# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/en/file/0687cd8d38c334a970b81b1ba9bb2e18aa66424edba3f33b61f7d03e35d5db20/analysis/
# Reference: https://isc.sans.edu/forums/diary/Crypto+Mining+Is+More+Popular+Than+Ever/24050
# Reference: https://www.alibabacloud.com/blog/jbossminer-mining-malware-analysis_593804
# Reference: https://blog.talosintelligence.com/2018/08/rocke-champion-of-monero-miners.html
# Reference: https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-evade-detection-by-cloud-security-products/

3g2upl4pq6kufc4m.tk
a.ssvs.space
aybc.so
blockbitcoin.com
d3goboxon32grk2l.tk
d20blzxlz9ydha.cloudfront.net
dazqc4f140wtl.cloudfront.net
dwn.rundll32.ml
enjoytopic.tk
realtimenews.tk
sydwzl.cn

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/linux-coin-miner-copied-scripts-from-korkerds-removes-all-other-malware-and-miners/

drnfbu.xyz
yxarsh.shop

# Reference: https://www.anomali.com/blog/rocke-evolves-its-arsenal-with-a-new-malware-family-written-in-golang
# Reference: https://otx.alienvault.com/pulse/5c8bff7c52e568275bf09e0b

sowcar.com
w2wz.com

# Generic link path signs for sh-loaders of ELF-coinminer

/bonn.sh
/conn.sh
/Duck.sh
/kw.sh
/lower.sh
/lowerv2.sh
/lowerv3.sh
/pro.sh
/r88.sh
/root.sh
/rootv2.sh
/rootv3.sh

# Reference: https://twitter.com/bad_packets/status/1106094104520253441
# Reference: https://www.virustotal.com/#/file/5c1439c0db107cb5f3a9b9c239652b26935a2badaf1d840812702267290ebcac/detection

/a_thk.sh

# Reference: https://twitter.com/SugitaMuchi/status/1075352914221121537

103.55.13.68:13333

# Reference: https://twitter.com/bad_packets/status/1123473023313616896

45.67.14.152:1337

# Reference: https://twitter.com/liuya0904/status/1135901420958281729
# Reference: https://pastebin.com/5Ee4Xevs

220.194.237.43:43768
w.21-3n.xyz
w.3ei.xyz
w.lazer-n.com

# Reference: https://otx.alienvault.com/pulse/5d0773672ba7e7853c4ad5cf

51.15.56.161:443
51.38.133.232:80
51.38.133.232:201
http://107.173.102.59
http://107.174.47.156
http://107.174.47.181
http://51.15.56.161

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-botnet-arrives-through-adb-and-spreads-through-ssh/

198.98.51.104:282

# Reference: https://twitter.com/KernelD0wn/status/1144379473585983493

http://112.216.100.210

# Reference: https://twitter.com/bad_packets/status/1151785688360075264

http://185.181.10.234

# Reference: https://www.alibabacloud.com/blog/return-of-watchbog-exploiting-jenkins-cve-2018-1000861_594798
# Reference: https://otx.alienvault.com/pulse/5d35958a9983df3a51f1a3b9
# Reference: https://blog.talosintelligence.com/2019/09/watchbog-patching.html
# Reference: https://otx.alienvault.com/pulse/5d794c4a25c9e790d1f66f01

http://45.55.211.79
z5r6anrjbcasuikp.onion.to
aziplcr72qjhzvin.onion.to

# Reference: https://otx.alienvault.com/pulse/5d44442ef2bd636085171214
# Reference: https://unit42.paloaltonetworks.com/rockein-the-netflow/
# Reference: https://otx.alienvault.com/pulse/5db2e2a517e95c5c22817055
# Reference: https://www.anomali.com/blog/illicit-cryptomining-threat-actor-rocke-changes-tactics-now-more-difficult-to-detect

z9ls.com
gwjyhs.com
heheda.tk
systemten.org
sowcar.com
baocangwh.cn
cloudappconfig.com
w2wz.cn
iap5u1rbety6vifaxsi9vovnc9jjay2l.com

# Reference: https://twitter.com/28bit/status/1159906315642253312

http://96.32.50.131
http://188.192.40.43
/racks_s

# Reference: https://habr.com/ru/company/pt/blog/466877/ (Russian)

http://107.174.47.156
http://154.16.67.135
http://154.16.67.136

# Reference: https://blog.sucuri.net/2019/10/cryptominers-backdoors-found-in-fake-plugins.html

xfer.abcxyz.stream

# Reference: https://www.virustotal.com/gui/file/2d9fb5ea6356fba9734673ba4ed1653ff7e887875cc3bfc9da7669c80a53a93b/detection
# Reference: https://twitter.com/luc4m/status/1202311106187821056 (Note: not perl ircbot)
# Reference: https://yoroi.company/research/outlaw-is-back-a-new-crypto-botnet-targets-european-organizations/
# Reference: https://otx.alienvault.com/pulse/5eb984d90091572e80b24197

45.9.148.125:80
45.9.148.125:443
45.9.148.129:80
45.9.148.129:443
debian-package.center

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/outlaw-updates-kit-to-kill-older-miner-versions-targets-more-systems/
# Reference: https://otx.alienvault.com/pulse/5e42eb027242294dd0f82358

104.236.192.6:80
159.203.141.208:80
minpop.com/sk12pack/idents.php
minpop.com/sk12pack/names.php

# Reference: https://unit42.paloaltonetworks.com/los-zetas-from-eleethub-botnet/
# Reference: https://otx.alienvault.com/pulse/5ec4066fef9efdf091b20025
# Reference: https://www.virustotal.com/gui/file/14c351d76c4e1866bca30d65e0538d94df19b0b3927437bda653b7a73bd36358/detection
# Reference: https://www.virustotal.com/gui/file/9ae6fba4d9359a85984377dc9795de422bd9fbfa41558372ba8be9d5b9c9aa14/detection

62.210.119.142:80
62.210.119.142:4444
eleethub.com

# Reference: https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/
# Reference: https://otx.alienvault.com/pulse/5ef4b1a819214546dc8ef774

144.202.23.108:4444
155.138.227.135:442
155.138.234.122:442
66.42.53.57:442
66.42.93.164:442
5pwcq42aa42fjzel.onion
73avhutb24chfsh6.onion

# Reference: https://twitter.com/IntezerLabs/status/1300757052940263425

http://195.226.222.209
34.235.65.248:443
cdn.interakt.md

# Reference: https://www.trendmicro.com/en_us/research/20/i/exposed-docker-server-abused-to-drop-cryptominer-ddos-bot-.html
# Reference: https://otx.alienvault.com/pulse/5f622709681c2f7c568f13f4

http://104.244.75.25
http://107.189.11.170
http://205.185.113.151
c4k.xpl.pwndns.pw

