{ "id": "b32182c7-3655-4ca9-a689-3ba611caddd5", "created_at": "2026-04-10T03:21:18.831224Z", "updated_at": "2026-04-10T03:22:17.124021Z", "deleted_at": null, "sha1_hash": "f3e0e185db16e98266b3a13a659cfca9eca6c114", "title": "What is Lemon Duck Attack?", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 31974, "plain_text": "What is Lemon Duck Attack?\r\nBy Jasper Tan\r\nPublished: 2021-08-04 · Archived: 2026-04-10 03:07:26 UTC\r\nThe following are the malicious MD5 checksums. Cybersecurity teams can scan for the following files.\r\nSHA256:\r\n• 0993cc228a74381773a3bb0aa36a736f5c41075fa3201bdef4215a8704e582fc\r\n• 3295dee4429647074d6d1062b0a069256397883c2a52d16525d35a3ed2e1c73f\r\n• 34aa230ccb2888a5c884394d9eadbd02a480f4adf99e2e065e9d3c24e136f3df\r\n• 3cfac69313f8f54f75bd4ee61b0a2a7c601f32faeddcd8bae725505c8f345b12\r\n• 3df23c003d62c35bd6da90df12826c1d3fdd94029bf52449ba3d89920110d5ec\r\n• 438248f6c28c02ffde120b2573aae9e53f449e6e7536f49a640f958a22d6d3b4\r\n• 4a2bd91d6b189e135a500d62b93088c17e6fdc7bde10ecbab5d60f57e4e63b71\r\n• 4cc3a01b313c9e542a825af3a520ff550c886c86acd895aa58b422de6697bebf\r\n• 4f0b9c0482595eee6d9ece0705867b2aae9e4ff68210f32b7425caca763723b9\r\n• 56101ab0881a6a34513a949afb5a204cad06fd1034f37d6791f3ab31486ba56c\r\n• 607654d35de12a84e812a3b475499f91b1a7849d81be79b4e622ca97f2da2e0e\r\n• 69ce57932c3be3374e8843602df1c93e1af622fc53f3f1d9b0a75b66230a1e2e\r\n• 737752588f32e4c1d8d20231d7ec553a1bd4a0a090b06b2a1835efa08f9707c4\r\n• 893ddf0de722f345b675fd1ade93ee1de6f1cad034004f9165a696a4a4758c3e\r\n• 9248c617d19410832784e15b5382cac5837e990f641f4c016cbeee8219af6bc8\r\n• 9cf63310788e97f6e08598309cbbf19960162123e344df017b066ca8fcbed719\r\n• 9f2fe33b1c7230ec583d7f6ad3135abcc41b5330fa5b468b1c998380d20916cd\r\n• a70931ebb1ce4f4e7d331141ad9eba8f16f98da1b079021eeba875aff4aeaa85\r\n• ccbca8dac5824b49ce4c28c839dddb4e4ed35098adbe9978ad609ac9867e88b7\r\n• d110083ba7e3d115c8632ab45949fc8ecc36b835328686028ae1af7d4b56329d\r\n• d12b6691a9141b3150e24ce7798c81d5558d5dad7ba3603d8cd532d3a14089d1\r\n• d8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09\r\n• db093418921aae00187ae5dc6ed141c83614e6a4ec33b7bd5262b7be0e9df2cd\r\n• dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd\r\n• e99228953306f91b9f5213ac305025f5caeb5f4900a5657beb3834b209ac4b69\r\n• f517526fc57eb33edb832920b1678d52ad1c5cf9c707859551fe065727587501\r\n• f8d388f502403f63a95c9879c806e6799efff609001701eed409a8d33e55da2f\r\nThis is the list of malicious domains which threat actors are using. Cybersecurity teams can add them to the list of\r\nblocked domains.\r\njs88.ag ackng.com\r\nhttps://cybotsai.com/lemon-duck-attack/\r\nPage 1 of 2\n\namynx.com b69kq.com\r\nbb3u9.com cdnimages.xyz\r\nhwqloan.com netcatkit.com\r\npp6r1.com sqlnetcat.com\r\nzer9g.com down.sqlnetcat.com\r\nZz3r0.com t.awcna.com\r\n• Patch operating systems and applications. Keep antivirus signatures up to date.\r\n• Ensure endpoints are patched with this (CVE-2017-0144, CVE-2017-8464, CVE-2019-0708, CVE-2020-0796,\r\nCVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065.)\r\n• Scan emails and attachments to detect and block any suspicious malware activity.\r\n• Implement training and processes to identify phishing via externally-sourced emails.\r\n• Maintain offline, encrypted backups of data and regularly test backups.\r\n• It is recommended that users Patch OS with MS-17-010 to prevent further damage/propagation.\r\n• Advise the user to use complex passwords, especially for Local/Domain Administrators0.\r\nSource: https://cybotsai.com/lemon-duck-attack/\r\nhttps://cybotsai.com/lemon-duck-attack/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://cybotsai.com/lemon-duck-attack/" ], "report_names": [ "lemon-duck-attack" ], "threat_actors": [], "ts_created_at": 1775791278, "ts_updated_at": 1775791337, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f3e0e185db16e98266b3a13a659cfca9eca6c114.pdf", "text": "https://archive.orkl.eu/f3e0e185db16e98266b3a13a659cfca9eca6c114.txt", "img": "https://archive.orkl.eu/f3e0e185db16e98266b3a13a659cfca9eca6c114.jpg" } }