# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: kinsing

# Reference: https://www.lacework.com/h2miner-botnet/
# Reference: https://zhuanlan.zhihu.com/p/101220054

http://45.10.88.102
http://91.215.169.111
http://139.99.50.255
http://46.243.253.167
http://195.123.220.193

# Reference: https://www.lacework.com/h2miner-botnet/
# Reference: https://github.com/lacework/lacework-labs/blob/master/blog/h2miner.csv
# Reference: https://otx.alienvault.com/pulse/5e7baacc3c7b8864552f6774

http://139.99.50.255
http://142.44.191.122
http://217.12.221.12
http://217.12.221.244
http://45.10.88.102
http://46.243.253.167
http://82.118.17.133
http://91.215.169.111

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/exposed-redis-instances-abused-for-remote-code-execution-cryptocurrency-mining/
# Reference: https://otx.alienvault.com/pulse/5ea068474577163bf614eb39

http://193.33.87.220

# Reference: https://labs.f-secure.com/advisories/saltstack-authorization-bypass
# Reference: https://twitter.com/blackorbird/status/1256944563668672513

http://206.189.92.32
http://217.12.210.192

# Reference: https://www.virustotal.com/gui/file/96589ba7818fae9282b7f69920b7e42b9847e24b7eadc76d6702cbfa293aa43e/detection
# Reference: https://www.virustotal.com/gui/file/20343854b8c348146bf17fe739ce9028a620f93116438291f1b0b89345e18520/detection

http://217.12.221.12
359328.selcdn.ru

# Reference: https://twitter.com/IntezerLabs/status/1298992385041473547

http://93.189.43.3

# Generic

/kinsing
/kinsing2