# Reference: https://securelist.com/miner-xmrig/99151/
# Reference: https://otx.alienvault.com/pulse/5f91a968694f84319b78938c

2fsdfsdgvsdvzxcwwef-defender.xyz
sihost.xyz
srhost.xyz
svchost.xyz

# Reference: https://twitter.com/VessOnSecurity/status/1325090726187851777
# Reference: https://www.virustotal.com/gui/file/e2a4507f53247b0b4ca2040dd637118538fafd59cb47a186798a858fd43a7fb8/detection

http://103.125.218.107
global.bitmex.com.de/b2f627fff19fda/

# Reference: https://twitter.com/IntezerLabs/status/1334147151329435650
# Reference: https://www.virustotal.com/gui/file/876881f4c658ce8525f54e0eb06bfc8721f238878c3ff3e7f8387d7f84e13150/detection

hellomeyou.cyou
json.hellomeyou.cyou

# Reference: https://twitter.com/r3dbU7z/status/1338245237517520898
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/exposed-redis-instances-abused-for-remote-code-execution-cryptocurrency-mining/
# Reference: https://www.virustotal.com/gui/file/ea55a206f7047f54a9e97cc3234848dfd3e49d0b5f9569b08545f1ad0e733286/detection
# Reference: https://www.virustotal.com/gui/file/3c7faf7512565d86b1ec4fe2810b2006b75c3476b4a5b955f0141d9a1c237d38/detection

http://178.157.91.26
http://45.137.151.106
178.157.91.26:1433
178.157.91.26:6379
178.157.91.26:6380
178.157.91.26:7001
178.157.91.26:7002
178.157.91.26:8080
178.157.91.26:8088
178.157.91.26:9200
/hrh8rjmb95n8t7t/

# Reference: https://www.virustotal.com/gui/file/969094571f6fcfd22238fe3163b7742a13402357961cda66acb3f192edd2d25b/detection

tyz2020.top

# Reference: https://twitter.com/r3dbU7z/status/1362716682507210755

http://47.114.157.117

# Reference: https://www.virustotal.com/gui/file/e1d7014b84618cd7fbf94439c78fe7d67f351cbc5536885fa3d94ea15325d83b/detection

http://199.19.226.117

# Reference: https://twitter.com/r3dbU7z/status/1366886386985545728

http://34.107.61.31

# Reference: https://twitter.com/xuy1202/status/1371307049221382147

zzhreceive.anondns.net

# Reference: https://twitter.com/r3dbU7z/status/1406295518213517320
# Reference: https://twitter.com/r3dbU7z/status/1406298605712031751

http://104.236.13.229
http://174.138.117.79

# Reference: https://blog.netlab.360.com/ten-families-of-malicious-samples-are-spreading-using-the-log4j2-vulnerability-now/

http://129.226.180.53

# Reference: https://twitter.com/BushidoToken/status/1479400276859801603
# Reference: https://cystack.net/research/the-attack-on-onus-a-real-life-case-of-the-log4shell-vulnerability
# Reference: https://www.virustotal.com/gui/file/d9e6eaeaacb3feb6e32482301f918f19727466e13bc0bef5323a1c86f42a8ca2/detection

http://45.147.230.219
45.147.230.219:8001
45.147.230.219:81

# Reference: https://twitter.com/t0001100000/status/1446048755577458694
# Reference: https://www.anomali.com/blog/inside-teamtnts-impressive-arsenal-a-look-into-a-teamtnt-server

/chimaeraxmr.c
/chimaeraxmr.h
/docker.ethminer.sh
/my.xmr.sh
/Setup_ETH_Miner.sh
/Setup_ETH_MinerService.sh
/setup_c3pool_miner.sh
/setup_moneroocean_miner.sh
/Setup_RainBow_Miner.sh
/xmrigCC/
/xmrig_setup/

# Reference: https://blog.netlab.360.com/li-yong-namesilo-parkinghe-googlede-zi-ding-yi-ye-mian-lai-chuan-bo-e-yi-ruan-jian/
# Reference: https://otx.alienvault.com/pulse/618cfe9c6d8832f3adde566b

gannimachoubi.cyou
hvtde6ew5.top

# Reference: https://www.virustotal.com/gui/file/ce278388efbe6072bef8fea520946b5b9f4c35e694476c49747164d580e0b28d/detection

195.2.93.34:443

# Reference: https://www.trendmicro.com/en_us/research/22/e/patch-your-wso2-cve-2022-29464-exploited-to-install-linux-compatible-cobalt-strike-beacons-other-malware.html

13.94.40.162:8088

# Reference: https://twitter.com/1ZRR4H/status/1557851650433642496

198.98.59.44:8812
205.185.125.45:8080

# Reference: https://twitter.com/TekDefense/status/1577650055057739777
# Reference: https://www.virustotal.com/gui/file/447fec7fd70235bd0072f829b29dc951232f339c9566b8bd9dbf2e3bd3e41907/detection

45.141.157.113:82

# Reference: https://twitter.com/1ZRR4H/status/1579569830751252481
# Reference: https://www.virustotal.com/gui/file/d4c364b1e30174387d4650d2869765e1fb620a73724ce5f64593b50567cdc241/detection

122.181.174.44:8888
oednikufecin.cl

# Reference: https://www.virustotal.com/gui/file/04ee0bbb8ba84eeac2f4af133dc8ceff6b5c9159729d937875a89762bc5b6e29/detection
# Reference: https://www.virustotal.com/gui/file/1abceb0e87ed9314de31d8bf2c2a38000d6fc67be1322787913ed744cbdf54d9/detection

146.59.198.38:8080
c4k-rx0.pwndns.pw
work.onlypirate.top

# Reference: https://www.virustotal.com/gui/file/89c31b380ee72c4a85927c1c148f974572c228c8152e9038c1668ea933f140f8/detection
# Reference: https://elfdigest.com/brief/e2c3e81aa24b20ac71147340adc1eaedf077ad00e4a2359e3db47b166cf5411a

137.184.82.101:8080
167.114.114.169:8080
su1001-2.top
fbi.su1001-2.top

# Reference: https://asec.ahnlab.com/ko/44885/
# Reference: https://otx.alienvault.com/pulse/63ac153614c9db1f6699fa19
# Reference: https://www.virustotal.com/gui/file/d2626acc7753a067014f9d5726f0e44ceba1063a1cd193e7004351c90875f071/detection

http://167.172.103.111
http://172.104.170.240
http://172.105.211.21
hostname.help
ic.hostname.help
wget.hostname.help

