Intrusions Affecting Multiple Global Victims Across Multiple Sectors
Indicators
IR-ALERT-MED-17-093-01D
//node() | //@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
2017-05-10T20:53:23+00:00
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
abc.wikaba.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
ad.getfond.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
additional.sexidude.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
announcements.toythieves.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
apple.cmdnetview.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
apple.ikwb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
appledownload.ourhobby.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
appleimages.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
appleimages.longmusic.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
appleimages.organiccrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
applemirror.organiccrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
applemirror.squirly.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
applemusic.isasecret.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
applemusic.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
applemusic.wikaba.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
applemusic.xxuz.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
applemusic.zzux.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
appleupdate.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, domain was identified as possibly associated with the Stone Panda infrastructure.
appleupdateurl.2waky.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
asfzx.x24hr.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
availab.wikaba.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
availability.justdied.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
babymusicsitetr.mymom.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
back.jungleheart.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
back.mofa.dynamic-dns.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
bak.ignorelist.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
bak.un.dnsrd.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
balance1.wikaba.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
barber.faqserv.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
bdoncloud.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
be.mrslove.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
bexm.cleansite.biz
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
bezu.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
billing.organiccrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
blaaaaaaaaaaaa.windowsupdate.3-a.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
brand.fartit.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
bulletproof.squirly.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected APT 10 infrastructure.
catholicmmb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected APT 10 infrastructure.
ccfchrist.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
cdn.incloud-go.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
center.shenajou.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
cia.ezua.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, domain was identified as possibly associated with the Stone Panda infrastructure.
civilwar123.authorizeddns.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
civilwar520.onmypc.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected APT 10 infrastructure.
cloud-kingl.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
cloud-maste.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
cnnews.mylftv.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
commissioner.shenajou.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
commons.onedumb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
contactus.myddns.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
contactus.onmypc.us
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
contract.4mydomain.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
contractus.qpoe.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
contractus.zzux.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
cress.mynetav.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
ctldl.microsoftupdate.qhigh.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
ctldl.windowsupdate.authorizeddns.us
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected APT 10 infrastructure.
ctldl.windowsupdate.dnset.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
ctldl.windowsupdate.ezua.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
ctldl.windowsupdate.itsaol.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
ctldl.windowsupdate.organiccrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
ctldl.windowsupdate.x24hr.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
cvnx.zyns.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected APT 10 infrastructure.
cwiinatonal.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
dasonews.youdontcare.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
daughter.vizvaz.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
de.onmypc.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
dec.seyesb.acmetoy.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
details.squirly.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
development.shenajou.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
dick.ccfchrist.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
digsby.ourhobby.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
disruptive.https443.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
document.shenajou.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
download.windowsupdate.dedgesuite.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
download.windowsupdate.dnset.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
download.windowsupdate.itsaol.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
download.windowsupdate.x24hr.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ea.onmypc.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
edgar.ccfchrist.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
ehshiroshima.mylftv.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
eric-averyanov.wha.la
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
eu.acmetoy.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
eu.wha.la
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
ewe.toshste.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
extraordinary.dynamic
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
fabian.ccfchrist.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
fbi.sexxxy.biz
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
feed.jungleheart.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
file.zzux.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with malicious activity.
Film.everydayfilmlink.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
findme.epac.to
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure
fire.mrface.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure
firstnews.jkub.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
flea.poulsenv.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
foal.wchildress.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
fr.wikaba.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
freegamecenter.onedumb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.2014.zzux.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.additional.sexidude.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.announcements.toythieves.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
ftp.appledownload.ourhobby.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
ftp.appleimages.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
ftp.appleimages.longmusic.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
ftp.appleimages.organiccrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
ftp.applemirror.organiccrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain was identified as possibly associated with the Stone Panda C2 infrastructure.
