Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | |...
Transcript of Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | |...
![Page 1: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/1.jpg)
INDICATORS APPENDIX
Proliferation of Mining Malware Signals a Shift in Cybercriminal Operations By Andrei Barysevich, Priscilla Moriuchi,
Daniel Hatheway
Last Updated on October 11, 2017
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 1
List of Public Mining Pools:
● https://nanopool.org
● https://moneroexplorer.com
● https://coinhive.com
● https://www.nicehash.com
● https://www.multipool.us
● https://www.antpool.com
● https://btc.com
● https://www.f2pool.com
● https://www.btcc.com
● https://slushpool.com
● https://www.viabtc.com
● https://bixin.com
● http://bitfury.com
● http://bcmonster.com
● https://www.bw.com
● http://www.bravo-mining.com
● https://www.blocktrail.com
● http://eligius.st
IP Tracking Service:
https://iplogger.ru
![Page 2: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/2.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 2
Control Panel Domains:
● http://a0149298.xsph.ru
● http://cb18017.tmweb.ru
● http://advtv2k2.beget.tech
● http://asterfox.beget.tech
● http://moringb6.beget.tech
● http://iplaymobporn.com
● http://vilitus.beget.tech
● http://lehanet8.beget.tech
● http://panzarland.ru
● http://miner.itsarov.tech
● http://a0152338.xsph.ru
● http://adevizvw.beget.tech
● http://baradve0.beget.tech
● http://penapen.ml
● http://samoillq.beget.tech
● http://bk-ratings.ru
● http://a0154347.xsph.ru
● http://h96088t4.beget.tech
● http://rabbitsj.beget.tech
● http://a0153383.xsph.ru
● http://piktukfd.beget.tech
● http://ih595601.myihor.ru
● http://karlikvm.beget.tech
● http://sitnik4h.beget.tech
● http://ogmapoibgsbnud.biz
● http://osglukxp.beget.tech
● http://mineelhr.beget.tech
● http://kristied.beget.tech
● http://wuntedj2.beget.tech
● http://www.zlives.ru
● http://wetik.beget.tech
● http://a0153933.xsph.ru
● http://etojosns.beget.tech
● http://top1chqu.beget.tech
![Page 3: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/3.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 3
● http://ih649100.myihor.ru
● http://maxnem8g.beget.tech
● http://darksmtf.beget.tech
● http://weed10i6.beget.tech
● http://carraq7r.beget.tech
● http://cn49157.tmweb.ru
● http://std2.000webhostapp.com
● http://viphatg9.beget.tech
● http://vovochgi.beget.tech
● http://a0153884.xsph.ru
● http://lehanet8.bget.ru
● http://a0154980.xsph.ru
● http://betmakyy.beget.tech
● http://great.protectad.space
● http://meereskn.beget.tech
● http://killer5x.beget.tech
● http://blackrwd.beget.tech
● http://x96436po.beget.tech
● http://dgozefr8.beget.tech
● http://suicid2h.beget.tech
● http://gnv0niuc.beget.tech
● http://cy99381.tmweb.ru
● http://cb63970.tmweb.ru
● http://eblomai1.beget.tech
● http://landst4o.beget.tech
● http://idababsp.beget.tech
● http://gapifef4.beget.tech
● http://185.181.10.173.
● http://beelinx5.beget.tech
● http://hostint2.beget.tech
● http://btcminws.beget.tech
● http://dianes7w.beget.tech
● http://a0154466.xsph.ru
● http://dimas2nx.beget.tech
● http://noiseees.beget.tech
![Page 4: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/4.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 4
● http://bit.hostenko.com
● http://cf85889.tmweb.ru
● http://otvjvudj.beget.tech
● http://p98503hr.beget.tech
● http://pharao0j.beget.tech
● http://w90461oa.beget.tech
● http://pcash.ru
● http://wunted6j.beget.tech
● http://sadating.xyz
● http://koskiahg.beget.tech
● http://host.com
● http://barinoik.beget.tech
● http://ih603163.myihor.ru
● http://hello-jesus.ru
● http://a0156274.xsph.ru
● http://pavlov2k.beget.tech
● http://landrpw5.beget.tech
● http://rnicha9j.beget.tech
● http://sartmla4.beget.tech
● http://privatefile.biz
● http://woweblk4.beget.tech
● http://binnezxz.beget.tech
● http://cs2.gaming.sk
● http://p96275xc.beget.tech
● http://huskfi.beget.tech
● http://denisvup.beget.tech
● http://xxxapk1j.beget.tech
● http://bulletlx46purify.onion.link
● http://omniviad.beget.tech
● http://jokerflr.beget.tech
● http://zlives.ru
● http://avast-free.zzz.com.ua
● http://prousb-lite.ws
● http://std3.000webhostapp.com
● http://shark2fh.beget.tech
![Page 5: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/5.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 5
● http://a11t01t22t10.ru
● http://begggetr.beget.tech
● http://ih696740.myihor.ru
● http://mipanel.pe.hu
● http://paranoby.beget.tech
● http://asfsfwqt1.had.su
● http://maxvlod.top
● http://supermi6.beget.tech
● http://gabataiser.beget.tech
● http://cw68463.tmweb.ru
Sample Hashes:
● 00ce7f19486dfc9e578a85f69e3e9f1e2d47c50f703e1a6ce2840e3cb52acd89
● 010f4e5498e63b918ebb3dd16b925baaa063afe181dd5941c183e281cf58e41b
● 013534dc3aa20a263e2848ae98b84bb2c0b62e02e745d366223c8d7ba290caeb
● 017929177f68cea8eae5d708de237171e13931fadf9f7779e55db259fdf795a6
● 017e28efaa6dc64579bbf884bb601fd793c1281c5df47398ca5a2c8d80b126d0
● 02b95e89e07b269f56ab66d56017a6f87c929951d9d2c5b971a5597f04d1badd
● 03430b47063e4e24f5aa683749602648d4f0afd4a5a0f6eeaed6e5e535c15e57
● 034ad8c4b18eb73694ec9bdb361c8c901f2263961c871ca0af2d52d6e9a38a1e
● 03e15c75c983fe3b555d48a31c77d1c09574980d805daeedab614d87bcb2f79e
● 0422e8ec4f9ce52281cee6037d661ce21a69843462b2691eb14c4df1a69fdb8e
● 04c500c8de128df9b10a34b7bbd0329ddeb002a1d1eb6ed63a0945b1094ba6db
● 04e0b91e1f39a16f5b2814d473f5d5ba5945b26d5912ef99932e9093a52c5584
● 04ff697707f70b35490ef035257332e9e628dfeeee6078b7dae76d6337154f05
● 050830d7a8426f2ec523c9cedbca63f2756409deaa2cb00fb4a852968a7dd252
● 0604906745bacb35f9a6c5780189734141e3e097ceabc6d8c2e52ac1f5b5d456
● 070dc10788475314914812d055c3aa667d0fcd90efa08ea3833773b8eed370f3
● 079195ec305e81c988588d1a38d317522c7643a6e6ee429b213fd39a08675068
● 07fa7b32b5e62010d13eefb78c55adf0129a688769933b635ddc8d3c1b51ff6e
● 08d24c6797cb3c7e5cef44fcd115e26302751a2fb2a07c5b1a40b34ccf3c0cae
● 093b695239355e14d79d6deaaa0fd872dbda4dc55b7aa1a28f4b1f25164f4a7f
● 0992b3c989becd1f904e8caa16cdedc6306c2182e81bd0b63b2d7f0d72bb73a0
![Page 6: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/6.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 6
● 09af12ebda7d5f245c1f90ae675d1ef7d5c1eea5410638d981da980dc235bccf
● 0b5f156a8f9001010b5b1b5e7a658a5a574eee3c4345ecd5081891559cd05169
● 0cbf6190e0a381a0ec20a2b54156f06615453bb80ae2e1256242cb8af96b065d
● 0cc9265a1cf639d13df9b03af258cbe2f8ae01926101b6ccb2dacec674f9de9c
● 0ccd671c2ffca1d17a81065dda3b9769d0002c8045f6d8652687cde4c442aa24
● 0e40c8b0a7aff554577d61efd463047ad9e3e6ac4831878738686b8822b0dedf
● 0e57f1b19d104c645437b40f634c97e0a3551674fcae691b40b821525afd09ec
● 0e5d043afb7116e74ef8e89baa034eb2ad705c440118579847119fdd38d1b813
● 0fa17032dc63ccbcee2b3c55e0d28ce2146b1ed99461a9f18ba395f7fa85bfe5
● 0fc9fe9f8fe5e1c36e2cfe19d1f72172673ed428c44aa8413337aff8d190c322
● 11202697f50d096a38f7bb5e87aae2db8b4c496afa9b9e3a646f7cf5a59a6669
● 11a66b88413ddf6b4a82e68afa568b3ffd241ef84c79c6d11f8f4421bb4d9f3a
● 1305cb01190bab0914fa1c37fa7a6c023daf976107433bd6da047388bbc283e9
● 130d58f67b999250ee58dd23b3f13b976aa4fee30a528f66ca343bca1fd7e063
● 1329d4901967a1799014029e340499af8c5ea559fcbd1dd4e31f63c5978d934e
● 132a5847a4583c283306c0861b21311b227952160ff595d5a073c2eeb4349ab2
● 13817eaa6cab128ded4e1524f249279bd69746ced1e09893ad835fa4ce6f7233
● 147eb559951df6fb2a8bb3284f0822a8bdd018ef4625cf6dcefda6f69dd1c452
● 15a362274252790e2f258720d8c3ad2cfdfe5e848016920940fdcbb5f9152139
● 161bd2d2effc8c54b6b9f1500da642770410cfc92a67ec8a156f37df67ed9a67
● 163551a547ac90d684c041bcfebdcf376c7a322e1f82242ff60b5d3b12575b7e
● 16da8870df965e00046e473d6c3f674da3ff2428878f2670f86ed49e969290c9
● 184b731aba6da70fbf48c29fa78228a2789cc9ef3f9c4cbccb66b302dff00708
● 185e91c0e9e431aeb6adb4c74e9052ba078bafd89f8af40dda892356298c6ed0
● 188159ff6f19ddb9001fca823f7d4222acb3c2782065aeb170b30bc7d6b26c64
● 198806df4636e7e7af89f7e4fe3d74e8c519d95818b048cb18f1b7fbdf1da3ff
● 1bed210b4fe301ff25db01975c207038aed6e1526ed6011309d3cf37b449e1d0
● 1cb1ad20156d535fea265e974d9864e1f896ca0858fa2dc7ca841c20c8190a9a
● 1ddf2734a5251b5eeefb2a1112f38a30a87f7c379cba4d697440c40d398c3f5f
● 1e3800f2b639a846f18bfe44d24dc5fb0f478b8d6cdc8256bd4015e2de7d64ff
● 1e7afbb206529792f27c643ce9848118fddb715ea3e5a8c9fe553b6c66636de6
● 1f0cf06553b13faec81531e570b51e961cf7c583b0f23fa21d6993dd6a89d99f
● 1f1ccce3c32d466e7dd208031c7596e31edaf0d32166b2a241a6bec290c753ec
● 1f28214a7024e6a303e9dbd3326935eda532e0f43474ebfdcc18f7f42430d732
● 1f5d165e6357fa695efca4a5d2a80050e64e7a257d9cd7a4bad150d51e605856
![Page 7: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/7.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 7
● 1fc2c29eebd17810c17163e24f1476075cc7e1584dd6ff3b055b640b163fe6d9
● 21db8ce74716048c9852186c443f82d7e0748134f382d2dbcdd4f774f0e2a786
● 221d3c8a63b5cbd39c9793c6dfad5b417b1a00c0405021f02b9313f8e0f327e1
● 22f3093f30beafcb1fa986906e2b3fd48c18d61b71bcf4a2e21e3ff834174aa4
● 22f42e4ff2bc95c342de56168a6621ac13484163d676e7233ee828e0a58b1f30
● 23013e0793f87d2bbf2ae9ac0a95445e29db25fe7a2c945002dd76193dc6aa98
● 2322857e59b28e60f4dc62c346831a7f156568afa27d647358926434b089ac58
● 235a6c5e82080edc7f706e53d546a86562f7bbc978057e87d643d2db5a1e63f2
● 237bcc7808dcb2024af850b1d2da33d94e7a5350698a0f4844bea54990ee549f
● 23db5c73e5dec9fb45a08eb97ede8687699525e375bbda3db68a24aef77586d7
● 248b1cbdb18d453c910f895a5f2b378318339288033dfa0d5273d46fad96e050
● 24efcba5768256df948d836cc7b1ee61e29de14b5e400842f110acb5f33e747a