# Reference: https://twitter.com/SecureSh3ll/status/1614708088828837889

39.165.53.17:8088

# Reference: https://twitter.com/SecureSh3ll/status/1614755430651105281

http://185.216.71.148
/minerus-dark

# Reference: https://twitter.com/suyog41/status/1618135008283332608
# Reference: https://www.virustotal.com/gui/file/61db2eb29b89370e3f32ac9dcf1b172c9a4a115598c4b22bfa6802804692ce25/detection

http://185.106.94.146
45.142.122.11:8080
bpdeliver.ru
dw.bpdeliver.ru

# Reference: https://elfdigest.com/brief/d318cdb5fee75d647c784a6dcb2a5a613143caf7740087726911bab35206b666
# Reference: https://www.virustotal.com/gui/file/d318cdb5fee75d647c784a6dcb2a5a613143caf7740087726911bab35206b666/detection

http://194.87.102.77

# Reference: https://mp.weixin.qq.com/s/-mZD0pPbeIgxoTUNNFBnrw
# Reference: https://otx.alienvault.com/pulse/63ff9e52727a0663f1e78001

whitesnake.church
load.whitesnake.church
pool.whitesnake.church

# Reference: https://www.virustotal.com/gui/file/b092385641c3b87f1fcfec515c29962272ac253a9cbc7d987e05740d5af597a6/detection

185.252.178.82:6972
45.10.20.100:1010
45.10.20.100:2008

# Reference: https://www.virustotal.com/gui/file/d21de0d62549c6a22a3f170b0bf0b0083d87908b1dad6f95d2e6c254f13451c2/detection

95.214.24.102:6972

# Reference: https://www.virustotal.com/gui/file/8690240b6df9e303b66d1b0622aa249e1b19db29aa80edaa6a3ba79667544d95/detection

bdg0b50yfhqg7.cfc-execute.bj.baidubce.com

# Reference: https://twitter.com/sicehice/status/1640135678947217408

http://47.87.236.177

# Reference: https://twitter.com/sicehice/status/1645918416660996096

45.61.137.96:8081

# Reference: https://twitter.com/SecureSh3ll/status/1719826326981403116
# Reference: https://www.akamai.com/blog/security-research/mexals-cryptojacking-malware-resurgence
# Reference: https://github.com/akamai/akamai-security-research/blob/main/malware/mexals/iocs.csv
# Reference: https://otx.alienvault.com/pulse/6437fd922644796c1e12055a
# Reference: https://otx.alienvault.com/pulse/64906f1ae8efba6ea78b79ee
# Reference: https://www.virustotal.com/gui/file/815dd34957f6c640ff6a70b16a71c5781a4618fe51d5d77a6e51526eb49cf2f5/detection
# Reference: https://www.virustotal.com/gui/file/f1e03af7a7f683e4b5555dfc7660aa4fc1c6d87ee674dba2dea9a238dd38548b/detection

http://139.99.123.196
http://91.92.247.224
http://95.214.27.89
212.193.30.11:2121
45.139.105.222:2121
45.88.67.94:2121
45.9.148.108:2121
95.214.27.89:1337
arhivehaceru.com
dinpasiune.com
nasa.arhivehaceru.com

# Reference: https://twitter.com/r3dbU7z/status/1648586927266832384

178.62.44.152:9000

# Reference: https://twitter.com/abuse_ch/status/1648926739232432128
# Reference: https://twitter.com/sicehice/status/1676332839254597633

http://45.81.243.128
45.81.243.128:3333

# Reference: https://www.virustotal.com/gui/file/812133033ba969731b66c63d5468556e42048bad396ef1026b5a91dda98bc289/detection
# Reference: https://www.virustotal.com/gui/file/1f66675d2102e5d4ac89a239f9022c48b3bf23fe92dadb832d84e0eac6e476d6/detection
# Reference: https://elfdigest.com/brief/1f66675d2102e5d4ac89a239f9022c48b3bf23fe92dadb832d84e0eac6e476d6

107.189.6.203:62652

# Reference: https://www.virustotal.com/gui/file/8a29dfe241a86c8f1ebf8984b8f4f4f9de5f904b930a44a99d139358c733b4ec/detection

193.47.61.251:3333

# Reference: https://twitter.com/sicehice/status/1686384236155346945

http://109.206.242.251

# Reference: https://sysdig.com/blog/labrat-cryptojacking-proxyjacking-campaign/
# Reference: https://www.virustotal.com/gui/file/d329f248910dd66c4fa9c514f79d876da56ba85c4b5d756002cb13c0c4409588/detection
# Reference: https://www.virustotal.com/gui/file/d329f248910dd66c4fa9c514f79d876da56ba85c4b5d756002cb13c0c4409588/detection
# Reference: https://www.virustotal.com/gui/file/7162a27a795d3ae13d0b8a6df0d7aa75fbefa74f8cb086ee46fdab0368d8ea07/detection

107.173.154.7:6969
172.245.226.47:5858
192.227.165.88:4443
192.227.165.88:6666
23.94.204.157:44445
23.94.204.157:7773
desertplanets.com

# Reference: https://twitter.com/sicehice/status/1694051971055976811
# Reference: https://www.virustotal.com/gui/file/4c14d9dad1342819f2e1033e7cd48ec56965bc5aa1d308b952d80fc8d8812a83/detection
# Reference: https://www.virustotal.com/gui/file/a52f49b7726293d8e2d60006b44eba5fb2c23966851eaf22ce9d15267440a1e2/detection

asyncfox.xyz
c2.asyncfox.xyz
download.asyncfox.xyz
xmr-pool.asyncfox.xyz

# Reference: https://twitter.com/sicehice/status/1694546485864435835
# Reference: https://www.virustotal.com/gui/file/0f881a02d257f5679f0fbf7ec4ac491cbc28ad80b01db0df8275406aa9dbb56e/detection

94.130.144.19:19029
94.130.144.19:3333
94.130.144.19:5556
94.130.144.19:8000

# Reference: https://threatfox.abuse.ch/browse/malware/elf.cpuminer/ (# 2023-10-07)

http://135.125.217.87
http://165.227.239.108
http://185.225.75.242
http://45.9.148.117

