# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://news.sophos.com/en-us/2020/08/25/lemon_duck-cryptominer-targets-cloud-apps-linux/ # Reference: https://github.com/sophoslabs/IoCs/blob/master/Trojan-LDMiner.csv # Reference: https://blog.talosintelligence.com/2020/10/lemon-duck-brings-cryptocurrency-miners.html # Reference: https://otx.alienvault.com/pulse/5f85cce401067cfef71f580b # Reference: https://app.any.run/tasks/5984f91c-c654-4dd6-a937-85a160678934/ bddp.net d.ackng.com info.ackng.com info.amynx.com info.zz3r0.com jdjdcjq.top lplp.ackng.com p.awcna.com p.b69kq.com p.k3qh4.com t.amynx.com t.jdjdcjq.top t.tr2q.com t.zer2.com t.zer9g.com t.zz3r0.com w.zz3r0.com # Reference: https://twitter.com/craiu/status/1370331555575574528 # Reference: https://twitter.com/craiu/status/1370373495176192000 cdn.chatcdn.net p.estonine.com # Reference: https://twitter.com/smii_mondher/status/1372814578036379651 down.sqlnetcat.com t.netcatkit.com t.sqlnetcat.com # Generic /kr.bin /m6.bin /m6g.bin /nvd.zip /if_mail.bin /xr.zip