitter.com/r3dbU7z/status/1348015427541151745
  649. # Reference: https://www.virustotal.com/gui/file/f7a8d3fb89711f208f281c267ed8dd647cda207ecb514d37892b56a0ddafbe9a/relations
  650.  
  651. monerogb.com
  652. monerorx.com
  653.  
  654. # Reference: https://www.virustotal.com/gui/file/fd18bea214ae854e69e6775f6cdebb6bd6d378dee7854924cf3ae3bfb5173b94/detection
  655.  
  656. 139.99.120.50:7777
  657.  
  658. # Reference: https://www.virustotal.com/gui/file/405a51b74c7c4e26ae112189e5ef071d6279b5fece6e2af08985306fdd28e223/detection
  659.  
  660. 49.12.80.38:45560
  661. 49.12.80.40:45560
  662.  
  663. # Reference: https://www.virustotal.com/gui/file/167370f764174dce40f79a111ad8441df37c0af80eba4ba2e7a3b4d72e6e42e7/detection
  664.  
  665. 51.254.84.37:4444
  666.  
  667. # Reference: https://www.virustotal.com/gui/file/85b8e1e0746f3e62bf8d8d6473526b55b7c198cde13dd471469afd531f9e69e6/detection
  668.  
  669. 49.12.80.40:45700
  670.  
  671. # Reference: https://twitter.com/CUJOAI/status/1369653043281723400
  672. # Reference: https://cujo.com/iot-malware-journals-prometei-linux/
  673.  
  674. 5.189.171.187:3333
  675.  
  676. # Reference: https://blog.netlab.360.com/microsoft-exchange-vulnerability-cve-2021-26855-scan-analysis-3/
  677.  
  678. 159.65.206.137:3333
  679.  
  680. # Reference: https://twitter.com/KorbenD_Intel/status/1379537565498363906
  681. # Reference: https://twitter.com/James_inthe_box/status/1379538678356185088
  682. # Reference: https://github.com/stamparm/maltrail/pull/15811
  683. # Reference: https://www.virustotal.com/gui/file/a7c8b4c917102a5578a504f9badea75602544d765dd0dacf31420e44cc7b7d4b/detection
  684.  
  685. 205.147.109.89:9000
  686.  
  687. # Reference: https://unit42.paloaltonetworks.com/attackers-conducting-cryptojacking-u-s-education-organizations/
  688.  
  689. 135.181.62.60:4555
  690. 135.181.62.60:6238
  691. miningrigrentals.com
  692.  
  693. # Reference: https://www.virustotal.com/gui/file/ca7fb7f30484188410962403699ca8aaa567424dc64bf091c8d454af895ee507/detection
  694. # Reference: https://www.virustotal.com/gui/file/fe9817c1a253d4a1f051e565dba2a19e7cf07d30b1f59dd812a2bd9e8e9b1d6c/detection
  695.  
  696. 109.122.17.187:58080
  697. 109.122.19.233:58080
  698. 109.122.21.57:58080
  699. 109.200.230.228:58080
  700. 109.200.239.116:58080
  701. 110.174.11.117:58080
  702. 115.196.176.31:58080
  703. 115.70.207.118:58080
  704. 132.255.172.2:58080
  705. 135.181.62.60:58080
  706. 141.255.84.48:58080
  707. 173.249.36.200:58080
  708. 179.203.251.42:58080
  709. 183.212.113.247:58080
  710. 185.103.153.205:58080
  711. 185.109.168.132:58080
  712. 185.220.101.18:58080
  713. 188.124.42.105:58080
  714. 188.166.113.181:58080
  715. 195.74.76.237:58080
  716. 2.229.120.121:58080
  717. 217.144.175.237:58080
  718. 217.146.82.102:58080
  719. 31.4.236.97:58080
  720. 31.4.247.155:58080
  721. 37.120.133.73:58080
  722. 45.154.14.95:58080
  723. 45.77.152.180:4001
  724. 45.77.152.180:58080
  725. 45.77.152.180:8117
  726. 46.250.25.121:58080
  727. 46.250.26.211:58080
  728. 52.143.28.3:58080
  729. 62.171.176.187:58080
  730. 62.80.191.164:58080
  731. 74.74.76.149:58080
  732. 77.247.181.163:58080
  733. 78.180.38.32:58080
  734. 79.147.150.181:58080
  735. 82.42.36.23:58080
  736. 83.51.143.62:58080
  737. 84.66.171.180:58080
  738. 87.168.45.14:58080
  739. 89.187.1.234:58080
  740. 93.73.141.143:58080
  741. 95.151.35.130:58080
  742. 95.213.193.198:58080
  743. 95.213.193.235:58080
  744. 95.26.150.131:58080
  745. pool.armornetwork.org
  746. pool2.armornetwork.org
  747.  