# Reference: https://twitter.com/SecureSh3ll/status/1738286142569504771
# Reference: https://www.virustotal.com/gui/file/e99f367777fa43405bc3c8db59258d1713ce18e5d7a7a264e8cd0eeea0f1e787/detection
# Reference: https://www.virustotal.com/gui/file/b949767cd60c8d5d5260c5a9f682462f62f04d3dddbe4d3e4c450992fcd572cc/detection
# Reference: https://www.virustotal.com/gui/file/b4373ac8abdd83fd1af8b93ddd292070080a96e2130e17a97ec1eebf2a8c0bea/detection
# Reference: https://www.virustotal.com/gui/file/4a5965b0eab64c56adcc2e19513f6eba72d6103e5e156f14ba2f9d7b05a4edc5/detection
# Reference: https://www.virustotal.com/gui/file/49a9b59eaf650ca8f0b7e50c10140c2d6dfe328bc131347ec360e0e537fff37b/detection
# Reference: https://www.virustotal.com/gui/file/66b8cba29258740ad26da0706649dc2ad90f7b29397fe6da37753f0d2ea97561/detection

http://208.68.38.81
http://91.121.68.60
128.199.210.191:8080
164.90.205.244:443
91.121.68.60:81

# Reference: https://twitter.com/sicehice/status/1740862006213882116
# Reference: https://www.virustotal.com/gui/file/58837808bcc1a8337b04da4aab97414e102e9724197de674275d3a4ab7cd420c/detection
# Reference: https://www.virustotal.com/gui/file/1533a6bcd1ebe0455d6e00ced421dd5dc0caa01c21c30acbffbb932929cc4ac7/detection

http://45.95.147.236
45.95.147.236:2137
45.95.147.236:43782
ohuyal.xyz
cnc.ohuyal.xyz
dw.ohuyal.xyz
xmr.ohuyal.xyz

# Reference: https://twitter.com/SecureSh3ll/status/1674512017053343745
# Reference: https://twitter.com/SecureSh3ll/status/1740878747740549485

141.98.6.76:6972
91.92.240.70:6972
/xrx.gpg
/xrx.tar

# Reference: https://twitter.com/malwrhunterteam/status/1745578479284871267
# Reference: https://www.virustotal.com/gui/file/cee6b19d4712ffce74d4b1a35ccaf7c2b4a32ab496712095c2d2b5c125f40608/detection
# Reference: https://www.virustotal.com/gui/file/fb396e959f004fbaf291ee2e141562d3d41a6795bde35b90279f84c26dc600ec/detection
# Reference: https://www.virustotal.com/gui/file/e2a3a3c68caadcf6589b7b10779dedd75a6e06dc1b9a81f8427f7e3451ef42b6/detection
# Reference: https://www.virustotal.com/gui/file/a20d484ca79052a9fd85e5d3d92bf0ee2ec7ca70dc2b843e9154f44b6da2efa1/detection
# Reference: https://www.virustotal.com/gui/file/05d09e5db6a3a784e8ff9df97e38e7a0c73d016d6dcaf74e106647a9cdaf2bd4/detection
# Reference: https://www.virustotal.com/gui/file/cfc1d6a38eb7c6bd6a32ce2ebb07413e897a378198e70ba1882eb810182261bd/detection

http://139.162.43.28
http://2.59.254.30
http://91.92.250.29
xkobeimparatu.net
dragosteftp.xkobeimparatu.net
dragosteproxy.xkobeimparatu.net
split.xkobeimparatu.net
xkobeproxy.xkobeimparatu.net
/.mini/.hellenergy
/mini/hellenergy
/.dragosteftp
/dragosteftp
/.dragosteproxy
/dragosteproxy
/.hellenergy
/hellenergy

# Reference: https://www.cadosecurity.com/containerised-clicks-malicious-use-of-9hits-on-vulnerable-docker-hosts/

/v1.43/containers/create?name=faucet
/v1.43/images/create?fromImage=9hitste%2Fapp
/v1.43/images/create?fromImage=minerboy%2FXMRig

# Reference: https://twitter.com/TheDFIRReport/status/1749494909910807020
# Reference: https://www.virustotal.com/gui/file/0d748f9a76c8b7fdba515ca0ad062a8a2d629cb1e3822182593c8df5113daf1a/detection

23.94.214.119:55535
23.94.214.119:8010

# Reference: https://www.virustotal.com/gui/file/2dd720d7cf395b32456fb2ed6b376321c6b29bdcd1bf349a7455414e9d564a3e/detection

154.9.28.112:8081

# Reference: https://twitter.com/Jane_0sint/status/1757309497482035244
# Reference: https://app.any.run/tasks/df53f74e-98c3-4123-82c4-ecd95a8dbd5e/
# Reference: https://www.virustotal.com/gui/file/0046342a57cfdc865eacd99b3fa62d4f6365ddc3392677b730f96eadb0a497e6/detection

45.95.147.236:43782

# Reference: https://twitter.com/cyber_ra1/status/1763209823590797701

18.208.164.74:17070

# Reference: https://twitter.com/banthisguy9349/status/1764374398515949824

http://93.123.85.129

# Reference: https://twitter.com/banthisguy9349/status/1764380866317279422

http://94.156.64.143

# Reference: https://www.virustotal.com/gui/file/43acd4f8911fe96ebf1fec468da32582da52552240a71e767713dbed0f7def49/detection

http://94.156.64.195
/.x/muciacio3

# Reference: https://twitter.com/banthisguy9349/status/1764640298473243035
# Reference: https://www.virustotal.com/gui/file/c1b30f420b79d04310b798d545acbb93fc7c15ba34982ddf73e80a76e124b940/detection

http://91.92.241.219
91.92.241.219:3333
91.92.241.219:8181

# Reference: https://www.virustotal.com/gui/ip-address/5.253.37.37/relations

http://5.253.37.37
/jtminer-0.4-SNAPSHOT-jar-with-dependencies.jar
/jtminer-0.4.1-SNAPSHOT-jar-with-dependencies.jar

# Reference: https://twitter.com/banthisguy9349/status/1767111553189298359

http://94.156.68.141

# Reference: https://twitter.com/naumovax/status/1776240946167824545
# Reference: https://www.virustotal.com/gui/file/78f6886ce0c49121a1f487bea1d75644ee389842bb45d3f230236bb99f77471e/detection

166.88.209.25:110

# Reference: https://twitter.com/sicehice/status/1780256008549650898

/asfffffffffffa
/31ciberke

# Reference: https://twitter.com/sicehice/status/1781146516905677069
# Reference: https://twitter.com/sicehice/status/1781146695775986022

