From 7a16537bd87106453f145563b466a910a981f8a8 Mon Sep 17 00:00:00 2001
From: kevross33 <kevross33@gmail.com>
Date: Fri, 27 Jul 2018 15:40:11 +0100
Subject: [PATCH] Update cryptomining command

---
 modules/signatures/windows/cryptomining.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/signatures/windows/cryptomining.py b/modules/signatures/windows/cryptomining.py
index b8937b275..2b1fa3cae 100644
--- a/modules/signatures/windows/cryptomining.py
+++ b/modules/signatures/windows/cryptomining.py
@@ -17,9 +17,9 @@
 
 from lib.cuckoo.common.abstracts import Signature
 
-class CryptoMiningStratumCommand(Signature):
-    name = "cryptomining_stratum_command"
-    description = "A stratum cryptocurrency mining command was executed"
+class CryptoMiningCommand(Signature):
+    name = "cryptomining_command"
+    description = "A cryptocurrency mining command was executed"
     severity = 3
     categories = ["mining", "cryptocurrency"]
     authors = ["Kevin Ross", "Cuckoo Technologies"]
@@ -27,7 +27,7 @@ class CryptoMiningStratumCommand(Signature):
 
     def on_complete(self):
         xmr_address_re = '-u[ ]*4[0-9AB][123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{93}'
-        xmr_strings = ["stratum+tcp://", "xmrig", "xmr-stak", "supportxmr.com:", "dwarfpool.com:", "minergate"]
+        xmr_strings = ["stratum+tcp://", "xmrig", "xmr-stak", "supportxmr.com:", "dwarfpool.com:", "minergate", "minexmr", "xmrpool", "moneropool", "xmr."]
 
         for cmdline in self.get_command_lines():
             if re.search(xmr_address_re, cmdline):