ftp.applemirror.squirly.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.applemusic.isasecret.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.applemusic.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.applemusic.wikaba.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.applemusic.xxuz.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.applemusic.zzux.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.appleupdate.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.asfzx.x24hr.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.availab.wikaba.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.availability.justdied.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.back.jungleheart.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.balance1.wikaba.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.be.mrslove.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.brand.fartit.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.bulletproof.squirly.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.civilwar123.authorizeddns.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.civilwar520.onmypc.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.cnnews.mylftv.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.commons.onedumb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.contractus.qpoe.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.de.onmypc.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.details.squirly.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.disruptive.https443.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.ea.onmypc.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.ehshiroshima.mylftv.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.eric-averyanov.wha.la
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.eu.acmetoy.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.eu.wha.la
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.fire.mrface.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.fr.wikaba.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.fuck.ikwb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.generat.almostmy.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.hii.qhigh.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.innocent-isayev.sexidude.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.invoices.sexxxy.biz
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.itlans.isasecret.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.itunesdownload.jkub.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.itunesdownload.wikaba.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.itunesimages.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.itunesimages.itsaol.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.itunesimages.qpoe.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.itunesmirror.fartit.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.itunesmirror.itsaol.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.itunesmusic.ikwb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.itunesmusic.jetos.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.itunesmusic.jkub.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.itunesmusic.zzux.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.itunesupdate.itsaol.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.itunesupdates.organiccrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.jimin.mymom.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.key.zzux.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.knowledge.sellclassics.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.lan.dynssl.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.latestnews.epac.to
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.latestnews.organiccrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.macfee.mrface.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.maffc.mrface.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.malware.dsmtp.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.mason.vizvaz.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.mediapath.organiccrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.microsoft.got-game.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.microsoft.mrface.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.microsoftimages.organiccrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.microsoftmusic.mrbasic.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.microsoftqckmanager.pcanywhere.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.microsoftupdate.mrbasic.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.microsoftupdate.qhigh.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.mmy.ddns.us
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.mod.jetos.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.mofa.dynamic-dns.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.mofa.ns01.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.moscowdic.trickip.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.musicfile.ikwb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.na.americanunfinished.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.newsdata.jkub.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.no.authorizeddns.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.nt.mynumber.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.nz.compress.to
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.ol.almostmy.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.oracleupdate.dns04.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.portal.mrface.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.portal.sendsmtp.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.portalser.dynamic-dns.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.praskovya-matveyeva.mefound.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.praskovya-ulyanova.dumb1.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.products.almostmy.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.products.cleansite.us
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.products.serveuser.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.purchase.lflinkup.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.recent.dns-stuff.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.recent.fartit.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.referred.gr8domain.biz
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.referred.yourtrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.register.ourhobby.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.registration2.instanthq.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.registrations.4pu.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.registrations.organiccrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.remeberdata.iownyour.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.reserveds.onedumb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.rethem.almostmy.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.sdmsg.onmypc.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.se.toythieves.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.senseye.ikwb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.septdlluckysystem.jungleheart.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.seraphim-yurieva.justdied.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.serv.justdied.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.server1.proxydns.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.seyesb.acmetoy.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.shugiin.jkub.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.sstday.jkub.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.support1.mrface.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.svc.dynssl.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.synssl.dnset.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.tamraj.fartit.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.ticket.instanthq.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.tophost.dynamicdns.co.uk
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.transfer.lflinkup.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.transfer.vizvaz.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.ugreen.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.uk.dynamicdns.org.uk
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.un.ddns.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.un.dnsrd.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.usa.itsaol.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.well.itsaol.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowfile.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsimages.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsmirrors.vizvaz.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsupdate.2waky.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsupdate.3-a.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsupdate.authorizeddns.us
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsupdate.dns05.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsupdate.esmtp.biz
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsupdate.ezua.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsupdate.fartit.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsupdate.gettrials.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsupdate.instanthq.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsupdate.jungleheart.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsupdate.lflink.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsupdate.mrface.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsupdate.mylftv.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsupdate.rebatesrule.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsupdate.sellclassics.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.windowsupdate.serveusers.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ftp.yandexr.sellclassics.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
fukuoka.cloud-maste.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
gavin.ccfchrist.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
generat.almostmy.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
gifuonlineshopping.mynumber.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
glicense.shenajou.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
globalnews.wikaba.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
grammar.jkub.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
helpus.ddns.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
hii.qhigh.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
home.trickip.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
hukuoka.cloud-maste.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ibmmsg.strangled.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
imitate.faqserv.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
incloud-go.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected APT 10 infrastructure.