116.213.40.102:9999
206.238.221.2:19490

# Reference: https://x.com/banthisguy9349/status/1792641338560622609
# Reference: https://www.virustotal.com/gui/file/28fed3dd2368f26c3734663ad17c52a510666ae0596a76330f20f16eec3d08b5/detection

http://46.17.44.199
y.shavsl.com
z.shavsl.com

# Reference: https://x.com/cyber_ra1/status/1795725302670479825

158.255.215.239:5271
194.68.225.71:5271
194.68.225.95:5271
mpool.live
eu.mpool.live

# Reference: https://www.virustotal.com/gui/file/ed8fe6eb98c8a487c631dee11ddbe11c322e446666280f7b97844d259fdb10f5/detection
# Reference: https://www.virustotal.com/gui/file/2c602147c727621c5e98525466b8ea78832abe2c3de10f0b33ce9a4adea205eb/detection

http://185.172.128.93

# Reference: https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/
# Reference: https://otx.alienvault.com/pulse/65aa779d249935925e76fe93
# Reference: https://github.com/volexity/threat-intel/blob/main/2024/2024-01-18%20Ivanti%20Connect%20Secure%20pt3/indicators/iocs.csv

192.252.183.116:8089

# Reference: https://x.com/lontze7/status/1810186603848962288

http://52.74.88.50

# Reference: https://www.virustotal.com/gui/file/b9221d0e63da518f15d96085697ecc203084a9509f4fc8775bb2e1ab7ae01831/detection

38.207.173.58:5452

# Reference: https://x.com/malwrhunterteam/status/1818245100251615266
# Reference: https://www.virustotal.com/gui/file/3bb3dbb608780e8d14193100dd7fcbcd8a68cb43fe2ad705c990fe8015f2a99a/detection

http://192.210.206.76

# Reference: https://x.com/malwrhunterteam/status/1819727322657742977
# Reference: https://www.virustotal.com/gui/ip-address/192.3.60.13/relations
# Reference: https://www.virustotal.com/gui/file/c69418a4328b7c5cf95ac49bb40a8c7e6b5795a2b84d018f2f6f5d599d6a02c5/detection
# Reference: https://www.virustotal.com/gui/file/7fb470f2402e0e0863c9248763e8c1a37f39028855229572b0439f8540849ea9/detection
# Reference: https://www.virustotal.com/gui/file/79da44233426c1b9e7549c94a838de89a4d69f15938889936b5083cee6b66144/detection

aptssl.com
yumssl.com

# Reference: https://www.virustotal.com/gui/file/42e81138cc11ac1d325cff7b4fefea2f032dcd195f2fdf57618092c9303fefbc/detection

107.189.5.210:61438

# Reference: https://www.virustotal.com/gui/file/046e040c848b29abcc326b613da242b478c5085090bb89c2cf07485e6a4877be/detection
# Reference: https://www.virustotal.com/gui/file/b74059f94eb1f7be688d7c5c93b9a0b3f8c6f25335cb2dfd491e88775bde3d73/detection

107.175.77.206:3399
discipline-pad-driver-cheaper.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/06059ec518d1ff1cb8dbda3f5491e68c02095feb6de5cc469bc54a35702746a2/detection

91.92.241.134:3693
pay-framework-trials-shadow.trycloudflare.com

# Reference: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
# Reference: https://otx.alienvault.com/pulse/66e0b0caffa8120f0871c74b
# Reference: https://www.virustotal.com/gui/file/47e52ff8d26f6c796789ae2d641c183885b16b1f15ebb3b50806e20ccd5ed701/detection
# Reference: https://www.virustotal.com/gui/file/ca96479473879deabf7182976c75a7fdb9b3731a7c52083946def1e32315bc01/detection
# Reference: https://www.virustotal.com/gui/file/776fed3e2c6b4d4f3ec908ffc6d41c252dd55ecc936fcf912620370d236c7c30/detection
# Reference: https://www.virustotal.com/gui/file/7d052cffcf97b303d11c5d35fa9bc860155601cdea21e38447401571b35d2db1/detection
# Reference: https://www.virustotal.com/gui/file/c81d4770e812ddc883ead8ff41fd2e5a7d5bc8056521219ccf8784219d1bd819/detection
# Reference: https://www.virustotal.com/gui/file/e23b9cae980fa0271cd0a2301f3d4cb67b55c689fd9e1f499b875f61487fcdce/detection

http://112.133.194.254
http://95.85.93.196
103.99.178.90:81
185.183.84.197:81
185.238.250.137:81
38.180.188.158:3333
45.138.209.46:81
95.85.93.196:4443
96.43.101.213:3333
9527527.xyz
asdfghjk.youdontcare.com
gsdasdfadfs.9527527.xyz
sdfasdfsf.9527527.xyz
oss.17ww.vip
ec2-13-250-11-113.ap-southeast-1.compute.amazonaws.com
ec2-54-191-168-81.us-west-2.compute.amazonaws.com
/asdfakjg.sh

# Reference: https://x.com/banthisguy9349/status/1838307510769360966

http://66.70.242.174

# Reference: https://x.com/Ap0phis133/status/1838377287474958717
# Reference: https://www.virustotal.com/gui/file/167f071ee0381a998e50b95914b95bc66fe72173791a0c7003ffd439daeff808/detection

http://121.40.85.244

# Reference: https://x.com/sicehice/status/1838649318892540082

4thepool.lol
download.4thepool.lol

# Reference: https://urlhaus.abuse.ch/host/154.216.19.227/

http://154.216.19.227

# Reference: https://x.com/redrabytes/status/1851565777175863788

154.213.192.3:666
auroraaarcportal.cfd
mta.auroraaarcportal.cfd

# Reference: https://x.com/SecureSh3ll/status/1860779796763955547
# Reference: https://www.virustotal.com/gui/file/bfb06e80c738fba92af89351a9b7fc600ea0f2451d9af5cf08095ddc3c810592/detection
# Reference: https://www.virustotal.com/gui/file/b7507d7f4206878342e94a512ef06d552b7ce057c4cfa4af0095a2faaa5836d4/detection
# Reference: https://www.virustotal.com/gui/file/968ecb29b2ebce44f843b48fb98a8622caa4a01ef93e61011970ab8081dc1ca5/detection

http://80.76.51.5
87.120.116.35:1337
87.120.116.35:1418
87.120.116.35:42
digitaldatainsights.org
digital.digitaldatainsights.org
/.x/black3

# Reference: https://www.virustotal.com/gui/file/6db7881a0c06d024573974d1314fa05803af8f81a2d9be6d2330b089cb5da84b/detection

