# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: linux encoder, qnacrypt, eCh0raix

# Reference: https://www.cyber.nj.gov/threat-profiles/ransomware-variants/linuxencoder
# Reference: https://vms.drweb.com/virus/?i=7704004&lng=en

z54n57pg2el6uze2.onion.to

# Reference: https://www.fortinet.com/blog/threat-research/closer-look-satan-ransomwares-propagation-technics.html

/cry32
/cry64

# Reference: https://www.intezer.com/blog-seizing-15-active-ransomware-campaigns-targeting-linux-file-storage-servers/ (# QNAPCrypt)
# Reference: https://otx.alienvault.com/pulse/5d260d04ee31a2a96a077c0d

http://192.99.206.61/d.php
192.99.206.61:65000
sg3dwqfpnr4sl5hh.onion

# Reference: https://twitter.com/campuscodi/status/1169921091164413954
# Reference: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
# Reference: https://searchengines.guru/showthread.php?t=1021112 (Russian)

y7mfrrjkzql32nwcmgzwp3zxaqktqywrwvzfni4hm4sebtpw5kuhjzqd.onion

# Reference: https://twitter.com/joakimkennedy/status/1268243062611984384
# Reference: https://unit42.paloaltonetworks.com/ech0raix-ransomware-soho/
# Reference: https://www.virustotal.com/gui/file/88a73f1c1e5a7c921f61638d06f3fed7389e1b163da7a1cc62a666d0a88baf47/detection

veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion
/crp_linux_arc
/crp_linux_arcle-hs38
/crp_linux_arm
/crp_linux_arm4
/crp_linux_arm4l
/crp_linux_arm4t
/crp_linux_arm4tl
/crp_linux_arm4tll
/crp_linux_arm5
/crp_linux_arm5l
/crp_linux_arm5n
/crp_linux_arm6
/crp_linux_arm64
/crp_linux_arm6l
/crp_linux_arm7
/crp_linux_arm7l
/crp_linux_arm8
/crp_linux_armv4
/crp_linux_armv4l
/crp_linux_armv5l
/crp_linux_armv6
/crp_linux_armv61
/crp_linux_armv6l
/crp_linux_armv7l
/crp_linux_dbg
/crp_linux_exploit
/crp_linux_i4
/crp_linux_i486
/crp_linux_i586
/crp_linux_i6
/crp_linux_i686
/crp_linux_kill
/crp_linux_m68
/crp_linux_m68k
/crp_linux_mips
/crp_linux_mips64
/crp_linux_mipseb
/crp_linux_mipsel
/crp_linux_mpsl
/crp_linux_pcc
/crp_linux_powerpc
/crp_linux_powerpc-440fp
/crp_linux_powerppc
/crp_linux_ppc
/crp_linux_pp-c
/crp_linux_ppc2
/crp_linux_ppc440
/crp_linux_ppc440fp
/crp_linux_root
/crp_linux_root32
/crp_linux_sh
/crp_linux_sh4
/crp_linux_sparc
/crp_linux_spc
/crp_linux_ssh4
/crp_linux_x32
/crp_linux_x32_64
/crp_linux_x64
/crp_linux_x86
/crp_linux_x86_32
/crp_linux_x86_64