incloud-obert.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
innocent-isayev.sexidude.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
innov-tec.com.ua
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
interpreter.shenajou.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
invoices.sexxxy.biz
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
iphone.vizvaz.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ipv4.microsoftupdate.mrbasic.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ipv4.windowsupdate.3-a.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ipv4.windowsupdate.dnset.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ipv4.windowsupdate.ezua.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ipv4.windowsupdate.itsaol.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ipv4.windowsupdate.lflink.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ipv4.windowsupdate.mylftv.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ipv4.windowsupdate.x24hr.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
itlans.isasecret.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
itunesdownload.jkub.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
itunesdownload.vizvaz.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
itunesdownload.wikaba.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
itunesimages.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
itunesimages.itsaol.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
itunesimages.qpoe.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
itunesmirror.fartit.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
itunesmirror.itsaol.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
itunesmusic.ikwb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
itunesmusic.jetos.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
itunesmusic.jkub.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
itunesmusic.zzux.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
itunesupdate.itsaol.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
itunesupdates.organiccrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
james.tffghelth.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
jcie.mofa.ns01.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
jica-go-jp.bike
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
jica-go-jp.biz
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
jimin.mymom.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
jimin-jp.biz
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
jpnewslogs.sendsmtp.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with malicious activity.
Jp.rakutenmusic.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
jpstarmarket.serveusers.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
kawasaki.unhamj.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
kennedy.tffghelth.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
key.zzux.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
kikimusic.sellclassics.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
kmd.crabdance.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
knowledge.sellclassics.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
kxsbwappupdate.dhcp.biz
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
kztmusiclnk.dnsrd.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
lan.dynssl.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
latestnews.epac.to
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
latestnews.organiccrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
lennon.fftpoor.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
license.shenajou.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
lion.wchildress.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
lizard.poulsenv.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
macfee.mrface.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
machine.ddns.ms
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
maffc.mrface.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with RedLeaves malware.
mailowl.jkub.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
malcolm.fftpoor.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
malware.dsmtp.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
mason.vizvaz.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
mediapath.organiccrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
meiji-ac-jp.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
microhome.wikaba.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
microsoft.got
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
microsoft.got-game.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
microsoft.mrface.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
microsoftempowering.sendsmtp.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
microsoftgetstarted.sexidude.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
microsoftimages.organiccrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
microsoftmirror.mrbasic.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
microsoftmusic.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
microsoftmusic.mrbasic.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
microsoftqckmanager.pcanywhere.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain is associated with Redleaves malware.
microsoftstores.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
microsoftupdate.mrbasic.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
microsoftupdate.qhigh.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
micrsoftware.dsmtp.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
mmy.ddns.us
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
mobile.2waky.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
mod.jetos.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
mofa.dynamic-dns.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
mofa.ns01.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected APT 10 infrastructure.
mofa-go-jp.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
moonnightthse.zyns.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
moscowdic.trickip.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
moscowstdsupdate.toythieves.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
mrsloveaqx.mrslove.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
ms.ecc.u-tokyo-ac-jp.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
mseupdate.ourhobby.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
msg.ezua.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
msn.incloud-go.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
music.cleansite.us
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
musicfile.ikwb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
musiclinker.jkub.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
mx.yetrula.eu
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
mytwhomeinst.sendsmtp.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
na.americanunfinished.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
networkjpnzee.mynetav.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
newcityoforward.rebatesrule.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
newsdata.jkub.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
newsfile.toythieves.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
newsreport.justdied.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
newtime.ezua.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
nezwq.ezua.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
nmrx.mrbonus.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
no.authorizeddns.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
nsa.mefound.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
nt.mynumber.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
nttdata.otzo.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
nuisance.serveusers.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
nz.compress.to
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
ol.almostmy.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
onlinednsserver.sendsmtp.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
oracleupdate.dns04.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with RedLeaves malware.