107.172.43.186:3939

# Reference: https://www.virustotal.com/gui/file/cb687db5c46de18ab3804b44e5a8af6ecb8c33e6355c6e60a187450750d4b3df/detection

http://45.83.122.25

# Reference: https://x.com/redrabytes/status/1888639800057405576/history

http://77.75.230.87
101.126.134.3:1919
101.126.142.20:1919
101.126.71.151:1919
101.36.109.45:1919
101.58.55.11:1919
101.58.58.98:1919
101.91.181.235:1919
102.211.152.45:1919
103.102.216.138:1919
103.104.169.53:1919
103.117.57.70:1919
103.124.101.54:1919
103.145.145.76:1919
103.145.145.78:1919
103.145.145.79:1919
103.149.114.17:1919
103.164.9.212:1919
103.169.87.86:1919
103.170.123.42:1919
103.174.9.66:1919
103.191.63.132:1919
103.195.101.126:1919
103.205.60.32:1919
103.246.244.102:1919
103.28.53.102:1919
103.96.72.194:1919
104.131.44.239:1919
104.218.122.61:1919
104.234.184.21:1919
104.248.63.189:1919
106.58.211.121:1919
107.172.239.49:1919
107.22.100.179:1919
108.181.105.209:1919
109.199.108.133:1919
109.206.241.199:1919
110.45.159.141:1919
111.17.175.221:1919
111.53.150.170:1919
111.67.202.63:1919
112.99.46.42:1919
113.125.26.208:1919
114.96.84.122:1919
115.144.170.82:1919
116.142.242.168:1919
116.181.16.239:1919
117.157.246.56:1919
117.157.246.57:1919
119.167.167.91:1919
119.84.66.98:1919
120.133.79.69:1919
120.133.83.146:1919
120.236.244.219:1919
121.14.195.11:1919
121.166.241.35:1919
121.41.95.224:1919
125.124.106.113:1919
125.124.215.61:1919
125.124.83.191:1919
125.72.54.172:1919
125.87.80.11:1919
125.87.80.161:1919
125.87.80.166:1919
125.87.80.180:1919
125.87.80.191:1919
125.87.80.206:1919
125.87.80.216:1919
125.87.80.240:1919
125.87.80.46:1919
125.87.80.74:1919
125.87.80.97:1919
125.87.81.102:1919
125.87.81.104:1919
125.87.81.123:1919
125.87.81.193:1919
125.87.81.22:1919
125.87.81.83:1919
125.87.82.0:1919
125.87.82.112:1919
125.87.82.121:1919
125.87.82.146:1919
125.87.82.156:1919
125.87.82.177:1919
125.87.82.178:1919
125.87.82.206:1919
125.87.82.214:1919
125.87.82.244:1919
125.87.82.255:1919
125.87.82.38:1919
125.87.82.75:1919
125.87.82.94:1919
125.87.83.10:1919
125.87.83.138:1919
125.87.83.146:1919
125.87.83.152:1919
125.87.83.192:1919
125.87.83.209:1919
125.87.83.211:1919
125.87.83.245:1919
125.87.83.249:1919
125.87.83.84:1919
125.87.83.85:1919
125.87.83.92:1919
125.87.83.99:1919
125.87.84.110:1919
125.87.84.113:1919
125.87.84.115:1919
125.87.84.12:1919
125.87.84.132:1919
125.87.84.134:1919
125.87.84.147:1919
125.87.84.18:1919
125.87.84.196:1919
125.87.84.78:1919
125.87.84.93:1919
125.87.84.9:1919
125.87.85.100:1919
125.87.85.11:1919
125.87.85.157:1919
125.87.85.15:1919
125.87.85.178:1919
125.87.85.219:1919
125.87.85.221:1919
125.87.85.229:1919
125.87.85.237:1919
125.87.85.250:1919
125.87.85.47:1919
125.87.85.82:1919
125.87.85.85:1919
125.87.86.117:1919
125.87.86.151:1919
125.87.86.167:1919
125.87.86.197:1919
125.87.86.249:1919
125.87.86.24:1919
125.87.86.255:1919
125.87.86.6:1919
125.87.87.116:1919
125.87.87.188:1919
125.87.87.244:1919
125.87.87.49:1919
125.87.87.61:1919
125.87.88.118:1919
125.87.88.147:1919
125.87.88.18:1919
125.87.88.208:1919
125.87.88.224:1919
125.87.88.229:1919
125.87.88.40:1919
125.87.88.74:1919
125.87.89.115:1919
125.87.89.241:1919
125.87.89.252:1919
125.87.89.27:1919
125.87.89.52:1919
125.87.89.89:1919
125.87.90.125:1919
125.87.90.135:1919
125.87.90.139:1919
125.87.90.148:1919
125.87.90.186:1919
125.87.90.205:1919
125.87.90.207:1919
125.87.90.224:1919
125.87.90.22:1919
125.87.90.239:1919
125.87.90.34:1919
125.87.90.38:1919
125.87.90.43:1919
125.87.90.57:1919
125.87.90.86:1919
125.87.90.94:1919
125.87.91.133:1919
125.87.91.134:1919
125.87.91.212:1919
125.87.91.251:1919
125.87.91.33:1919
125.87.91.88:1919
125.87.91.89:1919
125.87.91.92:1919
125.87.92.0:1919
125.87.92.104:1919
125.87.92.213:1919
125.87.92.223:1919
125.87.92.45:1919
125.87.92.64:1919
125.87.92.65:1919
125.87.92.86:1919
125.87.93.10:1919
125.87.93.182:1919
125.87.93.24:1919
125.87.93.32:1919
125.87.93.46:1919
125.87.93.91:1919
125.87.94.137:1919
125.87.94.139:1919
125.87.94.194:1919
125.87.94.225:1919
125.87.94.250:1919
125.87.94.254:1919
125.87.94.92:1919
125.87.95.169:1919
125.87.95.170:1919
125.87.95.188:1919
125.87.95.193:1919
125.87.95.23:1919
125.87.95.4:1919
125.87.95.60:1919
125.88.247.98:1919
129.226.12.158:1919
13.230.183.198:1919
