Mine Over Matter - author: welsh dragon - forensics

WriteUp: ap10

The goal of this exercise is to find the two IPs that are mining cryptocurrency from the logs. The port commonly used for mining is 16060. We ran:

$ awk -F, '$22=="16060" { print $19 }' logs.txt | sort -u
172.16.0.10
172.16.0.5