outlook.sindeali.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with RedLeaves malware.
owlmedia.mefound.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
peopleinfodata.3-a.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
pepper.sexxxy.biz
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
portal.mrface.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
portal.sendsmtp.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
portalser.dynamic-dns.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
praskovya-matveyeva.mefound.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
praskovya-ulyanova.dumb1.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
products.almostmy.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
products.cleansite.us
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
products.serveuser.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
program.acmetoy.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
purchase.lflinkup.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
rain.orctldl.windowsupdate.authorizeddns.us
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
read.xxuz.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
recent.dns-stuff.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
recent.fartit.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
redflower.isasecret.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
referred.gr8domain.biz
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
referred.yourtrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
register.ourhobby.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
registration2.instanthq.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
registrations.4pu.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
registrations.organiccrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
remeberdata.iownyour.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
reserveds.onedumb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
rethem.almostmy.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
sakai.unhamj.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected APT 10 infrastructure.
salvaiona.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
sappore.cloud-maste.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
sc.weboot.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
scorpion.poulsenv.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
sdmsg.onmypc.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
se.toythieves.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
secertnews.mrbasic.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
send.mofa.ns01.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
sendmsg.jumpingcrab.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
senseye.ikwb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
septdlluckysystem.jungleheart.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
seraphim-yurieva.justdied.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
serv.justdied.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
server1.proxydns.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
seyesb.acmetoy.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
shrimp.bdoncloud.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
shugiin.jkub.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
sindeali.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
singed.otzo.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
sojourner.mypicture.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
sstday.jkub.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
stone.jumpingcrab.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
style.u-tokyo-ac-jp.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
support1.mrface.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
svc.dynssl.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
synssl.dnset.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
taipeifoodsite.ocry.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
tamraj.fartit.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
tfa.longmusic.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
ticket.instanthq.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
tophost.dynamicdns.co.uk
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
transfer.lflinkup.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
transfer.vizvaz.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
travelyokogawafz.fartit.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
trout.belowto.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
twmusic.proxydns.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
twpeoplemusicsite.my03.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
twsslpopservupro.dynssl.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
twtravelinfomation.toythieves.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
twx.mynumber.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
ugreen.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
uk.dynamicdns.org.uk
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
ukuoka.cloud-maste.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
ultimedia.vmmini.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
un.ddns.info
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
un.dnsrd.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
unhamj.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
updates.itsaol.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain is associated with suspected Stone Panda C2 infrastructure.
usa.itsaol.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
usiness.vmmini.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
usliveupdateonline.ygto.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
ut-portal-u-tokyo-ac-jp.tyoto-go-jp.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
v4.microsoftupdate.mrbasic.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
v4.windowsupdate.dedgesuite.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain is associated with suspected Stone Panda C2 infrastructure.
v4.windowsupdate.dnset.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain is associated with suspected Stone Panda C2 infrastructure.
v4.windowsupdate.itsaol.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain is associated with suspected Stone Panda C2 infrastructure.
v4.windowsupdate.x24hr.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
vmmini.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
wchildress.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
wcxh.mynetav.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
well.itsaol.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
whale.toshste.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
windowfile.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
windowsimages.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
windowsmirrors.vizvaz.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
windowsupdate.2waky.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure
windowsupdate.3-a.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain is associated with suspected Stone Panda C2 infrastructure.
windowsupdate.acmetoy.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain is associated with suspected Stone Panda C2 infrastructure.
windowsupdate.authorizeddns.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.authorizeddns.org
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.authorizeddns.us
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
windowsupdate.dedgesuite.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.dns05.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.dnset.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.esmtp.biz
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.ezua.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.fartit.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.gettrials.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdates.itemdb.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.instanthq.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.itsaol.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.jungleheart.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.lflink.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.mrface.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.mylftv.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.organiccrap.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.rebatesrule.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.sellclassics.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.serveusers.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
windowsupdate.wcwname.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
windowsupdate.x24hr.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
yahoo.incloud-go.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
yandexr.sellclassics.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
yfrfyhf.youdontcare.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
yokohamajpinstaz.mrbonus.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
zebra.bdoncloud.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
zebra.incloud-go.com
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious FQDN Indicator
Domain Watchlist
According to a trusted third party, this domain may be associated with suspected Stone Panda C2 infrastructure.
zero.pcanywhere.net
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to a trusted third party, this IP may be associated with suspected Stone Panda C2 infrastructure.
