OSINT Dojo - OSINT challenge week 07/18/2022 - MikroTik Cryptojacking

The challenge is the following:

Methodology:

Based on the IP above mentioned i seach for the IP on shodan and i saw a CoinHive key on a iframe on the IP mentioned above on port 3001

Next i search for that key in shodan to retreive the other IP's that are running the same key

Extra:

Other MikroTik Cryptojacking Campaigns

Answers:

What indicator(s) are there that this device was previously compromised??

CoinHive key found on a iframe on the IP mentioned above on port 3001

Can you locate two other devices likely compromised by the same actor?

180[.]245[.]209[.]98

125[.]163[.]252[.]184