10:39:24 <defterade_> https://twitter.com/MalwareTechBlog/status/1217027608417669120
10:46:36 <sech1> What potato PCs does it run on?
11:40:37 <hyc> that botnet is mining XMR?
12:33:12 <cohcho> hyc, your own fork of xmrig-proxy has the same problem in daemon support implementation as current master: https://github.com/xmrig/xmrig-proxy/pull/380
12:41:44 <selsta> cohcho: You linked to your own PR.
12:42:02 <sech1> https://github.com/xmrig/xmrig-proxy/issues/377
12:47:06 <cohcho> I didn't notice when picked line in auto suggest, it's 377 now.
18:42:29 <hyc> extra nonce?
18:43:28 <tevador> is that an IoT botnet? looks like slow mode mining (or a very low worker count)
18:46:40 <hyc> anyway, since I PR'd the daemon code to xmrig upstream, I haven't maintained any of my forks
18:46:51 <hyc> should prob just delete them now
18:48:40 <hyc> tevador: I think it's a botnet of routers
18:48:55 <hyc> which would generally have pretty low resources
18:49:35 <hyc> my old netgear router had a memleak, needed to be rebooted after a few GB of traffic. was capacity-dependent, not time.
18:53:31 <tevador> yeah, routers will probably run at <10 H/s per device
18:56:06 <sech1> is it Citrix exploit?
18:56:12 <hyc> probably
18:56:29 <sech1> then it's routers
18:57:28 <sech1> or is it? Where is Citrix deployed?
18:59:10 <selsta> Normal server?
18:59:25 <selsta> Or clients.
18:59:54 <cohcho> 30kH/s is nothing since on any.run you can find active botnet with ~300KH/s at moneroocean
19:00:28 <cohcho> not so impressive to post it on twitter
19:01:59 <tevador> it is impressively low
19:03:14 <hyc> a lot of effort for such little reward
19:12:13 <selsta> Isn’t Citrix program virtualization? I think we use it at work. How can they only get 30kH/s if it runs on servers lol
20:00:52 <sech1> tevador https://github.com/tevador/RandomX/blob/master/doc/specs.md#432-group-e-register-conversion - I cross-checked with the reference code and it's not bits 0-2, 3-6 of the exponent
20:01:45 <sech1> Exponent is bits 52-62 and top 7 bits (out of 11 bits) are changed in the code
20:02:38 <sech1> so it's "2. Bits 8-10" and "3. Bits 4-7"
20:33:55 <gingeropolous> total miners 28540
20:34:48 <cohcho> I suppose this number can be manipulated easily.
20:35:16 <gingeropolous> probably. its the only thing we've got though
20:57:44 <tevador> sech1: I guess it depends on how you number the bits, not sure why I did MSB first
21:02:58 <sech1> MSB bits have the highest numbers