61.97.241.239
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to a trusted third party, this IP may be associated with suspected Stone Panda C2 infrastructure.
103.208.86.129
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
This indicator has been previously reported in IR-ALERT-MED-17-093-01 to identify potential malicious activity.
109.237.108.202
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to a trusted third party, this IP may be associated with suspected Stone Panda C2 infrastructure.
109.237.111.175
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to a trusted third party, this IP may be associated with suspected Stone Panda C2 infrastructure.
109.248.222.85
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to a trusted third party, this IP may be associated with suspected Stone Panda C2 infrastructure.
95.47.156.86
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to a trusted third party, this IP may be associated with suspected Stone Panda C2 infrastructure.
162.243.6.98
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to a trusted third party, this IP may be associated with suspected Stone Panda C2 infrastructure.
160.202.163.78
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to a trusted third party, this IP may be associated with suspected Stone Panda C2 infrastructure.
86.106.102.3
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to a trusted third party, this IP may be associated with suspected Stone Panda C2 infrastructure.
110.10.176.181
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to a trusted third party, this IP may be associated with suspected Stone Panda C2 infrastructure.
185.133.40.63
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to a trusted third party, this IP may be associated with suspected Stone Panda C2 infrastructure.
185.14.185.189
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to a trusted third party, this IP may be associated with suspected Stone Panda C2 infrastructure.
95.183.52.57
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to a trusted third party, this IP may be associated with suspected Stone Panda C2 infrastructure.
185.117.88.78
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to a trusted third party, this IP address may be associated with malicious activity.
185.117.88.77
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to a trusted third party, this IP may be associated with suspected Stone Panda C2 infrastructure.
185.117.88.82
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to a trusted third party, this IP may be associated with suspected Stone Panda C2 infrastructure.
109.237.108.150
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
211.110.17.209
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to a trusted third party, this IP may be associated with suspected Stone Panda C2 infrastructure.
81.176.239.56
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
151.236.20.16
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
107.181.160.109
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
158.255.208.170
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
158.255.208.189
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
158.255.208.61
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
160.202.163.79
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
160.202.163.82
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
160.202.163.90
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
160.202.163.91
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
185.117.88.81
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
185.141.25.33
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
31.184.198.23
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
31.184.198.38
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
92.242.144.2
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious IPv4 Indicator
IP Watchlist
According to open-source research, this IP address resolves to China. The trusted third party reported this IP address as associated with REDLEAVES and PLUGX activity.
