# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: kinsing

# Reference: https://www.lacework.com/h2miner-botnet/
# Reference: https://zhuanlan.zhihu.com/p/101220054

http://45.10.88.102
http://91.215.169.111
http://139.99.50.255
http://46.243.253.167
http://195.123.220.193

# Reference: https://www.lacework.com/h2miner-botnet/
# Reference: https://github.com/lacework/lacework-labs/blob/master/blog/h2miner.csv
# Reference: https://otx.alienvault.com/pulse/5e7baacc3c7b8864552f6774

http://139.99.50.255
http://142.44.191.122
http://217.12.221.12
http://217.12.221.244
http://45.10.88.102
http://46.243.253.167
http://82.118.17.133
http://91.215.169.111

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/exposed-redis-instances-abused-for-remote-code-execution-cryptocurrency-mining/
# Reference: https://otx.alienvault.com/pulse/5ea068474577163bf614eb39

http://193.33.87.220

# Reference: https://labs.f-secure.com/advisories/saltstack-authorization-bypass
# Reference: https://twitter.com/blackorbird/status/1256944563668672513

http://206.189.92.32
http://217.12.210.192


# Generic

/kinsing
/kinsing2
