# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://staging.nsfocusglobal.com/wp-content/uploads/2018/10/NuggetPhantom-Analysis-Report-V4.1.pdf

154.48.241.199:15912
98.126.1.26:15912
98.126.1.27:15917
98.126.80.90:15912
98.126.80.91:15912

# Reference: https://www.virustotal.com/gui/file/942411f2fa054ec621023c6b9b4ad3b92372697da43eb38d2b661f80e19e6deb/behavior

/panel/mining/CPUMiner.files

# Reference: https://www.virustotal.com/gui/file/0ac003e6d8091544f7b055d7295ded55de94576729ab13925cde17eb2dd4ceab/detection

coin-pool.com
give-us-ltc.com

# Reference: https://www.virustotal.com/gui/file/c1d66b09938e5177a9406a8935f717cba888b06bc5ff74797e32c7b793d6a935/detection

give-us-btc.pw

# Reference: https://www.virustotal.com/gui/domain/give-us-btc.biz/relations
# Reference: https://www.virustotal.com/gui/file/8678f395fb9ae84d495c669f056f8226d9b3dca85040e65d35fa4511f1ce48b8/detection
# Reference: https://www.virustotal.com/gui/file/ecb40d340aee4666b7c3c2a0d1bbbcdcd9a92c578b15ba9dcce3bdabb3d528b6/detection
# Reference: https://www.virustotal.com/gui/file/e91b5ee9a6130afad7dfe64e024b8bffcaf39079b17937c78e6b262bf5fc7442/detection

162.211.228.130:3333
188.40.65.132:3333
213.239.198.109:3333
give-us-btc.biz

# Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz
# Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz

darxk.com

# Reference: https://www.virustotal.com/gui/file/405a51b74c7c4e26ae112189e5ef071d6279b5fece6e2af08985306fdd28e223/detection
# Reference: https://github.com/stamparm/maltrail/pull/14162

a0153884.xsph.ru

# Reference: https://www.virustotal.com/gui/file/8e205172f1b49fe661e165ed633fcedb898ad7956ad71ee08e7b6c794148e9f4/detection

a0154466.xsph.ru

# Reference: https://www.virustotal.com/gui/file/67cec0a185c606a2ef972ed0c95b4cfc8b8a2c2d032c55b6c2058669ea216149/detection

f0160735.xsph.ru

# Reference: https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/
# Reference: https://www.virustotal.com/gui/domain/update.aegis.aliyun.com/relations

update.aegis.aliyun.com

# Reference: https://www.virustotal.com/gui/file/9ca8870623b9a5dc238975dcde1049fa66c7dab326b16b57f2146580f667ddb5/detection

185.25.50.217:14811

# Reference: https://www.virustotal.com/gui/file/9ff4bb63bec0cf9a7870ed5d283ad35726eab6b11c82ddce9e861374566049ea/detection
# Reference: https://www.virustotal.com/gui/domain/itsupport.hldns.ru/relations

151.237.185.51:3333
185.60.133.214:3333
185.65.201.27:3333
188.64.170.220:3333
213.159.212.162:3333
37.252.7.150:3333
45.138.99.4:3333
46.249.59.91:3333
80.241.222.37:3333
82.146.50.128:3333
82.146.50.49:3333
82.202.167.202:3333
91.207.61.175:3333
95.181.178.66:3333
95.181.179.25:3333
itsupport.hldns.ru

# Reference: https://twitter.com/r3dbU7z/status/1358998466735833088

134.209.65.62:5001

# Reference: https://twitter.com/r3dbU7z/status/1362399595519766530
# Reference: https://www.virustotal.com/gui/file/4a7937ab8db988782c15ea79a707c454798189744efe9f7a3f7825f501345990/details
# Reference: https://www.virustotal.com/gui/file/a037c15659d91a7555fbd0ec17978c26f7974ea66909c8732629c4a1ec961f14/detection

194.5.249.224:8080
209.141.35.17:8080
212.114.52.24:8080
66.70.218.40:8080
xmr.givemexyz.in