183.134.11.84
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
3D Tetris.exe
271584
MD5
8a93859e5f7079d6746832a3a22ff65c
SHA1
56d6c3ffa4f3d5ae742f937fae85f0995814cf90
SHA256
ae6b45a92384f6e43672e617c53a44225e2944d66c1ffb074694526386074145
SSDEEP
3072:UxSo8vomCcZsPvRqlWgY0VMD+S7VrlGgOSqvS1Wz+5CsoB5wV+JcrVgmzBsNuzMU:UCacZsYRZVS9d5Cg+4HBquzMCZfR
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
44.vir
268002
MD5
b0649c1f7fb15796805ca983fd8f95a3
SHA1
56126b1c19c1121c0f5065204ef5cc4633079b98
SHA256
fd6a956a7708708cddff78c8505c7db73d7c4e961da8a3c00cc5a51171a92b7b
SSDEEP
3072:3DQcggG8+EfcByY7oNPgaKxUuPiSCbEggvQ4+8DhqKPmCtI0mfBSXBKBlNuPiu77:3Eyi76PgadK3+8DwKPJm0mZ0BiJVm
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
2016-12-01_05-18_c1cb28327d3364768d1c1e4ce0d9bc07_4132357b(web)JP_Hf??????.exe
428768
MD5
c1cb28327d3364768d1c1e4ce0d9bc07
SHA1
741e955a9e458a70b5c085b3bfba800fdfb4ccde
SHA256
2c71eb5c781daa43047fa6e3d85d51a061aa1dfa41feb338e0d4139a6dfd6910
SSDEEP
3072:4vPHoYTlo34nioyhHYQgnzPNYfPqIcsAZCm7kCVjxkjJ7buRoHSXBKBlQ3JB2Ioh:8QYTG34ioygzPyXa5ZG97r0BiQjoh
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
c0c8dcc9dad39da8278bf8956e30a3fc.virus
275168
MD5
c0c8dcc9dad39da8278bf8956e30a3fc
SHA1
009b639441ad5c1260f55afde2d5d21fc5b4f96c
SHA256
6605b27e95f5c3c8012e4a75d1861786fb749b9a712a5f4871adbad81addb59e
SSDEEP
3072:dU8Odn8h0mf8adYxVvMsZKQRpPiSCb/jgUkF525/xpLETTgOUQkwysz9oSXBKBlA:gE5Sx9MsZyTO52hxcJ3LzC0BiNVY
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
db212129be94fe77362751c557d0e893.virus
430304
MD5
db212129be94fe77362751c557d0e893
SHA1
7fe6c8191749767254513b03da03cfbf6dd6c139
SHA256
fadf362a52dcf884f0d41ce3df9eaa9bb30227afda50c0e0657c096baff501f0
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
2016-11-30_00-13_23d03ee4bf57de7087055b230dae7c5b_79a67d75(web)JP_11s??.exe
306400
MD5
23d03ee4bf57de7087055b230dae7c5b
SHA1
7cace2e51e8ecc5ddb9720a8dc9e1f3596fe343b
SHA256
e88f5bf4be37e0dc90ba1a06a2d47faaeea9047fec07c17c2a76f9f7ab98acf0
SSDEEP
6144:H+kHzlkmztsXX23lt67TB0BtuXaA0BiNWn6k:H+kpztsXX2mCGKFrn6k
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
f157874512.exe
299744
MD5
472b1710794d5c420b9d921c484ca9e8
SHA1
2c1b42e8c8acea5082275b6ea5f5c64ebaf4fa30
SHA256
e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88e
SSDEEP
3072:3Kb43dClPyOuaAnvnj33Lsl62TYiGF0b2tzO37I42+KT4rhLSdtSXBKBlLqdb7kB:o4cVFuamvqy0w82+KQhLSdt0BiN239a
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
artf.exe
232672
MD5
19610f0d343657f6842d2045e8818f09
SHA1
42d5c9c4c02e6d5c88ec0acce72327389a92f0d7
SHA256
4521a74337a8b454f9b80c7d9e57b4c9580567f84e513d9a3ce763275c55e691
SSDEEP
6144:QX4y8bL7IpF2c1wbxZ/dXf0Bij0BiuJ39c:QX/8bc11wbxZ/B61jJ39c
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
age.exex
223480
MD5
