# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: oldgremlin # Reference: https://rt-solar.ru/events/news/1915/ (Russian) # Reference: https://www.securitylab.ru/blog/company/solarsecurity/349248.php (Russian) # Reference: https://twitter.com/ShadowChasing1/status/1293834710703996928 # Reference: https://twitter.com/Vishnyak0v/status/1296696059264196608 # Reference: https://www.virustotal.com/gui/file/076b9fac004cc230dec755809994595d75a8720bf57b90819158e549a25ff102/detection # Reference: https://www.virustotal.com/gui/file/095989e0b524af5e8cae7ac1b9c9018c0d7b5078691f129752c185535c975e68/detection # Reference: https://www.virustotal.com/gui/file/0d6af4ebf5db891483091b2029a94a338907580191750c95f586440d32c1c533/detection # Reference: https://www.virustotal.com/gui/file/207cb54af358203cb7811202ef84e8dca523634951ddd5d7da101799136d4a5e/detection # Reference: https://www.virustotal.com/gui/file/23cfbb0bf1e110a79678f45c29897e6090b660d3df420bbb916fc3f1bc12eead/detection # Reference: https://www.virustotal.com/gui/file/268953af63bad4895dd06c024fd1ec2af2c134623a0e100e26894e4d6bab741e/detection # Reference: https://www.virustotal.com/gui/file/2df544ea3d70cde13fb66db5b82f1cf03fb1c53e7c7af95acafef5d98852b5a8/detection # Reference: https://www.virustotal.com/gui/file/6269fd417f93e7c0d7cab576b35dc3b6f6a58c0f04e75533bad84987c228f0e6/detection # Reference: https://www.virustotal.com/gui/file/65267892a81d5e6c38c12d808623314ed9798156f3c24df2e8e906394fd51396/detection # Reference: https://www.virustotal.com/gui/file/75fa551eec71d6d8b9817266813715c2bbb7a537005587f9f1e0d058a05febc6/detection # Reference: https://www.virustotal.com/gui/file/a77edbac6349f42a4220b91fdd9eef7b1bd964e14a9151a543abfecba4195925/detection # Reference: https://www.virustotal.com/gui/file/c598aa9156c5d1bacbdd7a4038c3cfe086611af1417b3a2e890c672eb199045e/detection # Reference: https://www.virustotal.com/gui/file/c6a2d72497aba7889a34f8805a859f6717b53d4959c6ec067d87de8103f91fe7/detection # Reference: https://www.virustotal.com/gui/file/e7d2deba4fccbea79ffa209ebe0ce49f98aecfb340c8d6ec3ea1773cb12cb07e/detection http://192.248.165.254 http://45.61.138.170 curly-sound-d93e.ygrhxogxiogc.workers.dev late-salad-2839.yriqwzjskbbg.workers.dev odd-thunder-c853.tkbizulvc.workers.dev old-mud-23cb.tkbizulvc.workers.dev hello.tyvbxdobr0.workers.dev # Reference: https://twitter.com/_re_fox/status/1301143311391109120 # Reference: https://app.any.run/tasks/f21e3a4f-b734-4285-96b4-d2f274e19413/ ccdn.microsoftdocs.workers.dev # Reference: https://www.group-ib.com/blog/oldgremlin # Reference: https://otx.alienvault.com/pulse/5f6ccbe362057a239425fc18 http://136.244.67.59 http://45.61.138.170 http://5.181.156.84 http://95.179.252.217 rbcholding.press broken-poetry-de86.nscimupf.workers.dev calm-night-6067.bhrcaoqf.workers.dev curly-sound-d93e.ygrhxogxiogc.workers.dev hello.tyvbxdobr0.workers.dev ksdkpwpfrtyvbxdobr1.tiyvbxdobr1.workers.dev ksdkpwprtyvbxdobr0.tyvbxdobr0.workers.dev noisy-cell-7d07.poecdjusb.workers.dev old-mud-23cb.tkbizulvc.workers.dev rough-grass-45e9.poecdjusb.workers.dev wispy-fire-1da3.nscimupf.workers.dev wispy-surf-fabd.bhrcaoqf.workers.dev