# Copyright (c) 2014-2018 Miroslav Stampar (@stamparm)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/en/file/0687cd8d38c334a970b81b1ba9bb2e18aa66424edba3f33b61f7d03e35d5db20/analysis/
# Reference: https://isc.sans.edu/forums/diary/Crypto+Mining+Is+More+Popular+Than+Ever/24050
# Reference: https://www.alibabacloud.com/blog/jbossminer-mining-malware-analysis_593804
# Reference: https://blog.talosintelligence.com/2018/08/rocke-champion-of-monero-miners.html

3g2upl4pq6kufc4m.tk
blockbitcoin.com
d3goboxon32grk2l.tk
d20blzxlz9ydha.cloudfront.net
dazqc4f140wtl.cloudfront.net
enjoytopic.tk
realtimenews.tk
sydwzl.cn

# Generic link path signs for sh-loaders of ELF-coinminer

/bonn.sh
/conn.sh
/Duck.sh
/kw.sh
/lower.sh
/lowerv2.sh
/lowerv3.sh
/pro.sh
/r88.sh
/root.sh
/rootv2.sh
/rootv3.sh

# Generic link path signs for ELF-coinminer

/accounts-daemon
/askdljlqw
/AnXqV.yam
/bashf
/bashg
/BI5zj
/bonns
/conns
/cranberry
/cryptonight
/crypto-pool
/ddg
/donns
/gekoCrw
/gekoCrw32
/gekoba2anc1
/gekoba5xnc1
/gekobalanc1
/gekobalance
/gekobalanq1
/gekobnc1
/ihhnk
/ir29xc1
/jaav
/jIuc2ggfCAvYmluL2Jhc2gi
/JnKihGjn
/jva
/KGlJwfWDbCPnvwEJupeivI1FXsSptuyh
/kworker
/kworker34
/kxjd
/lexarbalanc1
/ltcminerd
/minerd
/minergate
/minergate-cli
/minerd
/mixnerdx
/minerd64_s
/minexmr
/nativesvc
/NXLAi
/pubg
/pvv
/rig
/rig1
/rig2
/servcesa
/stratum
/sourplum
/t0mcat
/watch-smart
/watch-smartd
/xig
/XJnRj
/xmrig
/yam
/yam32
/ysaydh
/zbjnu
