Why was MikroTik hacked?

F

fdroid2020-07-11 00:56:45

Mikrotik

fdroid, 2020-07-11 00:56:45

We applied with a Mikrotik, which greatly cut the speed and did not work well. I don’t know who and how set it up, but the firewall was not configured at all - not a single rule, the left account with full rights. The following records were found in DNS Static:

/ip dns static
add address=209.239.112.96 name=stratum.antpool.com
add address=209.239.112.96 name=stratum.slushpool.com
add address=209.239.112.96 name=asia1.ethermine.org
add address=209.239.112.96 name=cn.stratum.slushpool.com
add address=209.239.112.96 name=asia1.ethpool.org
add address=209.239.112.96 name=eu.stratum.slushpool.com
add address=209.239.112.96 name=asia1.fullhashed.com
add address=209.239.112.96 name=jp-stratum.btcc.com
add address=209.239.112.96 name=asia2.ethermine.org
add address=209.239.112.96 name=mint.bitminter.com
add address=209.239.112.96 name=cn.sparkpool.com
add address=209.239.112.96 name=us.ss.btc.com
add address=209.239.112.96 name=aurorapool.net
add address=209.239.112.96 name=na-west.sparkpool.com
add address=209.239.112.96 name=daggerhashimoto.br.nicehash.com
add address=209.239.112.96 name=na-east.sparkpool.com
add address=209.239.112.96 name=daggerhashimoto.eu.nicehash.com
add address=209.239.112.96 name=tw.sparkpool.com
add address=209.239.112.96 name=daggerhashimoto.hk.nicehash.com
add address=209.239.112.96 name=kr.sparkpool.com
add address=209.239.112.96 name=daggerhashimoto.in.nicehash.com
add address=209.239.112.96 name=jp.sparkpool.com
add address=209.239.112.96 name=daggerhashimoto.jp.nicehash.com
add address=209.239.112.96 name=bitcoin.viabtc.com
add address=209.239.112.96 name=daggerhashimoto.usa.nicehash.com
add address=209.239.112.96 name=stratum-us.f2pool.com
add address=209.239.112.96 name=coinotron.com
add address=209.239.112.96 name=stratum.f2pool.com
add address=209.239.112.96 name=eth.1stpool.com
add address=209.239.112.96 name=stratum.btcguild.com
add address=209.239.112.96 name=stratum.btccpool.com
add address=209.239.112.96 name=eth.anorak.tech
add address=209.239.112.96 name=stratum.btc.top
add address=209.239.112.96 name=eth.2miners.com
add address=209.239.112.96 name=eth.antpool.com
add address=209.239.112.96 name=eth-ar.dwarfpool.com
add address=209.239.112.96 name=eth.arsmine.net
add address=209.239.112.96 name=eth-as.coinmine.pl
add address=209.239.112.96 name=eth-asia1.nanopool.org
add address=209.239.112.96 name=eth-br.dwarfpool.com
add address=209.239.112.96 name=eth.chileminers.cl
add address=209.239.112.96 name=eth.coinfoundry.org
add address=209.239.112.96 name=eth.coinmine.pl
add address=209.239.112.96 name=ethepool.com
add address=209.239.112.96 name=ether.bw.com
add address=209.239.112.96 name=etherdig.net
add address=209.239.112.96 name=ethereum.marshsoftware.ca
add address=209.239.112.96 name=ethereumpool.club
add address=209.239.112.96 name=ethergrab.us
add address=209.239.112.96 name=ethermine.ru
add address=209.239.112.96 name=ethertrench.com
add address=209.239.112.96 name=eth.ethertrench.com
add address=209.239.112.96 name=eth-eu1.nanopool.org
add address=209.239.112.96 name=eth-eu.coinmine.pl
add address=209.239.112.96 name=eth-eu.dwarfpool.com
add address=209.239.112.96 name=eth-eu.mining.sk
add address=209.239.112.96 name=eth-eu.pool.sexy
add address=209.239.112.96 name=eth.f2pool.com
add address=209.239.112.96 name=eth.gigantpool.com
add address=209.239.112.96 name=eth.gpumine.org
add address=209.239.112.96 name=eth-hk.dwarfpool.com
add address=209.239.112.96 name=eth.miningcity.org
add address=209.239.112.96 name=eth.mymininghub.com
add address=209.239.112.96 name=eth.pool.minergate.com
add address=209.239.112.96 name=eth.poolmining.org
add address=209.239.112.96 name=eth-pool.ucrypto.net
add address=209.239.112.96 name=eth.pool.zet-tech.eu
add address=209.239.112.96 name=eth-ru.dwarfpool.com
add address=209.239.112.96 name=eth-ru.edgestile.io
add address=209.239.112.96 name=eth-ru.mining.sk
add address=209.239.112.96 name=eth-sg.dwarfpool.com
add address=209.239.112.96 name=eth.soyminero.es
add address=209.239.112.96 name=eth.suprnova.cc
add address=209.239.112.96 name=eth.uleypool.com
add address=209.239.112.96 name=eth-us.coinmine.pl
add address=209.239.112.96 name=eth-us.dwarfpool.com
add address=209.239.112.96 name=eth-us-east1.nanopool.org
add address=209.239.112.96 name=eth-us.maxhash.org
add address=209.239.112.96 name=eth-us.pool.sexy
add address=209.239.112.96 name=eth-us-west1.nanopool.org
add address=209.239.112.96 name=eth.waterhole.io
add address=209.239.112.96 name=eth.xeminer.net
add address=209.239.112.96 name=eth.zion.net.co
add address=209.239.112.96 name=eu1.ethermine.org
add address=209.239.112.96 name=eu1.ethpool.org
add address=209.239.112.96 name=eu2.ethermine.org
add address=209.239.112.96 name=eu.99miners.com
add address=209.239.112.96 name=eu.ethmine.club
add address=209.239.112.96 name=eu.sparkpool.com
add address=209.239.112.96 name=huabei2-pool.ethfans.org
add address=209.239.112.96 name=huabei-pool.ethfans.org
add address=209.239.112.96 name=miningcity.org
add address=209.239.112.96 name=my.ethpool.net
add address=209.239.112.96 name=noobpool.com
add address=209.239.112.96 name=pool.ethfans.org
add address=209.239.112.96 name=pool.virtualmining.pt
add address=209.239.112.96 name=s.comining.io
add address=209.239.112.96 name=us1.ethermine.org
add address=209.239.112.96 name=us1.ethpool.org
add address=209.239.112.96 name=us2.ethermine.org
add address=209.239.112.96 name=us2.ethpool.org
add address=209.239.112.96 name=vaux-all.uk

The question is - what did this Mikrotik do and what is the meaning of these records?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

antonwx, 2020-07-11
@antonwx

Banal substitution of sites so that the data goes where the hackers will redirect it, and not where it is necessary

C

CityCat4, 2020-07-11
@CityCat4

Address change. All these strange names listed are eventually redirected to the same IP, most likely under the control of intruders