● 25012deed7a7e16cb7c12bb7b7d7f275068bc7dc4d32912355a83f4a47ac56bd
● 25992ccf47cdb1d0947659cecd151c78494523922eaa339153035cf4342d6eff
● 266af929e00a76c2a7d7245c3f2ef9b931726cd11e57ac93a5ef224fd5e73365
● 26a1c57e68c54f3fae0f91db265da7e00ae36c018d7d26c0413c397f114a6eab
● 26b7eccf2ffe045e59b312e1e185b82ff6802a89cf86cece9af6e611e3fb4f6a
● 27e9d72241e271ba846a9f0b276bb02a5defeb8ec809d4df483254e8f76f64ab
● 287b37d24d7b2459884568ff899778da17dde621d9e1ea3438d4e1736f13c6a8
● 289d152724cbd083543363d6fb3787f6bdf106d229d6120633c63173fd0d3f9d
● 29c23c35b5acd689de239a133a26e2dbc54ea87697777a712ba89da286fc2776
● 2a6931e31a8ba9b78ead2042f7d11e294f2748c30539083a1ddfccc195f39836
● 2a8b6819037e2391938670cede5e72eb9f718aab64aa507a479d71debdef6ec1
● 2ac734066612fb86796aa34055a23d9fd82051b0501de56ea90b6dd3d2a86d6e
● 2c17199669d1bc240f3338c0b88f4054d6868531433873c91a651f808d84a51b
● 2c61c38f01feecbdf6d95e6f906eb2ba247e37e8fa1966fab6f9fb89972350f3
● 2d0219b49cc9313d98da33c157286fba97c9555e5f8ed5082a87014c1e593524
● 2d1048ce4355497ae67b7103cfe3a257612f17367379b462692d511f7313f015
● 2e5a606b5fea6fd64a7d7c1bd46153666b3a4044b45ed4fbbe1cbc9f62e13037
● 2eef58d44f7eb270a40d1bdee25843800aec3cc164057ff26500939ac048315d
● 2f32ec226d4cbc6c0e9586073a588f21ae05096616e8856ae504011072b11abf
● 2fc12bcd28a23ce4c82bd918cfab291ccc3f2ca4175979f0ea5eda1e7f844600
● 306b14f3b9d376654d44683c0c1445814d5e5063ad05fba7526223115bda9ba6
● 30c5ca0c20cdca915c20e8b454c5d08f83b60056abb6d6c42604a10d628bf113
● 3127dd2d07f832963040000ee297c6b8fcca06a1bbd5f852816f376b3eaabab5
![Page 8: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/8.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 8
● 318de9b4663566bcad2b9fd455d8dfa8a111a972222571d3c0191d620fa287b9
● 3196d2535fadcbc7a5d97b4916e500ed92d49d837ed53710614c2bd586f3f450
● 31faba4f27db60187feb3eb2b8f3fee548a7390a0b6eacbe02135f85ff652483
● 32f2ff1ba3d4c5efa9bcef5771f68040a259fd2eb84d4980c87c43bcb78558d0
● 3362d3417039092078ef4cc194e65708b7d7080ddef3606685d1969ddbae36c8
● 3387f6574efb6455b276de375d11ca320b9d22e6c12d57b1e3ca667fdb56a91b
● 33ac016b7cabede8f900e78731383257491473837528c4387eb87d1f07c472c3
● 33fb2fab3d50764cb0dd4949d848c083117de35b4f05acce1bd4b47b33806a3a
● 345dc95a2d9042a38497a6effa7e9125e59a0a475332a9d92124dc48062d7b03
● 3533574115b0ed072c4e78b9f9cee0e1999f3c2e5e2fc9c7fcd2c61f7fee644a
● 35408719c744066f7f2a647b77985f5ebe28f5e9e8058097caebf258f8756523
● 358e41a712490b23bf635f466dea0f4b44cef250b6c17cabe1bc634a2e7835df
● 35c64484af3ee8d1bb2f3e154e1b02365b08c379f79d25f5d64bc34246e80dfc
● 35df586d703551d4b64c1ca8c256834814c080d1a452b1f23a3f3584fc479d3c
● 360998313ce74cc146d5b6c0a3baa9e7942352a88821a06b3940cc9e344d2866
● 3648a38a2c01f49a1d3f536c184c110665d32bc4cf331475e219a3f07aaddede
● 375f970ad1cde202fa65aecc6ae2e6e6547d7e1fc67be9944aa9d3f7bed2e932
● 3773a3f8dfcc52801ce22c687f9a6e889d257949bb256858d47f7339fa0282d8
● 38354ccb9a8b94558f7386590551da162f77ab798439b7f9340f51c1011720cc
● 3957d0b0163396a2afa730c03458726d500732e67775ac19f0c2120dc6538a6c
● 399b67948ec0f128041f243c06d704c3fefcf54fde2dd8c37ab2255e10196435
● 39d8f345da91836ef86a536134cf9c1d1188dbb523b74c233c1dcfb304990bca
● 3a0caf9eac0376c0c5f5c6de24df6392278061794552299bf103cea4760f67f5
● 3a85a7ea0c31217de465557e6fd877e9b743b8c0822f4fe7b7bfdb6cc3f4e199
● 3a8e4feaee2e939b0b4a5da6801734d5438f1eb21468d32ccaa1185bd6a403ae
● 3ab8b41053a0d691405eee2b33077a19cc6b0b517474a3ac62fe8e27fc7f9237
● 3b4d641c89cd751176b39ea7ac05dea2c2030351023c9ce9406423775eb408ef
● 3bb4beee6b25921d9d0cfac4eef6f505331b839ccee3d72355a07d03ba37d741
● 3bec57696dcd5ed17a6cc25893f77aa953f95539e94599b9b337b2cb23e6810d
● 3c12eb5fde724547b3f8e3f4a5ac0d41d1d228c261eb1e79d4144818d0765a44
● 3ccfe0a1c3113ce360b9a21351aa229caaa52fe381c2fb72d5298c5112428057
● 3cd9d667f86443b798b0a934feaa51731bd0f73b144b4b7838c07f0b911675ca
● 3cdca4f81e2630f914182c9ff48c493af5af85c3ab28d2244d0a53fc45dcb048
● 3d3cef0a4b5c9d56790dbb8c8ac838d42caac2171f5435495682a51c45160bc3
● 3dacac71b0821ed16a309d5e93bf6815f81a106c590477ea72512fbc2253b6b7
![Page 9: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/9.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 9
● 3e3de2e1cdae94b9bd69a311474d80300cc7578bfc6676c230e5555eeb5be697
● 3e7f1c334c324c9ec666f5c18b43a2998a9a0080da17e0de9a610b43aabc76dd
● 3ecfc582616628ab385483c94f11dca87dad89d6613741061b3d56920b315ca6
● 3ef26d635e74e42df2d57fdc29c0f2ac3ec0296ea68561168442798500dd9499
● 3ef6cfbbc1212048179bbfa0425e03b99c66f7fa664b77a96306ec33e651b2e9
● 3f4fbe25c77cc5a1609dda96f2cffa254de5a2f2aab1bbe50ccb3213c257a06e
● 3feaa22ab8f2ad69330cb9ef1c2230b239c8de3b02bb7ef80b5c794d530ee89b
● 40577f9a5b874d14a7ad6296f2088a089553747096767f3f5a66bad0f53e803c
● 411ed499785d312afc5258714e02e1022d0330b02735eafdb3f3ddc939c582a7
● 41602ea0b62bda7ad13f43fba4cfccaf5bd0aaaea9e65b13550902771df8c14a
● 41b059cd39387138a968964f15307168840141352f5dd369dc549f34e46ae854
● 41d5e621fa5dbe60057abe9a53d23820f5fb05f19208a1ca76f2a1bb98b47d86
● 42607adfc57fd3b0d1188074223f3a6a1d31b196701f5ffb47c9ac960cd2b67d
● 429cc279e3d228bcf46ccb9a0b19c3c5d518467bda4f1f4e47028af5f4bce3b6
● 4343463b44d8988a8e6f0eb367f888bb012c9617cf54ffb2a3efa086ba2b57ec
● 43437d960abc82325bc6a0defaa0a5df8be007a37e0ae329445c66548418e5ed
● 449115dbbed97c7b12e554c4fbc45a55ae96a7f2a4639b8d26940cca496dfc99
● 44bca835937f6ec78eceb45a586f085c59bfca863e87e5d7180f249e90a7aaea
● 4528830192f4f16fb9990ce35ca46552231f0d54214f57258a244cddd14d0126
● 4530fcdbf69b9f721450a96e2fff3197323ce90995d3673f90fdec02e2eaeb25
● 4688539a79b4d7a680159419a23b3ee0802838f7f2d5598a6f61369c5ad1a50e
● 48640c2c2031179e94388f77f7021c7efe88484b836246825f4e7f02e89c0343
● 4880582debe5be750e9439b6440e2e937ce379bc393b1e582ab6c0dc808b73ba
● 49a9acd3527dc52544434d94fea3ac97dd3c9078e81692ee303675f87fe3de71
● 49f1a7ca2eba1384f11e45c39bb92af1db009936b0cd9425112f9fa43ca79f16
● 4a224cf710d6992558fd354bb3a8815505cf11b58801cc0a9b4ed6b9f49ab469
● 4a25676725c844607be84276d01afce62747ab5d4b556834921ef852c1861453
● 4a3e0b081f0e5d80c292d2298eb03a9b2be984acdf1f60f03f0c58193bd39a83
● 4caa46e9a66d8549a191fa65989387b235bca4d22f002d0f34b9dc9eaa18c0b8
● 4d78517aadd588ea4de0b3603e87c2c9a9edaa3a782d66f106996f6f0dfe733d
● 4dc5b5ce5d1d9b344b7e1bcbb69ea895edbfbb52eb592bd092d7d623e6c9b21c
● 4eaee8c4b8e43e7417b3b1e79e285d3c1207fd8b93a1522af2ceb4231ea4bc50
● 4f536f1714cf0f64b95fb7bd60a643b6b7602eb0388cbf0abb150715e2247e00
● 4ffdc36ba575496f4a4039eea134a32f2bd74533daf7e9fbbb6f81d4bbef52e1
● 510196944b72925fc23523daeb303a06f90a83c6c1a1f22a98ca95d654d5728c
![Page 10: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/10.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 10
● 511a05734d9f5bbc4480212f1c71680f8fda1192ac7fd940e8816e043b6839a3
● 511d4b25bba750331f9f3c419e637130e6781c311a8a4be501e6c3ecbc9ff483
● 514aac389f767b60f26e32486786405547520c84a0c9d8d8bd8f832b3ebad447
● 51b077bdd686607f72f4480651bada79356ebaa824ad6b341301115325fb4ec7
● 529a59e256e71fb1ee606a974ac81a1db16f4dc096c893fe2c96bc52416f5762
● 539061df34bca8f27270aa2575d54ef154f337d45458cf53609805f8bb5f42d1
● 53fb56e445dbae733f668ca25a5f598ab2ac9c24c949b20a716adfe875e61df7
● 55b376420c7f0f52efcf58eae44b1417a9c18d2521ca0344d2f49db103300a4b
● 569bd32552d562ec737525dc53d91a27ef61adcf10f1facdf6e35333ebc53445
● 56afb15ba1a2339003cd51713fa0be0a2dcab39235a19b9b224186930cec46fa
● 5752d7ad0a8053e1f1c5c1425f26ca4842641a7b48fda2c0e422052ffc81811e
● 5770fc5d0f0ece1d38ddc2e33cc99443dff4c1632fe5691c992743a51d1bbf38
● 57f66e9b3dbe75cf86cc0b5815d05fb5788974d4694d002619c19d42cbb7558f
● 58bcbb00f9f5e20763c8893e225f90a38d8d3f1cb909ed996027cf0873f745c9
● 593e028c2e4026998a49452d7507a0abfcc42ef126f2e1ea1cdb618b6bf3f731
● 59662a6deb803ab0221ad1e79e3df698a2607b7ae064fe15dc12e2de71b483a3
● 59f9e3d1e60698fa43b80699bead99271d8d2fbd3c3d99c4f7a11637a432d5b0
● 5a57dc4b96b60bc3313f249e8306588934216937b365089e02fc3797065920cb
● 5b06ff5b140ff3a669dfdc9a1f31d64017f3e7f1c14a65ff154a4ad1e16b178a
● 5b1185beeadb639f323162915888ddec2b21d7c0def905cfccfb700668b57924
● 5b4153415835dceeb8842e524ad534f576c42083754ab86bd6b38a84139cd719
● 5c1befbce8ee20996a8f8d98f3eea279a8746a7e6366763b4ebc5b59aa46cbd9
● 5d34c73c4c8587674947f98adae49f6f9eb5c2098e5c46b02bf9aa716fb99e61
● 5e4ac49fd0c1da247e53f39cb9892ba422affc89475271f2d3b692bfb757d5e1
● 5e9dc5cd30b18d7460a9b63be520f94507e660a0cb1756733f917a3e0cc4a609
● 5ed53404c6b6693fb6eabb1e757feefd4431fc622b0d4ae1da78ab73055952e6
● 5ee055f131bdeac5b6aac7e4e03be6d29718e4e164c9d2bd32bb2f161f1bb0ff
● 5fce851910481b782d27be1fdf83cd3cb0a028c4d1ada7eabda699bd65a3e395
● 602a74fe21afd9dba6a9fdc33f26349e6812fcdfa9888e93dc0295168486c223
● 605070ff31b6f8fd854fc0affe44c11ab8842b4908d14a40519e9eedbaab9858
● 6105748ae4eb7a0c7fc01d23d207b11b149ebe061e3da20180b500d7a6457aa0
● 613c69e982f936453f271d72e0f99ea70b5f787c42037fd324615b8c75f1ec1a
● 61ae95e4f15d73fa4e999edc652dc029473881359e36ee35935c646c7e82309e
● 622f86252e32511cc835e99dd11ce0a677ae002ea14a7a59239e06da04335e93
● 62ce555d314f8a9fdfc98c301956a5e25a131f81683e9d2ef4feef6069c199c6
![Page 11: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/11.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 11
● 6355599f89d90ec99c1692fed7efd04a20fad70a961506cc60d91b416b424182
● 63a7812636786eabd5d9953cf901db0c2dee3c41dd586e41dfd26702fceaee39
● 63e354e2f6a28285b94c60d0bf91eaf365354f38da0ef9c6d3a599909c2c19c7
● 648725f452feee70081f07fbab946686048d2286e9f4298e606585638e553c4b
● 64a8158b7c8dc8e23a48e4831a60ba984f9980f05c25809746ec42952bf08e1d
