# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: apt27, apt-c-27, goblin panda

# Reference: https://medium.com/@Sebdraven/gobelin-panda-against-the-bears-1f462d00e3a4

36106g.com
cv3sa.gicp.net
kmbk8.hicp.net
sd123.eicp.net

# Reference: https://medium.com/@Sebdraven/malicious-document-targets-vietnamese-officials-acb3b9d8b80a

dn.dulichbiendao.org
gateway.vietbaotinmoi.com
web.thoitietvietnam.org
hn.dulichbiendao.org
halong.dulichculao.com
cat.toonganuh.com
new.sggpnews.com
dulichculao.com
wouderfulu.impresstravel.ga
toonganuh.com
coco.sodexoa.com

# Reference: https://medium.com/@Sebdraven/goblin-panda-changes-the-dropper-and-reused-the-old-infrastructure-a35915f3e37a

skylineqaz.crabdance.com
tele.zyns.com
tajikstantravel.dynamic-dns.net
uzwatersource.dynamic-dns.net

# Reference: https://medium.com/@Sebdraven/goblin-panda-continues-to-target-vietnam-bc2f0f56dcd6
# Reference: https://otx.alienvault.com/pulse/5ccabe9589bea41847a35a0f

web.hcmuafgh.com

# Reference: https://blogs.quickheal.com/apt-27-like-newcore-rat-virut-exploiting-mysql-targeted-attacks-enterprise/

115.214.104.26:81
http://192.167.4.10
http://43.242.75.228
aibeichen.cn

# Reference: https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/

185.12.45.134:443