  748. # Reference: https://blog.talosintelligence.com/2021/04/threat-roundup-0416-0423.html (# Win.Trojan.CoinMiner-9852807-1)
  749. # Reference: https://www.virustotal.com/gui/domain/herominers.com/relations
  750.  
  751. 168.119.11.231:10451
  752. herominers.com
  753.  
  754. # Reference: https://twitter.com/r3dbU7z/status/1385904261435887616
  755.  
  756. miner.rocks
  757. minerrocks.com
  758. masari.miner.rocks
  759. sumokoin.minerrocks.com
  760.  
  761. # Reference: https://www.trendmicro.com/en_us/research/21/d/tor-based-botnet-malware-targets-linux-systems-abuses-cloud-management-tools.html (# Monero pools chapter)
  762.  
  763. 119.205.235.58:443
  764. 119.205.235.58:8080
  765. 136.243.90.99:443
  766. 136.243.90.99:8080
  767. 153.127.216.132:8080
  768. 94.176.237.229:443
  769. 94.176.237.229:80
  770. 94.176.237.229:8080
  771.  
  772. # Reference: https://blog.netlab.360.com/wei-xie-kuai-xun-z0miner-zheng-zai-li-yong-elasticsearch-he-jenkins-lou-dong-da-si-chuan-bo/
  773. # Reference: https://www.virustotal.com/gui/domain/xmr-eu2.nanopool.org/relations
  774. # Reference: https://www.virustotal.com/gui/file/506d0ed05c5334cf4461380123eab85e46398220ed82386745f3d8ef3339adf9/detection
  775. # Reference: https://www.virustotal.com/gui/file/01453d9e9836474f22700a97b77c3e5a2c418a3474877d62467fe65ac2cf766e/detection
  776. # Reference: https://www.virustotal.com/gui/file/2e5c3f033990ce39eb6c50160a60256accd2d54550a071394d21a88cc089a134/detection
  777.  
  778. 149.202.42.174:14444
  779. 151.80.144.188:14444
  780. 198.251.88.21:14444
  781. 213.32.74.157:14444
  782. 51.15.78.68:14444
  783. 5.196.26.96:14444
  784. 51.15.55.100:14444
  785. 51.15.55.162:14444
  786. 51.15.58.224:14444
  787. 51.15.67.17:14444
  788. 51.15.69.136:14444
  789. 51.255.34.118:14444
  790. 51.255.34.79:14444
  791. 51.255.34.80:14444
  792. 79.137.82.70:14444
  793. 92.222.10.59:14444
  794. 92.222.180.118:14444
  795. xmr-eu1.nanopool.org
  796. xmr-eu2.nanopool.org
  797.  
  798. # Reference: https://www.virustotal.com/gui/file/d958cecf2197999b603b38cc136be8374fd108047be8c8d080b659c46d693cdf/behavior/C2AE
  799.  
  800. 172.94.88.173:5501
  801. 49.12.80.40:45700
  802.  
  803. # Reference: https://www.virustotal.com/gui/file/51929c3ab26fb6ad702929f577ff118dbe2b7f37d054740cc5697a278b01d125/detection
  804.  
  805. pool-phx.supportxmr.com
  806.  
  807. # Reference: https://www.virustotal.com/gui/file/ac8e067af887fbd8067943930b3224cdcaf4365de4b44532c248694f54a8bffb/detection
  808.  