● 6526577930e1f79ef619c0915b2d8a4260d48fd3501b4311c3d5a252e0059aaf
● 65a9649135824124fa09c751ae0d068fb54b7f9bad7dd84fcd4e457aafaf76d6
● 65cc4702ba09781e73702df9fe5d9729af12c4a04a62fecd939c167193227f35
● 65dea6429c3c3081560a8ac57e7bd1bc0290d135169cc81cb8b39a44dc8b234b
● 677c5ea704f7d462e41c086108ef497b61281f97c89fcae440320f6ca1a86f7d
● 67e2261609ed54095ffe1fc9c45405b4d6109a60859fb0f94c31c9a1c04ea646
● 67f8daf298e1ff0599494b4cd3fa310590c82726b8d43530cd2f0a521317977e
● 6848f59a0a270baf97b59bc231f9b98e4443419d7db08e4d364770450d93345e
● 68edd05354ad0e554c9e05f0d22e1876e968d05a2ee9e3af73bd7222ae150e90
● 692330515f332b773dca6879970694473af0a25e65899b9cd04bb46e9802f6d3
● 69e0661174bfea74741e489eac1f5cdebf10a4c28b5cc7c4c3bde5b286e1f4f9
● 6a292a05446a6f9069ce60c041f42963dee7f21440d41948b5c06c9f50a78e0f
● 6a870ba07d9d1fa041c543d98f4cb3ad8a7b12f17295cec151b31b63a29fc94c
● 6a8a14b85927aa1e258c785a77fe9740a6e05c4e4c3ec44fde7275573fdae52f
● 6af2dbee39e31ca5e1446b051e999df735ab650314a39ff128855ebb60f019a7
● 6b61c38cc2f77ce6a7510fcef0699958a1df6da0dc3195d1d2e735064de2ea36
● 6b6ec0ff25b1fe956d1c0957771d8375808529cca5c1e8bc8ba78a1ce3dd1071
● 6d31de7cb129d58a7e2e9442adb3646e00da3b1443e07658317b390f29b08fdc
● 6d9a790eda482045809ddc6d1961c691ab4bb833ad9e47b5ed5b4a1ad1e8d978
● 6e02b779d9255631cccb6b955e5807a68343a62bf5c38a978b40dd2b81bfa37b
● 6ed2f495652c61121a2db50f2653edc74dcc645135fe85babd718186b1fb1047
● 6ee4b6b9b73d303909c17e0f09702024dfe25e6b7649e8f8bde24544bfab8e78
● 6fa216ed7ea0b63e90e03a625e516fbd62e68d3242787d91852e4992a51c16ad
● 70366f2ca7fbf4994213c1bce03a16c61f2fa48eabf7ded74b428cb6b62a83af
● 70d06683f2b9ae31c908b992788cf8ab60b3b01b8e3a20c46b2e3e7f822c1bba
● 713fe9abc5f824f9a2f0d6c597c3ce30b6ed0d5f1fe59850602a1cc412de3a53
● 716e188a60a7cf1e6e9955eca3e84cb4b2c87d3c6251ed05feaf045f649ceccd
● 7228fdbafd427376bbac494bcf1caef44f4b6626baf5b7de6509350d33cb310e
● 7230c72aec4ee3cd28ad7105d4fc0dba15a091acdd3b5d6c44d8b18e9a4674a2
● 726a6e0a3954484d3439d41730ac438aa6a9b9275b7b71721382c975ab9167f9
![Page 12: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/12.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 12
● 727083b7b06ca056e38db5e27e82da6aa0e1fb41a087d4633616f086d37eaefc
● 740c97050f9e10e97a249ec968a36c91aff6ea36553600ad4d2ab8878f8f511c
● 7427742e824c028aa03f1a25c37cee47db6b4b8cf675f527fb2159f4d36a15da
● 748943609bfbc25b0de8205b59825bac5bd9c8d469299dc8c77871990c6f72b7
● 755f9c4f74b05eab0a113ff3d3a88729ebcc23221c4906dd28d0d3823dd8142a
● 756370684a0e1fe52943a1eaea6d9af2935515ad100eafe011d2e6c820b379b8
● 75b4ab7b2e750d533ceb3f744d0ae97123f5aa30d3f8154411f794197e1e08a0
● 764c0921e9cc6a32a8c2b57e532e8461ba378a00c22ce04e18a579f6d28dff1c
● 768213921f4fb3fa301a4b3e03bea8a1936492dcb57e0869965b6c2505252673
● 7936ed3aaa19a5089499034aabd1a66f71150cb8a1e41539a4e012185539db65
● 79756c540bf66f1d891c5deb5fafb5809c64c749446931da5d650bd59dae53a3
● 79e5df8d2def95acfe4ea0f844c1efff4b14b5d14b936d7134aab47d7e5b637b
● 7a39292153ee6587327319c07953e5e48bbd296b4b6fdaeb5009e8a7d3bd801b
● 7b5f45021d6d735d00eaa20d11aaae9ee5580a1cd0fbd1ef442561291afdf000
● 7b7e23996da9c9d681fe2abf14cfc565af2a5036055fd161802469dbbd1541c9
● 7c64e6b939337dfe2b85b0409e6acff219262b23f2d894ac0aab56a974fec80f
● 7ca0f41deb19e46c25e3079350f33abcaec30ec871c9ae0dd56c190b30eb4a36
● 7ce53d7b497ec7dd286f827ee7a4d899b099cf1980fe22870c812023dc447684
● 7d4edd6d2dad49309ff98c8abfa46fe1b6d73d5e5b48fc8a1295b3a4de5d6927
● 7e1cd822b50dba72c772745e0f613a347b820b187e6a6db9f4f859bdb9d13fea
● 7f804f74840f85a9bef481af8126d8f2c376e11b097de9b72dafe5f8c5afc4a4
● 7fa8c40a994ae4d4c276f7a580bb25c01d872e2e68428cf9d526511efc53262c
● 81079c7059d67cb8ed63ab2e4760d7b921a984bb72622b2eb6bcc77d50817cf4
● 8109e4cd2a1de2362f66028486d04c28dff718fd06053cfd8a14c31bdef912ed
● 8115d446f212a50dd080aadbaed279bfd93c53f2703418d82591c19c4a12ff4c
● 81b5dc5156449ebe10b8ce51323267c6b9596a27f482c6fb20a300746566993a
● 8248b49728796b56dc2cadca7d47c93c8a18667c85ea11c3ddb581daee6dc174
● 8288c3b957f5c66a943393295985b0666169870bfc3cbe769f432ce8aa58a0db
● 83603bbbab8a3ca497061d93726c22df1b9cfa4accd4304f16974f4c8f41ab26
● 8364d8651e601846ed5c5f29be19b504d62b21375d3b4035908fe0a37e76ff33
● 8368ece8431892d703627a50787445b53b85f263a304a5c2997c6d895927af3d
● 83c704b87d3af6bdf49858e33341478ed2e89e996e5e9bfd364d97d6ae6737b0
● 83d28c49e0c36c2fdc93b7b9a47dc6b15fbdafb3ed4a1de1a0a9fcd40b7a26b3
● 83e8a06f0d3ac4165fd75ab31b056390916509da53daef8b0b01cdec2b1b999b
● 840387e31ff16b92391b0b107e86e4f794385e1110ac8bf26531249864434eed
![Page 13: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/13.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 13
● 842c786836501249cd8867f6576b668df988fe18e3ca2bc6b4c98b97e5ae4a87
● 8444f56944853850ef6cdf4042c51a6a626b33aa60b36ee5863ca2678df89611
● 86b47efaa795fae79069293e85b48749baa00034b7dae9731773161f81c63648
● 86eca06f381aff0ca6f2c7439fcc46490cb513b35f5b2f909ade0842a2d05f2b
● 8872df2707fbb6389b5eba46192de0d781a2f31f0d4046e6b98f77207c399e21
● 888ea39b5effb94f7d9a4e63db2e77c45c2085eb9d06db60d4390c00a8630db2
● 8b058118134fe689d0d620ca998cb8d0912eb436515e9cfb1b48f37792c884c0
● 8c285e241ff94cac572f5da2019cd2edd30ffa4d0d5d01347a715955e7a498bc
● 8d506d7b6a478779464f129f2dcb08e990c701afb8fdeb736e50c2c5db67b36d
● 8dbdf05d1b5ff85d10b7450ab9c5ffdfe812d0c910f7bd5349b2fa224b5aa5af
● 8e205172f1b49fe661e165ed633fcedb898ad7956ad71ee08e7b6c794148e9f4
● 8f3554bb86ea3a804d5466a3096955951f76d58ae0950e001019147834a424b7
● 8fb6cac91213a38ecff9dd2706bdf706788ef67c1adb945445183b032ac63de6
● 90290f21ad9d349d504779199255f8cb6ac044cc81d6eb4ff11284cea95422a8
● 90c37c1e72558431b028c0ee041b99bd861eb459ff1b083994e557fb7309672f
● 90d5672575af78d520ebe6a7151723450f8f68adbc8371cfd6d1cd6ebc6504ac
● 90dff142063934b370b6698822b01bda2942be74df38db6f195c89027452274f
● 9144c724e7607d04780c44922eab3e881ad99774150704f573b243774664a96b
● 9397c0cafb06979111ad5c08316e9906dd55aafe55e676a6a7d8550920a3c037
● 943f9a462b55ddd88ae3a6caf9421a4294ceb91dd4985ac8288b07a7e8fedbd5
● 9470ae5e217c629071331accb34744e4a5dc9945c60a020ba375f46dfc776bb3
● 948c17155ef0c15665a58633ac0473737d5a291728325b2793f9240dd55aab41
● 94c6a6353af23be9197c0923e501ca14d4c4aa64bf00e20a5a1e8008dfb43062
● 95934c65a11e01bd4629c9335bd25238ffed2dcda9b71426969a35adcf29faa7
● 95a21c6b8825d1aebbe1cb8fb79b50e5189f6a5875e61d77319c2230bb800f0d
● 96aea739e2103f67a25acb7fd4558ce6d7ef5639be1feab4f8633a366f9891ff
● 96bad2ffa1df43f55492c005efdfd521582f92a84bb7ad1c38b3fe48f4e8ad1b
● 9705048d2a9e351d259a2acf1ad8783f0718ec9127957a0f5881a6645f88b4c8
● 975eb7621d4a6aad9295812dd7ddf40b82e5d571fd51e533d2aeb42e04467ba0
● 9876b5e94f9c4d5f312470049014d09b747ee14635419ea4363bf06b22f3aac7
● 98e818a9aab0b38ac6d2eee8a245bb52ce585adae8dff750ba0bd3bd17e8c6af
● 9a0aaf034367b2e8b2e49b72766465bedd205e61ffaefe701c94bbd652960090
● 9a82bb99f3aa3734efbe69b8c6e5d8fc582ccec0b3ec5f7ef03a531d94683188
● 9ab97fbaac1d08a72c1395c0c503690a2a63b52a865cb9cc65b2849b5dc366cb
● 9abe5c63e9f679938fe47631568c55189c3fd95977095f47ca88fcdc22f6e337
![Page 14: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/14.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 14
● 9aca6af5d272385ec86a037aa2bf935978746e3fd5beb8602e281b609ecfba0f
● 9bb9e4724a8d0e1d8cfc9a6eac149d4380e6d9f2bef3fb61e75e2dd2b38521c5
● 9cf9cd872bd505b1555cf126512849618f77f0e7707c2267a3c22ab2f6fe9eec
● 9d60a2498bcfee0fcea155c4fb4df16ea6587f7b58c64564da11503fd76f4953
● 9dbbdcbcadba85f4d151aec9b580f8f418a89faef66214fca531bb8445047cb1
● 9dc6176c07d43b91d567637867a2aea622484ed4b74ce946b4afa4ab0a618b1b
● 9de1df87d27ca9ab3ba60cab0013b537d21195a40de24dd92e7ceb4b7160fec2
● 9e14c665939521719b2c61a6d1b175474db237029d86adfe4a8e32f2718b642c
● 9e3c7a528d9c0038a85e294a1c8c61aa9e7df7691146ecddc549c9a82f45a66e
● 9e3ecf8d58b7b4829c1c37f10a12b5ac046407f57f024f51d845e60cc74d3fb2
● 9e59d5315fa3b9c868bb1dda76bea992a12e19bf19de861679a3ac7cebde3bb6
● 9ed78877fcc9c0e522176ae4c1f6a684497860ecf873f172ff7d3302dd1135fe
● a00cf495e4bd0436059e1ae3a59e1077278a14b7ce020997862b26e7a57ca55f
● a0308856fca03dd7a7dcf461eaed13d4027dd92768c887f446d1edd2c8ccd97f
● a134c72f33abe26da3c9da542a274099d6ead8bdc24764af45ad1f6b653ff947
● a24608c2419947587655d818912b4efe9decd8fa869cfcd9ee794b68ce3e0a59
● a34a067ac5bb2704a6887577520794ca39376e9d253121ad0c4c621524596141
● a3e16f8457fde4553ca00cdd100dae145524e3b4eb2eccbf73f6f8c617e8eb2e
● a3fa74c6aa996879421f68c6bad031366705a71e681894821772436309ef3f58
● a4204c452e26148a9163eb18cff0773c59deacce15b560513b2f7ffe04a2f332
● a47cc50b5b5b242961931440561ea0254e9956a5b0be58f3ddc25fd2a93fcf00
● a497c118e4ab39b6ac493f7f2eefee66a2d1cf1aa40eb1de817ca2d51f3a5603
● a53f8da0a34ee3480c3dc4349e8dc796353d85b1948e0e9158c47805dc300f25
● a59127a50c97b01ff7cbd098eac26781c8b10eb8fdb156e9a4158b6da834c9fa
● a6482d1fd4b76ee1b41dd330fd0417fc9d7de94a033504197aff2b3662cba853
● a6a3cd56fa9a9848ec88832fe596c7553ef11973788d5bb95a1fe9cf5cdf3562
● a6b6efde547e933afbb4642982c762bdf2d77f2086908c373e5bf47df9a58978
● a6c3ca8d02a537ae7266f05b1757181b4bc4a16ab2ef50d6071dcda89baf1bfe
● a6f015172bbe88550795bc45e6f8305fb481f074e2aefd4bed7191b987cb2c6b
● a73268e42d3cc28c5897a38f47761fa71d514cd967cb277752bb08b38e252f78
● a7550b61f9ed172511599f1383196959a7760e529d6d87f3d8019c8073fbaa2e
● a766d9a7fff3fd450df7accd9f32442bcd91235bc8da95085801acd0237090c9
● a88500751a3967fdafb5eba2a5e139e6c4c8df9f662327442fb941172bc34cf7
● a88f0ce90015bdf9f3d614ae199b5fcdb9c49f63314e45de2ceac33c9fd13a02
● a8f3c60eb338fcdca3542cb6018b7f199fda382ebcca54b1f77752d4104ddb79