131.153.231.56:1919
134.209.188.18:1919
138.124.19.102:1919
138.2.137.24:1919
138.2.159.100:1919
138.68.170.5:1919
139.159.102.236:1919
139.196.170.249:1919
139.224.186.12:1919
139.9.230.16:1919
141.11.25.156:1919
143.244.139.236:1919
144.22.254.125:1919
146.19.170.47:1919
147.185.246.189:1919
147.45.48.138:1919
147.93.0.108:1919
148.72.168.29:1919
15.207.116.86:1919
150.241.107.235:1919
151.115.121.150:1919
154.12.234.31:1919
154.212.139.79:1919
154.44.12.171:1919
154.86.156.69:1919
154.90.51.86:1919
156.238.99.111:1919
156.238.99.143:1919
156.238.99.168:1919
156.238.99.184:1919
156.238.99.209:1919
157.119.41.239:1919
157.180.19.155:1919
157.245.137.163:1919
157.255.137.26:1919
158.51.96.38:1919
159.203.108.2:1919
159.223.62.175:1919
16.171.153.13:1919
160.250.133.192:1919
162.248.103.24:1919
163.172.34.113:1919
164.138.14.208:1919
168.119.181.147:1919
170.238.45.73:1919
171.244.199.72:1919
173.231.184.125:1919
173.231.184.126:1919
176.65.138.133:1919
177.116.236.80:1919
177.116.254.173:1919
178.128.23.116:1919
18.208.188.215:1919
180.173.75.75:1919
180.188.226.115:1919
181.214.99.34:1919
182.151.13.134:1919
182.184.65.70:1919
182.44.20.242:1919
182.45.198.246:1919
182.49.250.150:1919
185.169.253.157:1919
185.181.210.57:1919
185.193.157.99:1919
185.213.173.44:1919
185.233.36.111:1919
185.241.40.134:1919
186.195.55.8:1919
186.224.204.142:1919
187.141.210.92:1919
188.121.102.132:1919
188.245.252.43:1919
188.245.254.196:1919
188.253.26.236:1919
189.15.97.211:1919
190.131.237.100:1919
190.89.44.242:1919
191.96.31.46:1919
193.151.154.16:1919
193.233.18.126:1919
195.88.87.235:1919
196.64.126.218:1919
196.75.186.43:1919
198.46.173.153:1919
2.33.239.68:1919
200.156.29.17:1919
200.90.0.21:1919
202.10.42.152:1919
202.30.7.190:1919
209.141.57.99:1919
209.145.50.53:1919
211.140.107.227:1919
211.154.16.218:1919
211.154.194.22:1919
211.158.170.249:1919
211.158.34.32:1919
211.158.36.217:1919
212.113.112.44:1919
212.132.93.112:1919
212.87.223.78:1919
213.176.65.122:1919
213.21.237.0:1919
217.128.159.25:1919
220.181.126.65:1919
221.179.57.254:1919
222.186.141.224:1919
223.197.34.158:1919
223.221.180.155:1919
223.240.79.237:1919
223.242.69.168:1919
23.157.88.103:1919
23.164.57.25:1919
23.182.128.13:1919
23.94.194.210:1919
27.124.21.86:1919
27.155.98.147:1919
3.101.37.217:1919
3.136.22.250:1919
3.86.31.127:1919
34.101.223.138:1919
35.180.32.44:1919
35.229.240.71:1919
35.247.243.10:1919
35.77.83.86:1919
35.78.175.49:1919
36.129.53.172:1919
36.137.164.43:1919
36.213.200.69:1919
36.26.70.16:1919
36.41.172.79:1919
38.11.90.140:1919
38.188.201.230:1919
39.109.123.178:1919
4.4.66.82:1919
42.123.127.90:1919
42.249.232.114:1919
42.81.205.82:1919
43.138.215.41:1919
43.207.171.4:1919
43.207.55.236:1919
43.207.79.87:1919
43.239.110.69:1919
43.247.68.87:1919
45.147.76.155:1919
45.159.211.228:1919
45.251.115.48:1919
45.33.13.164:1919
45.95.146.8:1919
45.95.147.221:1919
46.101.222.148:1919
46.8.231.45:1919
47.129.59.152:1919
47.130.74.231:1919
47.236.124.71:1919
47.76.222.178:1919
47.94.158.98:1919
5.161.179.99:1919
5.187.83.197:1919
5.34.206.189:1919
50.7.40.60:1919
50.7.40.84:1919
50.7.40.91:1919
52.65.160.199:1919
52.79.239.243:1919
54.159.112.99:1919
54.161.201.231:1919
54.87.30.253:1919
54.95.31.114:1919
57.128.174.73:1919
57.129.62.235:1919
58.215.30.149:1919
58.49.140.148:1919
60.121.162.164:1919
60.16.8.124:1919
60.190.165.70:1919
61.74.135.124:1919
62.164.210.220:1919
62.210.114.90:1919
63.176.110.249:1919
64.225.76.134:1919
67.159.17.16:1919
68.183.93.206:1919
69.87.207.133:1919
74.80.40.80:1919
77.105.167.102:1919
77.111.100.105:1919
77.237.237.59:1919
77.74.83.196:1919
77.90.5.96:1919
78.110.160.172:1919
78.153.149.215:1919
79.120.74.12:1919
8.219.9.18:1919
8.245.24.52:1919
80.251.210.95:1919
81.177.160.230:1919
81.94.150.53:1919
82.66.244.27:1919
84.21.173.166:1919
84.21.173.52:1919
84.21.173.97:1919
85.234.100.140:1919
86.104.220.73:1919
87.120.165.242:1919
87.120.165.245:1919
87.120.165.246:1919
87.120.165.56:1919
87.121.98.207:1919
88.151.34.37:1919
88.80.135.247:1919
89.169.145.237:1919
89.19.222.49:1919
89.19.222.66:1919
89.39.70.206:1919
91.107.250.155:1919
91.132.132.200:1919
91.214.112.17:1919
91.254.182.174:1919
91.92.120.31:1919
93.123.82.249:1919
94.159.102.167:1919
99.71.75.215:1919