  809. 37.187.95.110:3333
  810.  
  811. # Reference: https://blog.talosintelligence.com/2021/06/necro-python-bot-adds-new-tricks.html
  812. # Reference: https://www.virustotal.com/gui/file/850e7fef1ce35a66e9608aeb7c8249e7f7bfe2896209193600be610da3b9ff73/detection
  813.  
  814. 159.65.30.104:3333
  815. unmineable.com
  816. rx.unmineable.com
  817.  
  818. # Reference: https://www.virustotal.com/gui/file/fb8799ce1371689377771fb2368cf307693fca3fec98cd9e1629790055e696d0/detection
  819.  
  820. 149.202.83.171:5555
  821. 37.187.95.110:5555
  822. 91.121.140.167:5555
  823. 94.23.23.52:5555
  824. 94.23.247.226:5555
  825.  
  826. # Reference: https://twitter.com/unmaskparasites/status/1402346388617236481
  827.  
  828. cryptominded.com
  829.  
  830. # Reference: https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html (# Win.Dropper.CoinMiner-9868311-1)
  831. # Reference: https://www.virustotal.com/gui/domain/yiluzhuanqian.com/relations
  832.  
  833. tpool.yiluzhuanqian.com
  834. xcn1.yiluzhuanqian.com
  835. xmr.yiluzhuanqian.com
  836.  
  837. # Reference: https://www.virustotal.com/gui/ip-address/49.12.80.38/relations
  838. # Reference: https://www.virustotal.com/gui/file/4e5899b580a267ee13b74d2a45210cf40ccf5d87aa4d382495f77f786082ee3a/detection
  839. # Reference: https://www.virustotal.com/gui/file/330fdb64d04d6df3f122ee0a98b83d82b9acd764194a257aad54b94dc274aa29/detection
  840.  
  841. 49.12.80.38:45700
  842. 49.12.80.39:45700
  843.  
  844. # Reference: https://www.virustotal.com/gui/ip-address/178.32.120.127/relations
  845. # Reference: https://www.virustotal.com/gui/file/44faa82f7ab6fe3a40a57480504d2f7caf1d20b66656f02840e5ed83a6ad27b3/detection
  846.  
  847. 178.32.120.127:4444
  848. googleminer.com
  849. fr.minexmr.com
  850. pool.minexmr.uk
  851. xmr.748pz.net
  852.  
  853. # Reference: https://www.virustotal.com/gui/file/474553ee2993630e0431d2017b8412f9aa2a660594efc00db0058ff44ba86fa9/detection
  854.  
  855. 192.110.160.114:5555
  856.  
  857. # Reference: https://www.virustotal.com/gui/file/5f8e8989d2f98dd8b9d3e06903b8a38e71ebf85fd7a15ac6a36e58267586dc90/detection
  858.  
  859. 2miners.com
  860. xmr.2miners.com
  861.  
  862. # Reference: https://www.virustotal.com/gui/file/b96d67decf51cd2e2c96fd254d4b3cd7f5e3b181fe7d3c3f192aa39bba99df06/detection
  863.  
  864. 157.90.156.89:6004
  865. bmpool.org
  866. mine.bmpool.org
  867.  
  868. # Reference: https://www.virustotal.com/gui/file/78b362eaa3777e2c0a789071c72cc9fdcb541d47912b6c455b3fb4e7eb221f60/detection
  869.  
  870. kronecoin.org
  871. seed.kronecoin.org
  872.  
  873. # Reference: https://twitter.com/James_inthe_box/status/1423632214172991488
  874. # Reference: https://app.any.run/tasks/43cb89b5-8bba-4623-ac27-4e31f9ddb36b/
  875.  
  876. 178.63.100.197:3333
  877.  
  878. # Reference: https://www.virustotal.com/gui/file/46b35d7ba219ea10bc5b957ae7aabce4cbfe2903ea4744ca751a6167396601d2/detection
  879.  
  880. 217.182.169.148:14433
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!