![Page 15: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/15.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 15
● a904969f20b3e219bbd45fe253145cfde1d9b4db6d0f86e39527584c965d0494
● a9a906ae6a473d26d628324fc8b86662ffda223bf25630dcb200e7c18e860edd
● aa4aade25ad24cd16705fa429b9b0bfa04a0d3f0b8c7cc05b83d981333fc188e
● acb4fd5a8f8c0f6ae37669f825afe7ca65d6b0175a71b64d546d95f15844b3d9
● ad00edbe1175afb0da97ee6f1d6240beac9d3606eab213ee4081c9ee80e666ea
● ad551a59387c4b2827aecbec1f13a28ee725a62adc1dda39df62163168537672
● ad594e1823b7cd4e5b781518225809d1dafbd95d2f2217ce0ac46d5116605e6e
● ad913013f1423d0bf5336be2f26ac09bf9b7e725bb1614348d37a4319c461425
● adf7aa13d0441f6833706ac36579ad92747857c8735832d8070b1ef72bc78f2d
● ae2c4cbd774853a7cece769e64f5b53e8c5e5858be55c781223158c155917189
● afe541ba308f03896f4562b40746fd657ffc3e574200c36263c6510583e6d956
● b0220a121e1daf7fc21f1869ceb4a588a1935ff4a7dbcc8660e8c661f40c26bb
● b0f60ff0bf9fb9a894041d246757dda222f34f36407a642ca22d16a45f449a05
● b12457d750109962f4f2e60ef1eb623d8ff0abb8f96584b065025800d9eda466
● b1b282c9016b4cda9f9989d408ccd7d06a558db7a6d19d7640f147cfd195f80e
● b2dd99388189edf198df3fc45ede3d39504b2e0e2973f699faf90c0f221f3c5f
● b33060155a60758222ae8ec7dd76061150c1b442d84bb7c4425c0049b0077631
● b371f2e09a59e0514f0c4c7b63ba0c787367e62682aa3c7bd35843ef7aaedbe2
● b392c6d0e3d4711bc1211f630d1fbf7aa21229287ef3b111afecdceaa4b2f875
● b3a4409fec59fd452eb2c8d8da26fb066971aa565bcf42f17e5a669922c455a5
● b3cab09e84a071edb1696d5b9bab4a23ed0b68410c72d1c5a4a542501210c9fb
● b422d87fc25cc19b0a790846a35c870ee5cf474f48879a191de283d2edc312cc
● b5f8e07c3ee7bc3430f43152eb6fff5ef3c8cec79730d9235b9a95b21d785f6e
● b79bc880122234796a52a80eb27446ddb6c68f5bbc86afaf947735847e6b587e
● b7f8031155fa2cfc629041c896fce86c81176cee36655f2dc84e0dfc69356bef
● b8a98441ecba92d5c401d729591491743956221e698c0203a6e4d55360165996
● b9ee223bc4da38fa5dbd6e18ab122f590eb9d751d603d56aff33c9eba9b811ab
● badedf2f76a681c69dc1b379c465e447c7de34114e77adec729f33c589bbb22c
● bb250ff22b07aa7558f91dbb8770083f48b4fa3cd942cf2970200280ba2728a7
● bcc77cc9fe6fe12f61ad6615cb50a840888f282feb295f926d36416e5ba1282e
● bcebfd9c24bf798eb9c26bc7504a062be77d789d2fdd172869bbd398b94e6866
● be1b9a8af436754d940f1f15a233f93230ffc8c9cb41ca8e6588ba8bc833864c
● be26e03ca51f512aea031bed12559f64e52c5002565e5cec58ff7f2a2563bf6f
● befdd03ca4c7668a5a9ff78ae4e2355688721211747e5e580ebce36321c9bd30
● bf750f9c5acc0c9ddded03f9b815d61465a755878ed9e16a9ff896decbd0d167
![Page 16: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/16.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 16
● bf85f68863c3afcc0e537b83f0a45443b70ba737adfbdd031814ec75e0441ba1
● c108dec29fc6d85119b2de9affeede55a54e47275b783446900985d013a059ba
● c2a88076b81d557b62acd2bd3d82d2a1a856a2f8e2e698b7b0a969eea0619c99
● c4a2a6854640cd5fa61cf65d0a9b07f609c844ff7b0ecd7e108821981a865907
● c4e457e7a71fda9192e37305001a4bebc6661ad5deae4701aab63c9304b7f8d3
● c52160810749e75d9723fc27e0c5899c3ededb7394b831bf8bc3b2c489dbcf0f
● c662005a2b815cf42a81c6346028eb36867d6f269cadc6269de803e7e27061a6
● c679944c3aec7023f5036809cd3737ddb0b9fbd4801dcbc8430548bf7219836f
● c7133aae52d2be8b40cd6a499b399151260aa6fee62265ce6472df04f96bb6dc
● c7578f3ffab871bbc2a09f7fe0ef294e6b1e439b6d8763bf6ca0a3cafca54fcf
● c7bc5263e70e206cded13c4a3e8eff7e86f0e7626f60b217d591480290e66bde
● c7f2f5ca1776327894b7819cff24b01d677a6eab04631fcab5bec40d02e82b89
● c86981a6fa2016b93ae0cdbe82b8be765178bc096d566a3250e04ca6e768f9be
● c9357e566aa57d38bf7c0927492d4cd788deca20be980bda32a9bc7808df8e4c
● c96be138a68209dfb11a06ca6ec4295e78e7e0abe546ebf48ed56b58fffbd64c
● c972a01f9caa3944b97429b5ca2a59746a70c21a008572386086c2019cdff9d4
● c98ddb4177c7ceee47325466745ef14ecfa52fe1ca09de6199ced1bf31030b10
● ca1c7ed3e5feecbe4952af80efff76e45cb9bbd3a561f031d0a8f3a1bb19eed9
● cb2d30db85825dc2e8a9a9c3323615353435db7181f9873cf33b6feca89c4505
● cc3975ee35ef7a8a701bd71c9fa94943c2361700d759025f54f6c4d986c35c60
● cd521ac5270f7bd131bd00dd792584105bf762a577e572851c8e420fc54099c2
● cd821ba5d4437b5c6d9b49e475c03fcc50d52dbc7abb4f037a958f56aa2cf7ad
● cdac018ebeb8ce2fcffd171228dddd599f19672ff882154cacae611068d0c99c
● cdbbd32754d90e86ac0e3e00f426080941d58e6e0c7032aba915b241bfb50815
● cddb0dd50e4edbc3839da82179004f9ccab06570dbf2afcf92f5401406a2ac26
● cdf655270ef6f8256f7ce52e8f5d05d9a9d7e390776623e89b885bc911399d4b
● ced8fe545c6a991eb57fbe5ac6d02636ac69dd304f86463fc389234b8eae1df2
● cf108297f014f06f563f28dc39e32c3710588c4620a1031764f5c10c49a2c18c
● cf365100c0525a390ce003dfde2e851b9435685359726b9bad529c79ed87bcaf
● cfee0095572de3528af7300fe487102ea9effbcc1d89fa4ecf45957ab09f653d
● d0129762d0f7b43c4bd4034ff13302adbb75080433154c593696a24a9eba595b
● d0671a79308a1bf613d0b51b3ded333c193bee7d9793d28237ab7d6c95dfc0e9
● d0c9296a9dc3ed4aa6579dbdbe3d576eea171f144d89690cfdb6f71c800c5fcb
● d2203b7d74810f82da8a01d70dc67c6641a321d4aeca45456ae51f0c9d0f5d2a
● d3aa5ded657fe615d22488a3f25d23d546157b779358ee90ae0c5966c7b4ce56
![Page 17: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/17.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 17
● d3cd7db5307ccb0a0d5784242b21fe92662d506aad18ed4e54c0a96bf4629175
● d3f9ff12a9ca5c095fc3bbbdf278e7b5fb7caf6a4f3597828efa117243c0aa0e
● d4ec6136d72eeaf99a54bbafd4f42a02d9e03151c63c50361635d1d104bee310
● d50738d93d7af25b870c949a7440952503337259043b67bdc5df29d26c5db613
● d55460daec22d6aa579d49dbededcc642a51670753d8b7ab60da335627824dbb
● d5575c17dca35f77b2a5d2b6eb972f5de17d88e8dbdd12a11ecc72524fcc170a
● d5e552b82f00645e7efa21f7ca73dd24531c4f2892688fda4e62a2da529ca00a
● d720180b15985021f9cc842f7f8ca19fc8f886cc3a7a6f29ddc53b679e9921b1
● d72414bcbc01f2acb6498a6924a50c0fa12d2c322d387e6b12559b4fec74c0a8
● d75ca290c8fcb46f58c51a3bbb53833cd0529a0407dc8c4d6a57a1c6c3c33cd9
● d97c16d4b62b15648118991b013e233310997082788d7bfe1dacb6e7c2facfc9
● db1eaa282b237aaceaed3f556fbd82284b9fc7f1c4b70ce4a7d7fd7b8fab5d36
● db7e2434a28ede90d48d5b805cf9a9c9213d1a9947cd76a3f9004372ddb92e76
● dcdd97552bc8a5526ee8448e4cf0b90d7bdc288327850392fc3e8203bb2f58d4
● ddc4acfe21eaa87e41ec3e9b425cfb4c8c2756707961ceed891ecc1277fb69e0
● de3c50129b796f31af17f62fb941ad6fe262fce8838a4a0a749cd47072f728c8
● de5fd875489433652b9d1d297b5b0e98912dd9a36bb946fe6afe40600a2ab004
● de62a46f87cb0b215a0ce07600497b507ed4229aefe4d20fef620044efeb28b3
● e0b0558f4bd2fd9f10c8988345b4c31f756ca7137e257a43dafc6f9695e36fde
● e0c2976a8436d0025e0c0816a789a4896e877c673a82dc087280cb324dcdd1a3
● e13cd0144dfbaca71273d020086bd1adfbe03ebf17d3c9229a80b7f2a6e5655c
● e1f9771ed5f6d8635ba871454d6585b5c1410dfd6acb987cbed4ebecc8bee2ae
● e282ba4a8c7038ea137db7b76399a90aa609a76611a63011908d72012ea9acb0
● e28a781bba93a4814354e04c90ac0686012634453158dc6e5051230f085a447a
● e2aca78c5d355f65a5ef51dbc082f3bf965a09e8dcbbbfdbbc32846d5464c335
● e33d787501ecc5df9c8ffe4ac364776b948cac31bf20cfd7d4b0e2fc2d30e654
● e37ed917f7300ba09694b2239c03ad19ed9dc4d7c43696e0d6f85f82156760c1
● e3a0d098b3a94c221bf8e12a1cfc94b0475930c91f3d96599a1faf7fce90dad2
● e3fc4d5d3b5163ff4abe49c56a85d92eca1da8b18fca60d06ccfd994b9d117c2
● e44fec25175dfb6bf900fc8cceb615fbb7eed64934e50808ac399df9e52d96aa
● e47b93463c2afafe1b28f74b3b3534fa08f037a26809d0066410355200175c55
● e4b23b730b96a976b4850702de38b24dbc0ff6aa5e1986ec0d287f4c37801211
● e543afcd5696b95e8dd81681b95ac9c5751834f73493cecadb4f531f0a97a237
● e55013a541e78cfac8840e2edb3eb09067397d2b1473dede59c8daa576dac6a5
● e59cda17ccd5d13887df57d30d7a88a6293df5fbd4dd5622078d885eabf08894
![Page 18: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/18.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 18
● e6630925ba527168d054cb6ce32d8e7ba59e2ebf16db1cc2f83d1333be4c6377
● e6d8d05700d5f95e8b692b6aa45e2098f831de42d6ba0e0501176476a7ba51f6
● e7387fa075102acaa461663a38fd76cc3b6feb1f26d1206664943f2c220aecd4
● e87355337396a0ae36be7af921c933f6ad4673082c50d9b8b44d9b6b676ba4ff
● e8ad288936a91d4df65d33aa4e1f39cfad9ba15cb1ff728b3d6aee3d7561a092
● e903e30156b570068e061c7a4110eb9c20c94d64c6973288744276bd13639430
● e905f30318de2d63f050636d75b66d4bf98c6a544f0cd782c2c57d54565a6326
● e946f80c9bd7c1659e58bca2c9ede2db1a5ce7504c54fff8fd3abd0f5b6ff508
● e9769deb6f49d6de607f647e94f65cad3aa9d9e8892123a23e938b1f8315aa63
● e9b6f52dd61c914e01978733ca179fc7015166892307dbc78eee345c8bfee181
● eab31e6869088065a7e82f3dcf0dbc96b80d962ce266c1be7cefa385827aa4a9
● ebaea4fb98726c7f046433dd4321374cdafe0d7d793dd529b535acfcfea9523e
● ebb5bc43c6a0b2c30579bc7e05fcff27a034d7565148b527a1d503110c24a94d
● ec49f9a3b781aa397acb57494c470f3420a39ecce95ba77d3d239aa0e55ad17d
● ec7cc81c48282225a467afc231526afb49178e7752681425878e8eae81dc862b
● ec832d1a4c4c90db6b1ea42f86f76d52be8360c43aa0ef35252baeb063d2524d
● ecc11476cbcfd17b671d29a554e71573a7266fe88cfefddfaa21d5dd50b27027
● ecf4622fe77f8fff16c7f180fde3d79bb9e716643bbae04714e3cb51c66f7d7a
● ed0b93940d9566c5d924d734ed24e85009d7c2cd7d4ac2056a3125e2c2d233c0
● edb08ead3195be6e94ac5a1dfd4fe213f62309e6bdd5985c27ebf247ec320c37
● ee5d4ed9f6d534f60fea21e1a3ef34b3cf0e8e93e46c8b4e7c8a8dba2351be1a
● ef5b6c0e45400f601181d7444a8362c0a5d29ed140b5732a3c3d080e3613614a
● ef6ae65ff5e63518d0ee47bf800d45ed495633e0598bb9743c66d8fc9a314a61
● ef746d66ddf7855333f0dc2bbbcb7c94da040844bbe24b6fa7d1c503fbe6d2a9
● f001107c6aded6994cf3c14a7caff9736669f75e783b228a397c9e7d3620ac42
● f024e8604f58dd943426af537cbb0e1bcf4b9f259cd4369fcd8b5ce1f90dabc4
● f0276f0aaf7d9647a2ddc965a1bd769823229ed415987f407692f4cfcf5d2737
● f066f4ed58b70d664b4a3d69b85aa4fced8fc09661d7b4269bdb564524131e17
● f0d72adb0c48e4934cbc714b128b5ceec66cb2834b5f53df87ccde1b96e4e8dd
