# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: linux encoder, qnacrypt, eCh0raix

# Reference: https://www.cyber.nj.gov/threat-profiles/ransomware-variants/linuxencoder
# Reference: https://vms.drweb.com/virus/?i=7704004&lng=en

z54n57pg2el6uze2.onion.to

# Reference: https://www.fortinet.com/blog/threat-research/closer-look-satan-ransomwares-propagation-technics.html

/cry32
/cry64

# Reference: https://www.intezer.com/blog-seizing-15-active-ransomware-campaigns-targeting-linux-file-storage-servers/ (# QNAPCrypt)
# Reference: https://otx.alienvault.com/pulse/5d260d04ee31a2a96a077c0d

http://192.99.206.61/d.php
192.99.206.61:65000
sg3dwqfpnr4sl5hh.onion

# Reference: https://twitter.com/campuscodi/status/1169921091164413954
# Reference: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
# Reference: https://searchengines.guru/showthread.php?t=1021112 (Russian)

y7mfrrjkzql32nwcmgzwp3zxaqktqywrwvzfni4hm4sebtpw5kuhjzqd.onion

# Reference: https://twitter.com/joakimkennedy/status/1268243062611984384
# Reference: https://www.virustotal.com/gui/file/88a73f1c1e5a7c921f61638d06f3fed7389e1b163da7a1cc62a666d0a88baf47/detection

176.122.23.54:9100
veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion
