# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: RedDelta

# Reference: https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations
# Reference: https://otx.alienvault.com/pulse/5d9c72d7e2efa3b5aa799b41

http://144.202.54.8
http://154.221.24.47
adobephotostage.com
airdndvn.com
apple-net.com
infosecvn.com
officeproduces.com
wbemsystem.com
yahoorealtors.com
update.olk4.com

# Reference: https://twitter.com/cyber__sloth/status/1229080836487540736

149.28.156.153:443

# Reference: https://twitter.com/hackingump1/status/1241760059543244805
# Reference: https://malwareandstuff.com/mustang-panda-joins-the-covid19-bandwagon/
# Reference: https://www.virustotal.com/gui/ip-address/123.51.185.75/relations

http://123.51.185.75

# Reference: https://lab52.io/blog/mustang-panda-recent-activity-dll-sideloading-trojans-with-temporal-c2-servers/
# Reference: https://otx.alienvault.com/pulse/5ed7c36c21ae174ca3acfaee

destroy2013.com
fitehook.com
miandfish.store

# Reference: https://go.recordedfuture.com/hubfs/reports/cta-2020-0728.pdf
# Reference: https://otx.alienvault.com/pulse/5f219067fd875a905691df22

cabsecnow.com
hostareas.com
jsquerys.net
ipsoftwarelabs.com
lameers.com
miscrosaft.com
systeminfor.com

# Reference: https://twitter.com/cyber__sloth/status/1296722004964409349

http://103.85.24.161

# Reference: https://twitter.com/IntezerLabs/status/1316384526323638274
# Reference: https://www.virustotal.com/gui/file/c0331d4dee56ef0a8bb8e3d31bdfd3381bafc6ee80b85b338cee4001f7fb3d8c/detection
# Reference: https://www.virustotal.com/gui/file/d0dd9c624bb2b33de96c29b0ccb5aa5b43ce83a54e2842f1643247811487f8d9/detection

flach.cn

# Reference: https://or10nlabs.tech/reverse-engineering-the-mustang-panda-plugx-rat-extracting-the-config/

103.200.97.189:965
103.200.97.189:110
185.239.226.17:965
185.239.226.17:110

# Reference: https://blog.vincss.net/2020/03/re012-phan-tich-ma-doc-loi-dung-dich-COVID-19-de-phat-tan-gia-mao-chi-thi-cua-thu-tuong-Nguyen-Xuan-Phuc.html
# Reference: https://blog.vincss.net/2020/03/re012-phan-tich-ma-doc-loi-dung-dich-COVID-19-de-phat-tan-gia-mao-chi-thi-cua-thu-tuong-Nguyen-Xuan-Phuc-phan2.html
# Reference: https://drive.google.com/file/d/1OpPiT6ieub3_q0sLIxGt8iI85tInqjoU/view
# Reference: https://any.run/report/bbbeb1a937274825b0434414fa2d9ec629ba846b1e3e33a59c613b54d375e4d2/dd877b4d-8b36-48c0-af07-ce37fd9fee7b

vietnam.zing.photos

# Reference: https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-dianxun.pdf
# Reference: https://otx.alienvault.com/pulse/6050e65d389812e02dfca3c3

159.138.84.217:81
buyonebuy.top
careerhuawei.net
huaweiyuncdn.com
cdn.update.huaweiyuncdn.com
cdn1.update.huaweiyuncdn.com
flash-update.buyonebuy.top
hr.careerhuawei.net
info.careerhuawei.net
infoadmin.update.huaweiyuncdn.com
update.careerhuawei.net
update.huaweiyuncdn.com
download.flach.cn
forum.flach.cn
info.flach.cn
m.flach.cn
mobile.flach.cn
terminal.flach.cn
update.flach.cn
/c0c00c0c/