● f1566954ad378e6a2dd71a4fb77d15dab7d584a4779f0c313d3c77ec48e86028
● f1b45b2ad22a4beb689050b96a87ed2d2f2ade26eb2e5c4e9ed2c61301f53095
● f237db399a3ebc02ced1df24d5b43113a3e2bbe596a6ce069e78daafa2e66d9a
● f2835cb14e001bbbe7b64751708ca0bfd9b9f7a0a3c3e5344642d5383b829459
● f36cd29245db809055e679991b3bb15b09c91844abb95d674cc5554b6b3101d3
● f3e075afbbbd253fe25016c19c416177e2c4ccb2fc4c8e8da56f45965d5b62c9
![Page 19: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/19.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 19
● f4290ddb9eb36ac5c6b29b648b8fe3dbce5f73b5b3795dc944b5cd4d02f57bbe
● f4c3f6b89523de11fe6aef01d5a4844acda72547b620d8cd7feb5f7af74155cd
● f6b946620a2d4eb3bfe3c8c90e043507e919a6eff9b0bf233ab2b5de74b4d29c
● f707490f9cab0a41637d53f3a238f2dc58531040fe25addb219416d7948803f4
● f81f52daa847f5419d1643185db6e82891944373a848f0ec54c7ad31deb3eb21
● f88600bcc607f4ed50c4fab44821e72395c794e33d406cea5bcef75fa3604274
● f9ae3cb1bdcc9f4ce2e26bd464c431c5d64f617f5fecd0d85e1eed3f975eb47b
● faa5e4cece34dd1e80a6500172f90f95c4d41cc3375eef11901ae5abce81d010
● faf8e3ed091d6bf447cbc73b4716839e7a139e59aa6e673b15dbd41df0adec7c
● fc51013b9cd3b682283fb03f5777ed28599b4e72b51310c69f28931162ea9f40
● ffeb468b5e7ac461d323d3b193b46b858baea51087b3c6c50e81a714cf065729
Shogan Scan Results of Potentially Infected with Cryptocurrency Mining Malware
Servers:
IP Port Country Organization
34.250.228.148 8333 Ireland Amazon.com
52.50.85.157 8333 Ireland Amazon Data Services Ireland
Limited
54.90.148.132 8333 United States Amazon.com
62.165.159.219 443 Finland DNA Oyj
47.88.189.65 8333 Singapore Alibaba
62.165.159.132 443 Finland DNA Oyj
23.251.159.170 8333 United States Google Cloud
101.200.238.77 8888 China Hangzhou Alibaba Advertising
Co.,Ltd.
![Page 20: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/20.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 20
64.57.65.252 443 United States Blue Gravity Communications
62.165.159.228 443 Finland DNA Oyj
46.166.160.128 9000 Lithuania Dedicated servers
192.249.72.219 465 United States GMO-Z.com USA
91.121.30.64 27015 France OVH SAS
172.222.78.135 18232 United States Bright House Networks
47.52.38.97 8333 United States Alibaba
52.68.243.148 8888 Japan Amazon Data Services Japan
67.227.220.165 443 United States Liquid Web, L.L.C
67.227.220.165 80 United States Liquid Web, L.L.C
138.197.69.53 3001 United States Digital Ocean
172.104.59.95 9000 Singapore Linode
52.211.14.233 8333 Ireland Amazon Data Services Ireland
Limited
54.171.223.253 80 Ireland Amazon
94.250.213.84 27015 Germany Ociris GmbH
62.165.159.212 443 Finland DNA Oyj
71.0.29.168 8333 United States CenturyLink
![Page 21: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/21.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 21
47.93.174.61 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
80.246.59.100 80 Germany Alfahosting GmbH
42.117.37.9 8333 Vietnam FPT Telecom Company
123.207.251.233 8333 China Tencent cloud computing
110.143.32.86 8333 Australia Telstra Internet
47.93.125.109 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
54.206.46.40 8333 Australia Amazon.com
13.210.30.22 8333 United States Amazon.com
13.126.226.221 8333 United States Amazon.com
136.243.6.27 8333 Germany HETZNER
130.185.144.96 8333 United Kingdom Titan Internet Ltd
45.32.6.173 8333 United States Choopa, LLC
103.254.154.76 51985 Singapore Leaseweb Asia
118.244.204.225 8333 China China Unicom Beijing
47.95.32.206 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
118.101.84.151 8333 Malaysia TM Net
47.94.43.22 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
![Page 22: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/22.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 22
47.95.32.170 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
85.214.147.99 8340 Germany Strato AG
94.135.137.108 8333 Germany DTK Deutsche Telekabel GmbH
94.130.9.100 8334 Ukraine D2 International Investment Ukraine
Ltd.
87.76.27.69 8334 United Kingdom Future Hosting LLC
213.136.76.42 5914 Germany Contabo GmbH
66.175.220.212 8333 United States Linode
120.27.142.131 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.88.191.106 8333 Singapore Alibaba
47.94.40.104 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
128.199.138.39 8333 Singapore DigitalOcean
35.158.226.142 8333 Germany A100 ROW GmbH
85.25.95.213 8333 Germany Intergenia AG
62.165.159.139 443 Finland DNA Oyj
47.88.189.201 8333 Singapore Alibaba
2400:cb00:2048:1::6818:7a35 80 China
107.182.230.232 3001 United States Hosting Services Inc
![Page 23: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/23.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 23
2400:cb00:2048:1::6818:7b35 80 China
54.233.99.162 8333 Brazil Amazon.com
67.225.247.179 443 United States Liquid Web, L.L.C
45.55.169.230 8009 United States Digital Ocean
31.214.242.111 5914 Germany active-servers.com
46.4.85.241 9090 Germany Hetzner Online AG
182.254.131.28 8888 China Tencent cloud computing
52.7.106.177 8333 United States Amazon.com
119.23.173.202 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
116.126.142.195 8333 Korea, Republic
of
SK Broadband
47.95.32.102 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
119.23.46.147 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.94.46.31 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
119.23.160.251 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.94.37.151 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
![Page 24: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/24.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 24
163.172.165.116 8333 United Kingdom Scaleway
213.240.181.128 8333 Germany TAL.DE Klaus Internet Service GmbH
118.189.197.152 8333 Singapore M1 Connect Pte Ltd
78.88.15.230 38333 Poland Vectra Broadband
47.94.57.152 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.94.37.87 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.94.57.27 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
86.145.21.74 8333 United Kingdom BT
45.32.233.225 8333 Netherlands Choopa, LLC
47.95.32.49 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
13.126.155.63 8333 United States Amazon.com
119.23.136.213 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
128.30.30.25 8333 United States Massachusetts Institute of
Technology
34.253.100.24 80 Ireland Amazon.com
5.135.191.227 8333 Russian
Federation
OVH SAS
![Page 25: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/25.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 25
150.140.159.209 8333 Greece University of Patras
200.219.153.46 443 Brazil Ipe Informatica Ltda
217.12.34.131 1723 Russian
Federation
Delta LLC
62.165.159.222 443 Finland DNA Oyj
216.117.155.247 443 United States Advanced Internet Technologies
216.117.155.247 80 United States Advanced Internet Technologies
185.77.128.148 80 Netherlands Qhoster Ltd.
88.198.33.214 8333 Germany Hetzner Online AG
78.129.236.141 443 United Kingdom Iomart Hosting Limited
62.165.159.198 443 Finland DNA Oyj
120.77.236.32 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
182.92.194.154 8888 China Hangzhou Alibaba Advertising
Co.,Ltd.
123.56.42.154 8888 China Hangzhou Alibaba Advertising
Co.,Ltd.
60.205.149.7 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
34.231.150.157 3001 United States Amazon.com
31.178.177.195 8343 Poland UPC Polska
![Page 26: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/26.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 26
119.23.137.54 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.88.188.187 8333 Singapore Alibaba
61.130.103.6 8333 China China Telecom
47.94.43.193 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.93.138.195 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
91.223.115.38 8333 Slovenia ARCTUR d.o.o.
52.58.190.144 8333 Germany Amazon.com
101.201.69.70 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
13.126.209.117 8333 United States Amazon.com
47.94.57.96 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
198.27.68.86 8333 Canada OVH Hosting
52.27.176.218 8333 United States Amazon.com
45.30.104.216 8334 United States AT&T Internet Services
120.77.69.230 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
5.56.50.87 8333 United Kingdom OrbitalNet Ltd
![Page 27: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/27.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 27
213.59.149.244 8333 Russian
Federation
OOO SET
178.238.233.12 8333 Germany Contabo GmbH
54.89.8.237 8333 United States Amazon.com
62.165.159.143 443 Finland DNA Oyj
106.14.210.42 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
13.54.95.147 8333 Australia Amazon Corporate Services Pty
103.44.47.254 1883 Australia Oper8 Pty
184.164.155.106 443 United States Secured Servers LLC
74.207.254.156 27017
77.250.222.254 5914 Netherlands UPC NL
101.66.251.4 873 China UNICOM ZheJiang
39.108.50.199 8333 China Aliyun Computing Co.
91.192.222.12 80 Norway Rent a Rack AS
132.204.108.155 5001 Canada University of Montreal
144.76.220.17 9090 Germany HETZNER
104.27.151.50 80 United States CloudFlare
54.153.122.31 8333 United States Amazon
![Page 28: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/28.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 28
116.125.120.26 8333 Korea, Republic
of
SK Broadband
173.212.229.99 8333 Germany Contabo GmbH
163.158.204.173 8333 Netherlands CAIW Diensten B.V.
