# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://news.sophos.com/en-us/2020/08/25/lemon_duck-cryptominer-targets-cloud-apps-linux/
# Reference: https://github.com/sophoslabs/IoCs/blob/master/Trojan-LDMiner.csv
# Reference: https://blog.talosintelligence.com/2020/10/lemon-duck-brings-cryptocurrency-miners.html
# Reference: https://otx.alienvault.com/pulse/5f85cce401067cfef71f580b
# Reference: https://app.any.run/tasks/5984f91c-c654-4dd6-a937-85a160678934/

bddp.net
d.ackng.com
info.ackng.com
info.amynx.com
info.zz3r0.com
jdjdcjq.top
lplp.ackng.com
p.awcna.com
p.b69kq.com
p.k3qh4.com
t.amynx.com
t.jdjdcjq.top
t.tr2q.com
t.zer2.com
t.zer9g.com
t.zz3r0.com 
w.zz3r0.com

# Reference: https://twitter.com/craiu/status/1370331555575574528
# Reference: https://twitter.com/craiu/status/1370373495176192000

cdn.chatcdn.net
p.estonine.com

# Reference: https://twitter.com/smii_mondher/status/1372814578036379651

down.sqlnetcat.com
t.netcatkit.com
t.sqlnetcat.com

# Generic

/kr.bin
/m6.bin
/m6g.bin
/nvd.zip
/if_mail.bin
/xr.zip