f5744d72c6919f994ff452b0e758ffee
SHA1
a954a3f20ef8065d98d9e3a3c5ae254e27c63bf6
SHA256
f251485a62e104dfd8629dc4d2dfd572ebd0ab554602d682a28682876a47e773
SSDEEP
6144:Gv7GYbWMVUyBp7E7lsxJen0Bij0BiPxH+ku:G7GaWGp7E7GJJ1WH+/
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
b20ce00a6864225f05de6407fac80ddb83cd0aec00ada438c1e354cdd0d7d5df.bin
230112
MD5
7891f00dcab0e4a2f928422062e94213
SHA1
7cb04a4b86d998604341bc2b610a0a556830993d
SHA256
b20ce00a6864225f05de6407fac80ddb83cd0aec00ada438c1e354cdd0d7d5df
SSDEEP
6144:F74HhRcj0/EkRAMAY5nwxD1Ar0Bij0BiUXxA:F7sRcjsEY5nwxJT1PXxA
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
test.exe
199416
MD5
1b891bc2e5038615efafabe48920f200
SHA1
95ab56ab1f0d4f010569ead7915fbc833a36cd73
SHA256
9a6692690c03ec33c758cb5648be1ed886ff039e6b72f1c43b23fbd9c342ce8c
SSDEEP
3072:qs/2DuT8RveN3yES0Sg2XriusGgLD5tDwHF1pSXBKBlvxH+ka:J/2GK2rS0SR0DOfp0BivxH+ka
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
WinCConnect.exe
171520
MD5
dbb867c2250b5be4e67d1977fcf721fb
SHA1
1df29c63c917b089fe0fc099e2783c0c679892e5
SHA256
cb0c8681a407a76f8c0fd2512197aafad8120aa62e5c871c29d1fd2a102bc628
SSDEEP
3072:so1xoijglqSBNBGaMgPsGkngxDVaUcTr0PWTFPLHF:hYz4SBNB8gLxYUcTr0PWZPLHF
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
RCt.exe
322033
MD5
f03f70d331c6564aec8931f481949188
SHA1
01edb82de7b9666eaa5d2791a14092f2e73d2795
SHA256
45d804f35266b26bf63e3d616715fc593931e33aa07feba5ad6875609692efa2
SSDEEP
6144:hY20AljuB28YZgqEPfS1fE1G5rJF6QLBLcTHyy7+xwga/fsB:hY20AljdZgBPfKfCQtLSH5+9a/kB
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
SXm.exe
311296
MD5
75500bb4143a052795ec7d2e61ac3261
SHA1
a7d0b38bda630c927820380d311ddc70a9606407
SHA256
19aa5019f3c00211182b2a80dd9675721dac7cfb31d174436d3b8ec9f97d898b
SSDEEP
6144:65JeDKbpqYklgI7r43sc25BMv+a0Bij0BipLm:65UsqdP7rsJ6106
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
offcee.EXE
2052608
MD5
0f6b00b0c5a26a5aa8942ae356329945
SHA1
1f412a62f50ff71f0b2b2f54aaa980962ebfd8a4
SHA256
6392e0701a77ea25354b1f40f5b867a35c0142abde785a66b83c9c8d2c14c0c3
SSDEEP
49152:Na175O/mZxrkaH1EN5/yxnxEil7F8vSZBWwj186KQGwi38KQrF+FO7p1FzohbJq:uO/mZxbHW7yxnxECF8vSZBW+Pbi38KQs
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
ShorcutLauncher.exe
720896
MD5
d316848ce47c098ccfe72aa7311aaffa
SHA1
4132068417bcbffec16ac655a14f29aa74189fcb
SHA256
6c7e85e426999579dd6a540fcd827b644a79cda0ad50211d585a0be513571586
SSDEEP
12288:0nlPVTFqOhmW+QjE2UnNsQwIXKosg4M3Ic1SqP02JXS0n69se:0nl/7mW+QjaNxbN4qIkila
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
dcff19fc193f1ba63c5dc6f91f00070e6912dcec3868e889fed37102698b554b
258048
MD5
e975d5b29d988929e5ad3a8fa19083d1
SHA1
b1043250c499ccf0ad56a688ccce662f42386869
SHA256
dcff19fc193f1ba63c5dc6f91f00070e6912dcec3868e889fed37102698b554b
SSDEEP