73.70.235.26 61775 United States Comcast Cable
195.154.168.129 8333 France Iliad-Entreprises
104.238.185.221 8333 United Kingdom Choopa, LLC
164.132.121.44 8333 France OVH SAS
52.193.86.69 110 Japan Amazon Data Services Japan
119.23.136.102 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
162.243.230.62 3001 United States Digital Ocean
141.105.212.26 8333 United Kingdom XLN Telecom Ltd
192.99.150.53 8333 Canada OVH Hosting
35.197.74.16 8333 United States Merit Network
47.52.10.0 8333 United States Alibaba
212.47.229.74 443 France Scaleway
51.254.124.95 8343 France OVH SAS
195.154.182.94 8333 France Iliad-Entreprises
![Page 29: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/29.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 29
172.104.53.89 3001 Singapore Linode
47.88.57.99 8333 United States Alibaba
69.167.188.219 443 United States Liquid Web, L.L.C
52.29.133.16 8333 Germany Amazon.com
47.93.116.138 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
13.126.239.219 8333 United States Amazon.com
108.59.2.208 8333 United States Leaseweb USA
103.4.199.6 10001 Singapore Viewqwest Pte
119.23.136.17 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
62.165.159.223 443 Finland DNA Oyj
118.88.24.99 443 Australia Dedicated Servers Australia
31.179.168.14 3001 Poland UPC Polska
47.94.133.252 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
107.172.253.120 8333 United States ColoCrossing
121.199.5.112 3001 China Hangzhou Alibaba Advertising
Co.,Ltd.
46.4.87.105 9333 Germany Hetzner Online AG
35.192.12.181 8333 United States Merit Network
![Page 30: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/30.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 30
67.225.247.176 443 United States Liquid Web, L.L.C
182.254.150.39 8888 China Tencent cloud computing
67.225.247.176 80 United States Liquid Web, L.L.C
62.165.159.220 443 Finland DNA Oyj
62.165.159.208 443 Finland DNA Oyj
138.197.204.148 8333 United States Digital Ocean
92.177.122.116 8333 Spain Orange Espana
120.25.159.167 443 China Hangzhou Alibaba Advertising
Co.,Ltd.
5.189.148.157 8333 Germany Contabo GmbH
62.165.159.225 443 Finland DNA Oyj
78.35.73.217 8333 Germany NetCologne GmbH
95.211.212.145 80 Netherlands LeaseWeb Netherlands B.V.
89.163.200.242 27015 Germany UNITEDCOLO RootServer
208.68.36.26 443 United States Digital Ocean
165.227.84.104 8333 United States Digital Ocean
188.40.93.205 8333 Germany Hetzner Online AG
47.90.208.254 8333 United States Alibaba
![Page 31: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/31.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 31
119.23.137.104 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.94.47.152 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
91.217.246.131 443 Cyprus Cloudlayer8 Limited
52.78.133.161 80 Korea, Republic
of
AWS Asia Pacific (Seoul) Region
114.55.41.78 3001 China Hangzhou Alibaba Advertising
Co.,Ltd.
34.249.88.41 80 Ireland Amazon.com
174.138.38.56 443 United States Digital Ocean
46.101.181.118 8333 Germany DigitalOcean
62.165.159.200 443 Finland DNA Oyj
199.89.55.41 8081 United States Gigas Hosting Usa, LLC
198.57.162.52 443 United States Unified Layer
95.213.137.5 80 Russian
Federation
OOO Network of data-centers
Selectel
185.69.197.55 21 Poland Inwep Sp. z o.o.
193.234.225.156 8333 Italy Prometeus di Daniela Agro
64.74.97.215 27015 United States Nuclear Fallout Enterprises
192.249.72.218 80 United States GMO-Z.com USA
![Page 32: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/32.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 32
217.136.127.99 8334 Belgium Skynet Belgium
72.42.164.59 8333 United States GCI Communications
209.160.27.54 8333 United States HopOne Internet Corporation
172.104.126.121 7333 Japan Linode
62.165.159.197 443 Finland DNA Oyj
79.238.40.98 8333 Germany Deutsche Telekom AG
107.175.70.66 8333 United States ColoCrossing
139.218.230.50 8123 Australia Dodo Australia
47.95.32.11 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
75.177.137.134 8333 United States Time Warner Cable
47.93.138.197 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
51.15.172.85 8333 France ONLINE SAS
35.157.244.225 8333 Germany A100 ROW GmbH
173.247.24.200 8333 United States EPB Fiber Optics
178.12.93.228 8333 Germany Vodafone DSL
213.168.187.27 8343 Czech Republic Dragon Internet a.s.
96.255.149.25 8333 United States Verizon Fios
![Page 33: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/33.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 33
211.22.29.34 19263 Taiwan HiNet
163.172.77.155 38333 United Kingdom ONLINE SAS
13.126.64.248 8333 United States Amazon.com
71.2.84.74 8333 United States CenturyLink
13.78.112.11 8333 Japan Microsoft Azure
174.129.195.37 9000 United States Amazon.com
182.92.241.23 8888 China Hangzhou Alibaba Advertising
Co.,Ltd.
35.197.25.235 8333 United States Merit Network
54.72.33.159 443 Ireland Amazon.com
178.62.224.112 8000 Netherlands Digital Ocean
52.196.39.203 80 Japan Amazon Data Services Japan
52.201.26.250 8888 United States Amazon.com
138.201.87.105 8009 Germany HETZNER
93.170.77.166 8181 Czech Republic ALFA TELECOM s.r.o.
208.81.5.237 443 Canada LES.NET
182.92.7.212 8888 China Hangzhou Alibaba Advertising
Co.,Ltd.
120.76.213.131 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
![Page 34: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/34.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 34
62.165.159.194 443 Finland DNA Oyj
173.212.202.33 18337 Germany Contabo GmbH
47.89.240.50 3001 United States Alibaba
120.76.203.124 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
209.193.81.82 1723 United States Visionary Communications
193.70.72.92 8443 France OVH SAS
200.74.241.224 80 Panama Level 3 Communications
93.197.46.237 8333 Germany Deutsche Telekom AG
194.14.246.205 8444 Sweden Serious Tubes Networks
5.9.144.83 8333 Germany Hetzner Online AG
47.94.46.219 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
119.23.173.111 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.95.36.112 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
37.120.160.55 21 Germany netcup GmbH
163.172.4.66 8333 France ONLINE SAS
94.177.228.222 444 Germany Aruba S.p.A.
62.165.159.221 443 Finland DNA Oyj
![Page 35: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/35.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 35
47.94.47.202 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
198.199.68.115 3001 United States ServerStack
81.187.174.10 1883 United Kingdom Andrews & Arnold Ltd
119.23.160.235 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
185.162.66.218 443 Romania ROMARG SRL
185.162.66.218 80 Romania ROMARG SRL
217.12.34.130 1723 Russian
Federation
Delta LLC
95.133.1.1 8333 Ukraine PJSC Ukrtelecom
52.18.90.0 443 Ireland Amazon.com
174.138.59.224 8333 United States Digital Ocean
119.23.173.193 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
45.55.226.181 25 United States Digital Ocean
54.238.56.124 443 Japan Amazon.com
62.165.159.144 443 Finland DNA Oyj
81.2.246.42 137 Czech Republic INTERNET CZ, a.s.
178.63.60.7 9090 Germany Hetzner Online AG
52.74.170.79 8888 Singapore Amazon.com
![Page 36: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/36.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 36
106.14.209.38 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
52.196.39.203 443 Japan Amazon Data Services Japan
185.116.158.162 27015 Germany Tristan Fischer trading as oneCorp
Systems
52.63.175.61 8333 Australia Amazon.com
5.101.127.138 443 Estonia Fastvps Eesti Ou
193.70.72.93 8443 France OVH SAS
54.208.244.245 8081 United States Amazon.com
45.55.123.39 8009 United States Digital Ocean
31.19.205.53 8333 Germany Vodafone Kabel Deutschland
78.97.128.161 8333 Romania UPC Romania BUCURESTI
173.212.198.201 8333 Germany Contabo GmbH
138.201.236.32 8333 Germany HETZNER
47.52.10.4 8333 United States Alibaba
119.23.173.186 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
119.23.173.192 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
107.172.9.157 8333 United States ColoCrossing
184.73.128.254 8333 United States Amazon.com
![Page 37: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/37.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 37
173.255.198.125 8333 United States Linode
101.37.116.226 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
101.201.232.112 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
120.77.236.204 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
60.205.149.204 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.52.9.172 8333 United States Alibaba
35.188.209.243 8333 United States Google Cloud
52.53.248.42 8333 United States Amazon.com
47.93.112.25 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
13.126.139.182 8333 United States Amazon.com
94.242.250.166 8434 Luxembourg root SA
52.51.232.234 8333 Ireland Amazon Data Services Ireland
Limited
62.210.110.181 18333 France ONLINE SAS
67.207.81.56 8333 United States ServerStack
47.94.57.114 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
![Page 38: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/38.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 38
78.187.90.122 8333 Turkey Turk Telekom
119.9.116.50 8333 Hong Kong Rackspace Hosting
47.74.22.103 8333 United States Alibaba
13.229.62.191 8333 United States Amazon.com
194.88.107.102 8333 Netherlands WorldStream B.V.
67.240.240.109 8333 United States Time Warner Cable
65.132.7.226 8333 United States Best Western Plus Rio Grande
163.172.189.114 8333 United Kingdom Scaleway
47.94.47.187 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.93.125.24 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
119.23.128.1 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
39.108.13.102 8333 China Aliyun Computing Co.
82.23.192.158 8333 United Kingdom Virgin Media
85.224.105.99 8333 Sweden Bredbandsbolaget AB
158.129.212.236 8335 Lithuania Vilnius Gediminas Technical
University
34.251.249.159 8333 Ireland Amazon.com
73.148.68.193 8333 United States Comcast Cable
![Page 39: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/39.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 39
173.23.228.234 8333 United States Mediacom Cable
104.168.167.34 8333 United States Hostwinds LLC.
54.158.87.15 8333 United States Amazon
119.23.173.187 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
70.181.115.20 8333 United States Cox Communications
62.165.159.217 443 Finland DNA Oyj
62.165.159.229 443 Finland DNA Oyj
62.165.159.151 443 Finland DNA Oyj
34.227.47.255 8333 United States Amazon.com
37.120.164.16 18333 Germany netcup GmbH
171.88.7.143 7333 China China Telecom Sichuan
46.127.12.33 8333 Switzerland Cablecom GmbH
47.52.9.242 8333 United States Alibaba
73.111.106.204 8333 United States Comcast Cable
184.18.142.38 8333 United States Frontier Communications
163.172.94.64 8333 United Kingdom ONLINE SAS
89.186.216.2 8333 Austria ViM Internetdienstleistungen GmbH
![Page 40: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/40.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 40
47.93.138.213 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
95.87.204.109 8333 Bulgaria NET1 Ltd.
72.5.167.41 8333 United States Internap Network Services
Corporation
178.162.74.187 8333 Russian
Federation
Credolink ISP clients pool
52.28.202.131 8333 Germany Amazon.com
178.162.40.90 8333 Russian
Federation
Credolink ISP clients pool
47.94.57.161 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
203.190.199.104 8333 Australia Primus Telecommunications
73.153.220.88 8333 United States Comcast Cable
54.67.25.160 8888 United States Amazon
52.16.114.127 8333 Ireland Amazon.com
201.131.203.196 8333 Mexico Computadoras Y Servicios Especiales
SA De Cv
60.205.94.41 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
62.165.159.148 443 Finland DNA Oyj
151.80.181.1 27015 Italy OVH SAS
![Page 41: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/41.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 41
196.54.41.38 52442 Canada Choopa, LLC
172.104.75.7 7333 Japan Linode
118.193.141.87 8333 China Shanghai Anchang Network Security
Technology Co.,L
47.93.138.144 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
52.91.3.54 8333 United States Amazon.com
79.193.46.245 8333 Germany Deutsche Telekom AG
178.62.65.61 25 United Kingdom Digital Ocean
120.76.203.125 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.94.36.120 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
45.32.195.3 443 United States Choopa, LLC
2607:f1c0:848:1000::48:943c 9000 United States
62.165.159.213 443 Finland DNA Oyj
2607:f1c0:848:1000::48:943c 9001 United States
47.95.36.127 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
54.236.38.195 3001 United States Amazon.com
88.198.207.217 443 Germany Hetzner Online GmbH
![Page 42: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/42.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 42
46.235.144.110 873 Switzerland HiHo GmbH
47.93.120.133 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
120.76.215.99 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
178.238.226.209 8333 Germany Contabo GmbH
176.24.197.77 8334 United Kingdom Sky Broadband
52.90.132.42 8333 United States Amazon.com
82.95.163.103 8333 Netherlands Xs4all Internet BV
37.187.76.84 8333 France OVH SAS
45.37.37.120 8333 United States Time Warner Cable
130.185.144.83 8333 United Kingdom Titan Internet Ltd
120.77.237.5 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
185.21.216.193 8333 United Kingdom Joshua Peter McQuistan
52.18.90.0 80 Ireland Amazon.com
52.77.231.121 3001 Singapore Amazon.com
52.79.192.133 8888 Korea, Republic
of
Amazon.com
52.50.184.227 443 Ireland Amazon Data Services Ireland
Limited
![Page 43: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/43.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 43
47.94.57.139 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
46.101.74.246 8333 United Kingdom DigitalOcean
104.237.136.212 8333 United States Linode
208.85.241.10 8333 United States Fast Serv Networks, LLC
47.52.8.230 8333 United States Alibaba
185.35.137.40 8081 Netherlands Zyztm Research Division 10 B.V.