# Reference: https://x.com/redrabytes/status/1889297505772335535

87.120.113.231:23232
moneroed.net

# Reference: https://www.virustotal.com/gui/file/af508a2d4957cc29eb75519ea027bce5ed412f0b8bda9193dd3b4673eae7df28/detection

http://104.245.240.20
/.puscarie/.report_system

# Reference: https://www.elastic.co/security-labs/outlaw-linux-malware

104.194.151.101:22
104.237.145.240:22
104.254.92.82:22
109.172.88.16:22
134.209.42.7:22
135.181.139.72:22
137.110.133.146:22
138.197.212.204:22
138.201.127.36:22
138.68.140.83:22
146.190.154.178:22
149.202.87.176:22
150.128.97.41:22
151.80.60.214:22
152.32.202.213:22
157.230.127.232:22
157.245.129.95:22
159.203.59.241:22
159.223.105.130:22
161.35.180.46:22
161.35.198.197:22
161.35.212.32:22
161.35.212.49:22
161.35.231.77:22
161.35.72.143:22
161.97.155.235:22
162.62.119.8:22
167.172.213.233:22
171.22.31.23:22
178.128.19.209:22
179.43.139.83:22
179.43.139.84:22
179.43.139.85:22
179.43.139.86:22
179.43.180.82:22
179.43.180.83:22
185.140.12.250:22
185.165.169.188:22
185.196.8.139:22
185.196.9.59:22
185.217.131.229:22
185.247.224.154:22
185.31.200.33:22
188.165.194.59:22
188.68.222.164:22
192.227.87.87:22
193.86.16.40:22
194.195.87.185:22
195.3.223.76:22
198.199.109.204:22
207.244.252.98:22
208.109.214.175:22
208.109.39.41:22
212.234.225.29:22
212.83.142.161:22
213.165.82.144:22
213.199.46.247:22
216.70.68.24:22
217.160.20.207:22
23.95.88.161:22
23.97.216.213:22
37.139.10.109:22
37.252.7.2:22
37.27.199.65:22
38.153.121.114:22
45.136.17.53:22
45.175.75.254:22
46.101.121.35:22
5.180.174.50:22
5.189.140.128:22
5.196.88.152:22
5.75.193.141:22
51.161.82.138:22
51.222.157.209:22
51.77.42.80:22
51.79.68.96:22
62.169.20.214:22
67.205.134.224:22
68.183.221.93:22
69.176.201.30:22
80.79.125.90:22
85.190.254.87:22
87.106.232.3:22
91.107.150.117:22

# Reference: https://www.elastic.co/security-labs/betting-on-bots
# Reference: https://www.virustotal.com/gui/file/c43f400b5dd971a93ffac590b016660be7a139bdd17e8a7eaa1ba077e0316d36/detection
# Reference: https://www.virustotal.com/gui/file/ed0f5bcfbca985865be45278a346313ef738f19837da0357360225875436fafd/detection

34.162.20.94:8080
35.184.163.38:8080
pagaelrescate.com
gcp.pagaelrescate.com
/t9r/SystemdXC
/SystemdXC

# Reference: https://x.com/TrendMicroRSRCH/status/1939564559242510700
# Reference: https://www.trendmicro.com/en_us/research/25/f/tor-enabled-docker-exploit.html
# Reference: https://www.virustotal.com/gui/file/1bb95a02f1c12c142e4e34014412608668c56502f28520c07cad979fa8ea6455/detection

198.199.72.27:2375
198.199.72.27:8000
2hdv5kven4m422wx4dmqabotumkeisrstzkzaotvuhwx3aebdig573qd.onion
wtxqf54djhp5pskv2lfyduub5ievxbyvlzjgjopk6hxge5umombr63ad.onion

# Reference: https://x.com/BlinkzSec/status/1954200067339882732
# Reference: https://urlhaus.abuse.ch/host/162.248.53.119/
# Reference: https://www.virustotal.com/gui/file/01766ca71e09d5a4a24de3d683887f5d9a68b232e668db514dd5ea0acd84f028/detection

162.248.53.119:8000

# Generic link path signs for ELF-coinminer

/accounts-daemon
/askdljlqw
/AnXqV.yam
/bashf
/bashg
/BI5zj
/bonns
/conns
/cpuminer-sse2
/cranberry
/cryptonight
/crypto-pool
/donns
/gekoCrw
/gekoCrw32
/gekoba2anc1
/gekoba5xnc1
/gekobalanc1
/gekobalance
/gekobalanq1
/gekobnc1
/ihhnk
/install_c3pool_miner.sh
/ir29xc1
/jaav
/jIuc2ggfCAvYmluL2Jhc2gi
/JnKihGjn
/jva
/KGlJwfWDbCPnvwEJupeivI1FXsSptuyh
/kworker
/kworker34
/kxjd
/lexarbalanc1
/ltcminerd
/minerd
/minergate
/minergate-cli
/minerd
/mixnerdx
/minerd64_s
/minexmr
/nativesvc
/NXLAi
/oanacroner
/pvv
/rig1
/rig2
/servcesa
/stratum
/sourplum
/t0mcat
/thisxxs
/uninstall_c3pool_miner.sh
/watch-smart
/watch-smartd
/xig
/xige
/XJnRj
/xmr-stak-rx-linux-1.0.5-cpu.tar.xz
/xmr-stak-rx-linux-1.0.5-cpu/
/xmrig.service
/xmrig
/xmrig1
/xmrig2
/xmrig_s
/xmrig_darwin
/xmrig_linux2
/xmrig_win32
/xmrig-6.19.2-linux-static-x64.tar.gz
/xmrig-6.21.3-msvc-win64.zip
/xmrigARM
/xmrig.x86_64
/xmrig.32
/xmrig.64
/xmrig.arc
/xmrig.arcle-hs38
/xmrig.arm
/xmrig.arm4
/xmrig.arm4l
/xmrig.arm4t
/xmrig.arm4tl
/xmrig.arm4tll
/xmrig.arm5
/xmrig.arm5l
/xmrig.arm5n
/xmrig.arm6
/xmrig.arm64
/xmrig.arm6l
/xmrig.arm7
/xmrig.arm7l
/xmrig.arm8
/xmrig.armv4
/xmrig.armv4l
/xmrig.armv5l
/xmrig.armv6
/xmrig.armv61
/xmrig.armv6l
/xmrig.armv7l
/xmrig.dbg
/xmrig.exploit
/xmrig.i4
/xmrig.i486
/xmrig.i586
/xmrig.i6
/xmrig.i686
/xmrig.kill
/xmrig.m68
/xmrig.m68k
/xmrig.mips
/xmrig.mips64
/xmrig.mipseb
/xmrig.mipsel
/xmrig.mpsl
/xmrig.pcc
/xmrig.powerpc
/xmrig.powerpc-440fp
/xmrig.powerppc
/xmrig.pp-c
/xmrig.ppc
/xmrig.ppc2
/xmrig.ppc440
/xmrig.ppc440fp
/xmrig.root
/xmrig.root32
/xmrig.sh
/xmrig.sh4
/xmrig.sparc
/xmrig.spc
/xmrig.ssh4
/xmrig.x32
/xmrig.x32_64
/xmrig.x64
/xmrig.x86_32
/xmrig-6.16.4-linux-x64.tar.gz
/xmrig-6.20.0-linux-static-x64.tar.gz
/xmrig-6.21.2-linux-static-x64.tar.gz
/xmrig-6.16.4/
/xmrig-6.20.0/
/xmrig-6.21.2/
/yam
/yam32
/ysaydh
/zbjnu
