Category Archives: Bitcoin Miners

Tbot Torbot Tor Malware Bitcoin Mining Trojan Botnet Traffic Sample PCAP Download

Download Tbot pcap sample :            tbot.pcap 2012-10-07 08:37:05.859475 IP 172.16.253.131.53 > 8.8.8.8.53: 21033+ A? checkip.dyndns.org. (36) E..@……………..5.5.,..R)………..checkip.dyndns.org….. 2012-10-07 08:37:05.859578 IP 172.16.253.131.53 > 4.2.2.2.53: 21033+ A? checkip.dyndns.org. (36) E..@……………..5.5.,..R)………..checkip.dyndns.org….. 2012-10-07 08:37:05.875096 IP 8.8.8.8.53 > 172.16.253.131.53: 21033 4/0/0 CNAME checkip.dyndns.com., A 216.146.39.70, A 91.198.22.70, A 216.146.38.70 (116) E……….,………5.5.|+jR)………..checkip.dyndns.org…………..d…checkip.dyndns.com..0…….d….’F.0…….d..[..F.0…….d….&F 2012-10-07 08:37:05.908375 IP 172.16.253.131.1172 >… Read More »

Share Button

HISTORICAL Malware Sample – BitCoin Miner – Traffic Sample Indicators Analysis

2012-10-04 09:27:19.695169 IP 178.33.111.19.9000 > 192.168.248.165.1099: Flags [P.], seq 1:711, ack 71, win 64240, length 710 E…………!o…..#(.K?.1….’P…….{“error”: null, “id”: 1, “result”: [[“mining.notify”, “ae6812eb4cd7735a302a8a9dd95cf71f”], “f80e8a14”, 4]} {“params”: [63], “id”: null, “method”: “mining.set_difficulty”} {“params”: [“8de”, “72216db0a2e9151d8b8172470729848cbeecf1080cb8f37f65d047efb2c749f3”, “01000000010000000000000000000000000000000000000000000000000000000000000000ffffffff2303122606062f503253482f04a5c4035208”, “092f7374726174756d2f000000000100fb422a010000001976a9143c5adb00f1457309f084675941f114b8c09b6af188ac00000000”, [“fc25ce83ea8ce3200ed2f56e7cf1ec43a8837118ddd965759c8fbe4d12a04f82”, “ee78512684f4bb06bcbed1aa01703e10bbb733dc16cccaf387df0b18f656f234”], “00000001”, “1b4e2a39”, “5203c4a4”, true], “id”: null, “method”: “mining.notify”}   2012-10-04 09:27:19.695655 IP 192.168.248.165.1099 > 178.33.111.19.9000: Flags [P.],… Read More »

Share Button

Bitcoin Cryptocurrency Mining Malware Trojan Traffic Sample

2012-10-04 10:27:19.504071 IP 192.168.248.165.53 > 8.8.8.8.53: 50660+ A? mine.pool-x.eu. (32) E.. 4.2.2.2.53: 50660+ A? mine.pool-x.eu. (32) E.. 192.168.248.165.53: 50660 1/0/0 A 178.33.111.19 (48) E..L……………..5.5.8u…………..mine.pool-x.eu………….?….!o. 2012-10-04 10:27:19.521271 IP 192.168.248.165.1099 > 178.33.111.19.9000: Flags [S], seq 4120039136, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0.d@……….!o..K#(……..p…………… 2012-10-04 10:27:19.606863 IP 178.33.111.19.9000 > 192.168.248.165.1099: Flags [S.], seq 1068904942, ack 4120039137, win… Read More »

Share Button