178.254.9.88 443 Germany EVANZO e-commerce GmbH
108.61.206.233 8081 United States Choopa, LLC
101.236.34.45 8333 China China Unicom Beijing
123.57.1.108 8888 China Hangzhou Alibaba Advertising
Co.,Ltd.
85.24.202.199 8333 Sweden Bahnhof Internet AB
62.165.159.210 443 Finland DNA Oyj
37.221.198.57 28333 Germany netcup GmbH
58.64.200.50 12589 Hong Kong New World Telephone
177.92.48.31 8334 Brazil COPEL Telecom
82.68.72.54 8333 United Kingdom Zen Internet Ltd
52.193.86.69 587 Japan Amazon Data Services Japan
![Page 44: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/44.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 44
95.78.239.93 8333 Russian
Federation
JSC ER-Telecom Holding Orenburg
branch
193.182.19.230 80 Sweden Resilans AB
88.98.228.198 443 United Kingdom Hyperoptic Ltd
83.226.67.119 8333 Sweden Bredbandsbolaget AB
47.52.9.80 8333 United States Alibaba
47.94.37.57 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
192.243.215.175 8333 Canada Pacific Servers
212.47.235.251 8333 France Scaleway
120.76.157.222 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
119.23.173.194 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.52.9.219 8333 United States Alibaba
77.234.104.137 8333 Finland PARNET-IP
52.53.148.163 8333 United States Amazon.com
47.52.10.54 8333 United States Alibaba
50.106.171.246 8333 United States Frontier Communications
47.52.10.47 8333 United States Alibaba
![Page 45: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/45.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 45
47.93.122.227 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
54.207.118.226 8333 Brazil Amazon.com
198.48.133.157 8333 Canada TekSavvy Solutions
91.193.228.106 8333 Russian
Federation
Internet Service Ltd.
123.56.86.36 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
52.77.211.219 8333 Singapore Amazon.com
47.52.10.90 8333 United States Alibaba
47.93.115.130 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
45.32.65.35 8333 United States Choopa, LLC
185.50.191.68 8333 Switzerland EDSI-Tech Sarl
13.126.239.87 8333 United States Amazon.com
193.124.176.37 8333 Russian
Federation
Marosnet enterprise network
52.210.38.227 8333 Ireland Amazon Data Services Ireland
Limited
5.189.157.40 8333 Germany Contabo GmbH
47.52.10.92 8333 United States Alibaba
192.203.228.91 8333 United States Two P
![Page 46: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/46.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 46
37.59.179.176 8333 France OVH SAS
178.169.249.185 8333 Bulgaria Bulsatcom EAD
93.80.39.244 8333 Russian
Federation
Beeline Home
107.23.184.33 8333 United States Amazon.com
212.60.121.11 8333 Denmark Zen Systems A/S
173.212.226.169 8333 Germany Contabo GmbH
99.45.189.159 8333 United States AT&T U-verse
5.39.77.33 8333 France OVH SAS
37.61.238.54 8333 United Kingdom Namecheap
119.23.137.138 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.52.0.131 8333 United States Alibaba
54.183.187.249 8333 United States Amazon.com
185.5.55.18 8333 Lithuania UAB Interneto vizija
47.91.197.178 8333 United States Alibaba
54.183.123.11 8333 United States Amazon.com
91.121.183.128 8333 France OVH SAS
217.78.0.112 8333 Ireland Dediserve Ltd
![Page 47: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/47.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 47
47.95.32.150 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
217.182.199.21 8333 France OVH SAS
212.85.91.97 8433 Sweden Bahnhof Internet AB
47.94.57.156 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.52.9.183 8333 United States Alibaba
47.93.138.163 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
94.217.195.198 8333 Germany Vodafone DSL
104.238.134.28 8333 United States Choopa, LLC
52.50.150.123 8333 Ireland Amazon Data Services Ireland
Limited
78.176.193.74 8333 Turkey Turk Telekom
119.23.160.244 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
93.170.77.164 8181 Czech Republic ALFA TELECOM s.r.o.
35.158.190.238 8333 Germany A100 ROW GmbH
37.97.129.173 25 Netherlands Transip B.V.
97.118.125.249 8333 United States CenturyLink
84.119.48.173 8333 Germany Unitymedia
![Page 48: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/48.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 48
52.69.193.141 8888 Japan Amazon Data Services Japan
62.165.159.140 443 Finland DNA Oyj
73.251.166.82 8000 United States Comcast Cable
128.199.167.136 443 Singapore DigitalOcean
47.93.123.228 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.94.37.100 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
78.71.201.91 8333 Sweden Telia Company
120.77.236.148 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
93.255.195.151 8333 Germany Deutsche Telekom AG
120.76.203.53 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
86.147.114.139 8333 United Kingdom BT
220.2.102.14 8333 Japan Softbank BB
199.101.100.58 8333 United States QuickPacket Atlanta, LLC
52.65.195.27 8443 Australia Amazon.com
34.226.202.231 8333 United States Amazon.com
119.23.173.131 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
![Page 49: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/49.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 49
62.165.159.201 443 Finland DNA Oyj
108.226.131.169 8333 United States AT&T U-verse
165.227.151.132 8333 United States Digital Ocean
65.112.221.91 8333 United States CenturyLink
47.91.155.27 443 United States Alibaba
88.99.94.66 9000 Germany Hetzner Online GmbH
45.55.214.33 25 United States Digital Ocean
58.64.200.70 12589 Hong Kong New World Telephone
119.23.137.129 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
62.75.160.41 8333 France BSB-SERVICE - Virtual dedicated
Server-Hosting
82.26.76.248 8333 United Kingdom Virgin Media
74.208.184.161 9000 United States 1&1 Internet AG
47.95.36.88 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
120.26.96.250 8333 China Aliyun Computing Co.
52.30.246.90 80 Ireland Amazon Data Services Ireland
Limited
104.156.233.153 8333 Australia Choopa, LLC
62.165.159.207 443 Finland DNA Oyj
![Page 50: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/50.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 50
62.165.159.226 443 Finland DNA Oyj
120.76.203.139 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.52.10.26 8333 United States Alibaba
74.91.123.111 27015 United States Nuclearfallout Enterprises
62.165.159.141 443 Finland DNA Oyj
47.215.151.160 8334 United States Suddenlink Communications
91.149.139.18 8333 Belarus JCLL Cosmos TV
120.76.201.161 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
138.197.166.17 8333 United States Digital Ocean
54.255.213.254 8333 Singapore Amazon.com
45.55.87.181 80 United States Digital Ocean
54.183.216.238 8333 United States Amazon.com
52.79.185.113 80 Korea, Republic
of
Amazon.com
74.208.184.161 9001 United States 1&1 Internet AG
66.150.121.11 27015 United States Nuclear Fallout Enterprises
93.170.187.9 8333 Lithuania UAB Duomenu apdorojimo centras
13.126.10.3 8333 United States Amazon.com
![Page 51: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/51.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 51
182.92.131.166 8888 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.52.10.50 8333 United States Alibaba
5.189.165.249 8333 Germany Contabo GmbH
62.165.159.202 443 Finland DNA Oyj
120.77.69.198 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
51.15.78.11 8333 France ONLINE SAS
185.145.128.91 8333 Netherlands AbeloHost B.V.
40.68.161.211 8080 Netherlands Microsoft Azure
200.229.202.121 8333 Brazil Telefonica Data S.A.
188.226.133.139 9001 Netherlands Digital Ocean
62.165.159.218 443 Finland DNA Oyj
116.125.120.26 9002 Korea, Republic
of
SK Broadband
54.171.223.253 443 Ireland Amazon
107.191.41.93 8333 United States Choopa, LLC
114.215.142.30 3001 China Hangzhou Alibaba Advertising
Co.,Ltd.
46.10.239.155 8333 Bulgaria Vivacom
![Page 52: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/52.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 52
79.173.125.56 8333 Russian
Federation
TK TOR Network
47.52.45.115 443 United States Alibaba
172.245.62.58 443 United States ColoCrossing
212.71.254.159 10000 United Kingdom Linode
31.210.127.92 80 Turkey Inter Net Bilgisayar Ltd Sti
85.7.75.136 8333 Switzerland Bluewin
136.243.36.238 80 Germany HETZNER
193.182.19.230 443 Sweden Resilans AB
108.170.51.86 80 United States Secured Servers LLC
45.58.36.248 443 Canada Atlantic.Net - Toronto, LLC.
67.225.247.179 80 United States Liquid Web, L.L.C
108.170.51.86 443 United States Secured Servers LLC
47.93.116.204 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
54.175.254.49 8081 United States Amazon.com
119.81.23.138 8081 Singapore SoftLayer Technologies
185.185.41.6 8333 Netherlands HostUS
52.78.136.150 80 Korea, Republic
of
AWS Asia Pacific (Seoul) Region
![Page 53: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/53.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 53
92.28.217.178 8333 United Kingdom TalkTalk
120.77.69.197 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
104.131.90.220 25 United States Digital Ocean
123.56.250.200 8888 China Hangzhou Alibaba Advertising
Co.,Ltd.
217.182.70.37 5001 France OVH SAS
69.140.5.215 8333 United States Comcast Cable
119.23.137.81 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
91.106.149.46 8333 Germany Customer VSM POP Sandesneben
34.210.228.10 8333 United States Amazon.com
89.217.9.145 8333 Switzerland sunrise
66.70.180.53 8333 United States OLM, LLC
35.184.152.93 8333 United States Google Cloud
67.225.71.44 8333 Canada SaskTel
71.252.137.246 8333 United States Frontier Communications
120.77.69.212 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
218.18.10.231 8332 China China Telecom Guangdong
![Page 54: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/54.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 54
119.23.160.19 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
88.99.16.70 8333 Germany Hetzner Online GmbH
47.52.10.12 8333 United States Alibaba
34.253.41.152 8333 Ireland Amazon.com
24.71.34.198 8333 Canada Shaw Communications
165.227.86.25 8333 United States Digital Ocean
46.251.251.60 8334 Germany Optimate-Server
37.61.238.132 8333 United Kingdom Namecheap
54.153.6.133 8333 United States Amazon
13.126.93.130 8333 United States Amazon.com
194.14.246.77 8333 Sweden Serious Tubes Networks
54.158.13.123 8333 United States Amazon
119.23.137.31 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
124.207.244.222 27017 China Beijing Zhongbangyatong Telecom
Technology Co,Ltd
192.249.72.218 443 United States GMO-Z.com USA
93.115.28.41 8081 Lithuania Dedicated servers
35.156.90.119 8081 Germany A100 ROW GmbH
![Page 55: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/55.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 55
120.77.237.13 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
116.62.21.9 3001 China Hangzhou Alibaba Advertising
Co.,Ltd.
59.110.53.174 8888 China Hangzhou Alibaba Advertising
Co.,Ltd.
192.249.72.219 25 United States GMO-Z.com USA
130.185.144.107 8333 United Kingdom Titan Internet Ltd
192.131.44.100 8333 Canada Whatbox
35.189.178.80 8333 United States Google Cloud
62.210.85.120 3001 France ONLINE SAS
87.98.216.36 8333 France OVH SAS
62.165.159.146 443 Finland DNA Oyj
54.238.171.233 8333 Japan Amazon.com
67.225.247.178 443 United States Liquid Web, L.L.C
52.76.59.165 8888 Singapore Amazon.com
182.92.65.68 8888 China Hangzhou Alibaba Advertising
Co.,Ltd.
83.163.223.145 8333 Netherlands Xs4all Internet BV
35.158.240.174 8333 Germany A100 ROW GmbH
182.149.156.151 7333 China China Telecom Sichuan
![Page 56: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/56.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 56
163.172.141.29 8333 United Kingdom Scaleway
54.169.3.155 8333 Singapore Amazon
88.222.150.30 8333 Lithuania MGNT Kns core6 network
94.130.13.253 8889 Ukraine D2 International Investment Ukraine
Ltd.
188.138.94.72 80 Germany HEG Mass
81.2.246.42 445 Czech Republic INTERNET CZ, a.s.
123.56.78.54 8888 China Hangzhou Alibaba Advertising
Co.,Ltd.
54.223.214.238 8333 China Beijing Guanghuan Xinwang Digital
164.132.198.177 8443 France OVH SAS
198.50.145.8 443 Canada OVH Hosting
188.115.167.85 8335 Ukraine TeNeT Networking Centre
163.172.55.14 8000 United Kingdom ONLINE SAS
68.109.90.161 8081 United States Cox Communications
13.55.90.243 8443 Australia Amazon Corporate Services Pty
182.149.158.18 7333 China China Telecom Sichuan
62.165.159.138 443 Finland DNA Oyj
52.210.72.160 9001 Ireland Amazon Data Services Ireland
Limited
![Page 57: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/57.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 57
34.253.104.70 80 Ireland Amazon.com
98.201.102.198 8333 United States Comcast Cable
14.200.247.36 445 Australia TPG Internet
47.94.57.146 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
49.212.191.149 27017 Japan SAKURA Internet
199.101.100.60 8333 United States QuickPacket Atlanta, LLC
5.135.157.17 8333 France OVH SAS
199.204.211.87 8333 Canada Dynamic ASP
67.225.247.177 443 United States Liquid Web, L.L.C
182.92.166.106 8888 China Hangzhou Alibaba Advertising
Co.,Ltd.
