# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: RedDelta

# Reference: https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations
# Reference: https://otx.alienvault.com/pulse/5d9c72d7e2efa3b5aa799b41

http://144.202.54.8
http://154.221.24.47
adobephotostage.com
airdndvn.com
apple-net.com
infosecvn.com
officeproduces.com
wbemsystem.com
yahoorealtors.com
update.olk4.com

# Reference: https://twitter.com/cyber__sloth/status/1229080836487540736

149.28.156.153:443

# Reference: https://twitter.com/hackingump1/status/1241760059543244805
# Reference: https://malwareandstuff.com/mustang-panda-joins-the-covid19-bandwagon/
# Reference: https://www.virustotal.com/gui/ip-address/123.51.185.75/relations

http://123.51.185.75

# Reference: https://lab52.io/blog/mustang-panda-recent-activity-dll-sideloading-trojans-with-temporal-c2-servers/
# Reference: https://otx.alienvault.com/pulse/5ed7c36c21ae174ca3acfaee

destroy2013.com
fitehook.com
miandfish.store

# Reference: https://go.recordedfuture.com/hubfs/reports/cta-2020-0728.pdf
# Reference: https://otx.alienvault.com/pulse/5f219067fd875a905691df22

cabsecnow.com
hostareas.com
jsquerys.net
ipsoftwarelabs.com
lameers.com
miscrosaft.com
systeminfor.com

# Reference: https://twitter.com/cyber__sloth/status/1296722004964409349

http://103.85.24.161