# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: apt27, apt-c-27, goblin panda, emissary panda

# Reference: https://medium.com/@Sebdraven/gobelin-panda-against-the-bears-1f462d00e3a4

36106g.com
cv3sa.gicp.net
kmbk8.hicp.net
sd123.eicp.net

# Reference: https://medium.com/@Sebdraven/malicious-document-targets-vietnamese-officials-acb3b9d8b80a

dn.dulichbiendao.org
gateway.vietbaotinmoi.com
web.thoitietvietnam.org
hn.dulichbiendao.org
halong.dulichculao.com
cat.toonganuh.com
new.sggpnews.com
dulichculao.com
wouderfulu.impresstravel.ga
toonganuh.com
coco.sodexoa.com

# Reference: https://medium.com/@Sebdraven/goblin-panda-changes-the-dropper-and-reused-the-old-infrastructure-a35915f3e37a

skylineqaz.crabdance.com
tele.zyns.com
tajikstantravel.dynamic-dns.net
uzwatersource.dynamic-dns.net

# Reference: https://medium.com/@Sebdraven/goblin-panda-continues-to-target-vietnam-bc2f0f56dcd6
# Reference: https://otx.alienvault.com/pulse/5ccabe9589bea41847a35a0f

web.hcmuafgh.com

# Reference: https://blogs.quickheal.com/apt-27-like-newcore-rat-virut-exploiting-mysql-targeted-attacks-enterprise/

115.214.104.26:81
http://192.167.4.10
http://43.242.75.228
aibeichen.cn

# Reference: https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/

185.12.45.134:443

# Reference: https://twitter.com/MeltX0R/status/1175309376493629440
# Reference: https://meltx0r.github.io/tech/2019/09/19/emissary-panda-apt.html

awvsf7esh.dellrescue.com
language.wikaba.com
solution.instanthq.com
yofeopxuuehixwmj.redhatupdater.com

# Reference: https://otx.alienvault.com/pulse/5da9dc215c51c8a86a2d19f1

chatsecure.uk.to
chatsecurelite.uk.to
chatsecurelite.us.to
encryptit.qc.to
privatehd.us.to
sex17.us.to