67.225.247.177 80 United States Liquid Web, L.L.C
54.153.224.151 8333 Australia Amazon
139.59.148.215 8333 Germany Digital Ocean
138.197.133.114 80 Canada Digital Ocean
176.9.113.75 9090 Germany Hetzner Online GmbH
79.76.13.85 8333 United Kingdom TalkTalk
18.220.192.79 8333 United States Massachusetts Institute of
Technology
![Page 58: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/58.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 58
77.55.245.103 443 Poland Nazwa.pl Sp.z.o.o.
47.94.56.232 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
35.185.209.69 8333 United States Google Cloud
24.156.10.94 8334 United States Suddenlink Communications
47.95.32.214 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
54.77.9.180 8333 Ireland Amazon.com
47.95.36.131 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
92.221.15.88 8333 Norway Lyse Tele
93.211.237.72 28333 Germany Deutsche Telekom AG
47.93.125.140 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
120.77.180.127 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
80.234.37.94 8333 Russian
Federation
Rostelecom
87.79.96.123 8333 Germany NetCologne GmbH
47.95.36.119 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
83.69.203.44 8333 Russian
Federation
JSC Mastertel
![Page 59: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/59.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 59
84.209.131.163 8333 Norway UPC Norge
66.36.135.64 8335 Canada Babillard Synapse
54.93.254.78 8333 Germany Amazon.com
47.94.47.95 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.94.57.155 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.90.204.241 8333 United States Alibaba
185.128.120.66 8333 Germany COM-IN Telekommunikations GmbH
54.183.131.136 8333 United States Amazon.com
51.15.1.170 8333 Netherlands Online SAS Nl
93.115.29.158 8333 Lithuania Dedicated servers
54.206.77.61 8333 Australia Amazon.com
35.158.246.27 8333 Germany A100 ROW GmbH
213.136.73.207 8333 Germany Contabo GmbH
69.30.243.162 8333 United States WholeSale Internet
192.243.215.176 8333 Canada Pacific Servers
54.183.36.6 8333 United States Amazon.com
47.94.57.149 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
![Page 60: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/60.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 60
162.105.156.147 8333 China China Education and Research
Network Center
13.82.92.201 8333 United States Microsoft Azure
100.11.81.93 8333 United States Verizon Fios
54.86.30.74 8333 United States Amazon.com
104.197.110.17 25 United States Google Cloud
212.51.142.37 8333 Switzerland Init7 (Switzerland) Ltd.
88.96.33.122 8333 United Kingdom Zen Internet Ltd
35.158.82.156 8333 Germany A100 ROW GmbH
71.191.158.50 8333 United States Verizon Fios
92.203.12.1 8333 Germany QSC AG
211.149.178.142 8333 China China Telecom SiChuan Telecom
Internet Data Center
209.181.66.82 8333 United States CenturyLink
94.193.18.181 445 United Kingdom Sky Broadband
5.199.134.67 161 Germany myLoc managed IT AG
62.210.12.35 8333 France ONLINE SAS
73.48.53.56 8333 United States Comcast Cable
192.99.175.173 8333 Canada OVH Hosting
![Page 61: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/61.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 61
47.95.33.36 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.94.41.42 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
138.204.24.126 8334 Brazil COPEL Telecom
86.52.235.197 8333 Denmark Stofa+A/S
176.62.217.81 8333 Russian
Federation
Mifril+ LLC
46.4.128.62 8333 Germany Hetzner Online GmbH
138.197.209.223 8333 United States Digital Ocean
80.220.148.65 8333 Finland TeliaSonera Finland Oyj
47.93.123.193 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
52.210.235.26 8333 Ireland Amazon Data Services Ireland
Limited
193.183.105.208 8333 Sweden Resilans AB
62.165.159.136 443 Finland DNA Oyj
87.171.73.193 8333 Germany Deutsche Telekom AG
139.59.145.212 8000 Germany Digital Ocean
98.143.85.250 80 Canada Stargate Connections
62.165.159.206 443 Finland DNA Oyj
![Page 62: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/62.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 62
74.208.221.224 9000 United States 1&1 Internet AG
68.108.97.239 8081 United States Cox Communications
139.194.172.219 8333 Indonesia Fastnet
188.98.11.122 50030 Germany Vodafone DSL
198.48.149.113 8333 Canada TekSavvy Solutions
82.131.14.189 8333 Estonia Starman AS
47.94.47.35 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
5.189.149.185 8333 Germany Contabo GmbH
13.229.59.240 8333 United States Amazon.com
75.143.109.42 8333 United States Charter Communications
47.93.137.197 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
18.196.0.242 8333 United States Massachusetts Institute of
Technology
54.79.95.49 8333 Australia Amazon.com
47.95.32.222 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.94.47.169 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.93.138.128 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
![Page 63: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/63.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 63
78.94.37.38 8333 Germany Unitymedia B2B StaticIP aggregate
47.89.177.134 8333 United States Alibaba
34.228.244.49 8333 United States Amazon.com
54.89.162.54 8333 United States Amazon.com
52.62.183.49 8333 Australia Amazon.com
47.94.57.121 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
54.66.222.15 8333 Australia Amazon
184.105.70.57 8333 United States Hurricane Electric
101.200.86.104 8888 China Hangzhou Alibaba Advertising
Co.,Ltd.
138.68.19.237 3001 United States Digital Ocean
62.165.159.149 443 Finland DNA Oyj
66.228.53.131 80 United States Linode
62.165.159.215 443 Finland DNA Oyj
47.95.36.36 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
54.64.217.175 8333 Japan Amazon.com
38.102.69.4 8333 United States Protected.CA
199.101.100.59 8333 United States QuickPacket Atlanta, LLC
![Page 64: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/64.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 64
47.94.57.153 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
101.92.43.66 50001 China China Telecom Shanghai
193.198.102.35 8333 Croatia Croatian Academic and Research
Network
73.160.137.126 8333 United States Comcast Cable
37.61.238.55 8333 United Kingdom Namecheap
52.30.246.90 443 Ireland Amazon Data Services Ireland
Limited
52.206.112.21 3001 United States Amazon.com
202.105.138.130 8333 China China Telecom Guangdong
54.183.214.240 8333 United States Amazon.com
47.94.41.58 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
54.206.27.18 8333 Australia Amazon.com
90.188.13.59 28333 Russian
Federation
OJSC Sibirtelecom
62.158.92.231 2710 Germany Deutsche Telekom AG
194.149.90.19 8333 Russian
Federation
Cross Tel Ltd
109.150.64.184 8333 United Kingdom BT
178.21.118.33 8333 Netherlands DirectVPS B.V.
![Page 65: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/65.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 65
50.93.109.50 8333 Canada Telus Communications
54.193.103.231 8333 United States Amazon.com
54.149.206.22 18916 United States Amazon
47.94.57.128 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.95.36.43 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
206.248.172.226 8333 Canada TekSavvy Solutions
97.83.50.233 18232 United States Charter Communications
144.217.73.178 8333 Canada OVH Hosting
54.154.242.119 80 Ireland Amazon
96.250.70.79 8333 United States Verizon Fios
62.165.159.147 443 Finland DNA Oyj
84.73.120.166 8333 Switzerland Cablecom GmbH
52.66.180.152 8333 India Amazon.com
47.94.37.105 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
123.233.20.168 8333 China China Unicom Shandong
192.95.5.103 8333 Canada OVH Hosting
82.69.201.108 8333 United Kingdom Zen Internet Ltd
![Page 66: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/66.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 66
138.197.176.37 8333 United States Digital Ocean
52.66.10.204 8333 India Amazon.com
52.210.72.160 9002 Ireland Amazon Data Services Ireland
Limited
62.165.159.214 443 Finland DNA Oyj
52.17.30.32 443 Ireland Amazon.com
62.165.159.137 443 Finland DNA Oyj
47.94.45.184 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.94.37.111 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
80.216.4.252 8333 Sweden Com Hem AB
47.95.32.9 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.95.32.160 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.90.102.70 8333 Hong Kong Alibaba
47.94.57.151 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
213.186.170.107 8333 Jordan Jordan Data Communications
Company LLC
188.105.227.20 8333 Germany Vodafone DSL
![Page 67: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/67.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 67
94.214.106.13 8333 Netherlands Ziggo
52.19.182.1 8333 Ireland Amazon.com
54.179.157.33 8333 Singapore Amazon.com
80.149.23.19 8333 Germany Deutsche Telekom AG
35.154.153.188 8333 India Amazon Data Services India
45.32.46.198 8333 Japan Choopa, LLC
71.163.19.172 8333 United States Verizon Fios
95.111.107.136 8333 Bulgaria Obelia 2 quarter
122.228.96.58 8333 China China Telecom Wenzhou
52.77.210.42 8333 Singapore Amazon.com
35.185.222.152 443 United States Google Cloud
182.92.226.91 8888 China Hangzhou Alibaba Advertising
Co.,Ltd.
54.67.18.141 8888 United States Amazon
47.94.57.92 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
136.243.73.208 8333 Germany HETZNER
115.195.166.177 8333 China China Telecom Hangzhou
92.249.119.52 8333 Ukraine Private Stock company Sater
![Page 68: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/68.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 68
194.125.27.103 8333 Ireland BT Communications Ireland Limited
47.52.106.253 8333 United States Alibaba
81.104.76.62 8335 United Kingdom Virgin Media
47.95.32.115 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
52.55.179.5 8333 United States Amazon.com
47.52.11.167 8333 United States Alibaba
87.167.102.8 15678 Germany Deutsche Telekom AG
47.94.37.147 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
147.91.82.116 8333 Serbia Akademska mreza Republike Srbije -
AMRES
69.167.188.219 80 United States Liquid Web, L.L.C
52.212.102.77 80 Ireland Amazon Data Services Ireland
Limited
52.57.14.67 8333 Germany Amazon.com
52.243.44.176 8333 Japan Microsoft Azure
78.129.236.141 80 United Kingdom Iomart Hosting Limited
61.171.162.26 8333 China China Telecom Shanghai
177.92.59.130 8334 Brazil COPEL Telecom
![Page 69: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/69.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 69
47.94.47.216 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
98.206.255.202 8333 United States Comcast Cable
129.59.231.224 8333 United States Vanderbilt University
47.94.57.140 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
2001:19f0:5c00:8de2::64 443 United States
2a03:b0c0:2:d0::4a6:a001 8333 Hong Kong
2607:f1c0:823:af00::35:bbd1 9000 United States
2600:3c00::f03c:91ff:fe73:7a2c 80 United States
2607:f1c0:823:af00::35:bbd1 9001 United States
188.138.94.72 443 Germany HEG Mass
46.101.190.240 8333 Germany DigitalOcean
62.165.159.145 443 Finland DNA Oyj
2a03:b0c0:2:d0::9f:c001 5001 Hong Kong
158.69.251.42 8333 Canada OVH Hosting
35.156.118.148 8333 Germany A100 ROW GmbH
83.35.42.39 445 Spain Telefonica de Espana
188.194.134.172 8333 Germany Vodafone Kabel Deutschland
![Page 70: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/70.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 70
62.165.159.142 443 Finland DNA Oyj
54.173.149.22 8333 United States Amazon
5.135.215.19 8333 France OVH SAS
47.88.62.100 8333 United States Alibaba
188.165.250.63 8333 France OVH SAS
137.74.31.109 8333 France OVH SAS
24.8.29.178 8333 United States Comcast Cable
198.23.49.147 443 United States Steadfast
62.165.159.134 443 Finland DNA Oyj
74.91.112.143 27015 United States Nuclearfallout Enterprises
118.190.68.238 8888 China Hangzhou Alibaba Advertising
Co.,Ltd.
52.65.58.199 8333 Australia Amazon.com
192.249.72.218 25 United States GMO-Z.com USA
188.166.60.76 5001 Netherlands DigitalOcean
62.165.159.227 443 Finland DNA Oyj
47.91.156.161 443 United States Alibaba
120.25.82.44 443 China Hangzhou Alibaba Advertising
Co.,Ltd.
![Page 71: Proliferation of Mining Malware Signals a Shift in ...€¦ · 11/10/2017 · Recorded Future | | CTA-2017-1011 | 20 64.57.65.252 443 United States Blue Gravity Communications 62.165.159.228](https://reader036.fdocuments.us/reader036/viewer/2022090506/601be3bda9b9aa55a476bd74/html5/thumbnails/71.jpg)
INDICATORS APPENDIX
Recorded Future | www.recordedfuture.com | CTA-2017-1011 | 71
178.254.41.205 443 Germany EVANZO e-commerce GmbH
47.94.37.134 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
47.94.47.121 8333 China Hangzhou Alibaba Advertising
Co.,Ltd.
52.53.198.141 8333 United States Amazon.com
95.213.170.21 8333 Russian
Federation
OOO Network of data-centers
Selectel
98.116.102.42 8333 United States Verizon Fios
171.217.56.68 7333 China China Telecom Sichuan
104.238.131.116 8333 United States Choopa, LLC
78.97.130.198 8333 Romania UPC Romania BUCURESTI
199.66.175.101 8333 United States AireBeam
65.60.253.73 8333 United States WideOpenWest
34.250.57.214 8333 Ireland Amazon.com
213.105.73.173 8333 United Kingdom Virgin Media
192.99.12.47 8333 Canada OVH Hosting
64.71.165.214 3001 United States Hurricane Electric
126.78.45.237 4444 Japan Softbank BB