6144:VmYFCN2tM+gfmkZxuMh2C30rzhDt7nLLzMCZf:VaAMFZxph2CkvhBLn
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
ap1.exe
310272
MD5
667989ffa5e77943f3384e78adf93510
SHA1
aee17dbab01ed334bb94506fcbc2ed259242159e
SHA256
7eeaa97d346bc3f8090e5b742f42e8900127703420295279ac7e04d06ebe0a04
SSDEEP
3072:UcJNysymEx13p8u533Xyn3kCzRGyAK/Zu39tF3uBw8oEU5a1SDzFLzMCnZf9IAaY:UciLXh3K9zZu39tQC8oEnIBzMCZfZaY
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
APDS.DLL
165376
MD5
5a78974df88ab6a67bb72a5c7a437fb2
SHA1
68e3f80012a78518ddbde055b5e42dd4d82e58e5
SHA256
a6b6c66735e5e26002202b9d263bf8c97e278f6969c141853857000c8d242d24
SSDEEP
3072:fNPaNYarzoyHOj+qPPkD+KFVSXpKt3TPsRtCywElqG:Vydbw+4kDH8XpKd4DxwI
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
08.vir
165378
MD5
8ece7de82e1bdd4659a122c06ea9533e
SHA1
83d419bc812d08c9d09baa49a4313a81eda54702
SHA256
5412cddde0a2f2d78ec9de0f9a02ac2b22882543c9f15724ebe14b3a0bf8cbda
SSDEEP
3072:fNPaNYarzoyHOj+qPPkD+KFVSXpKt3TPsRtCywElqG3:Vydbw+4kDH8XpKd4DxwIz
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
mpsvc.dll
233472
MD5
850a7e877d8e68188714ff5344f6fc15
SHA1
aaee7385b2c836e9d3e14812807f911c2144a894
SHA256
92dbbe0eff3fe0082c3485b99e6a949d9c3747afa493a0a1e336829a7c1faafb
SSDEEP
3072:aK55Dxg5oMnR5kpTsYQQf0Lt5rHWl/U5HXLuC0oCE:H55y7nR57YLKnal/U5ato
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
274144
MD5
3afa9243b3aeb534e02426569d85e517
SHA1
df8f49a3fdf8a9d550b22d65d21a8006ff593ac4
SHA256
5961861d2b9f50d05055814e6bfd1c6291b30719f8a4d02d4cf80c2e87753fa1
SSDEEP
6144:ROCKoy/OA/y5wSjZEug2IVAQR7KOSp0BiO:E05ay/jZxNQdP7
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
373984
MD5
0c0a39e1cab4fc9896bdf5ef3c96a716
SHA1
de5af856804974ba3df03928fff03447e8f4c9c2
SHA256
316e89d866d5c710530c2103f183d86c31e9a90d55e2ebc2dda94f112f3bdb6d
SSDEEP
6144:JfV5IBcpSVVUIr0Izm2nUzXAzUW0BiNoNn6R:JfVrSV6Ir0IVAXAIvFn6R
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
242912
MD5
ca9644ef0f7ed355a842f6e2d4511546
SHA1
a91669bb4dcb713e997ddf98417730de78cb990a
SHA256
bc2f07066c624663b0a6f71cb965009d4d9b480213de51809cdc454ca55f1a91
SSDEEP
3072:Eif4klql7aOWKEgXn7IfLsl62sPG2kOqfR7CxP76k+ffaF+6E4SXBKBljSXBKBlE:l4hptWKpXiyDM6kv+6E40Bij0Biw39L
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
199418
MD5
f586edd88023f49bc4f9d84f9fb6bd7d
SHA1
b966657d35bba9416775d320bb87086001995bbe
SHA256
c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d
SSDEEP
3072:qs/2DuT8RveN3yES0Sg2XriusGgLD5tDwHF1pSXBKBlvxH+k9:J/2GK2rS0SR0DOfp0BivxH+k9
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
867328
MD5
3cbb5664d70bbe62f19ee28f26f21d7e
SHA1
6edd9bb17a999b5f5abcf123a2701e4ea4ada9a2
SHA256
4cc0adf4baa1e3932d74282affb1a137b30820934ad4f80daceec712ba2bbe14
SSDEEP
6144:I7JgxvGuoEMcJzEgTZmVibMq9x1JPvqbPjK0BigdCV:INgcEFZTZmVIMq9x1JPvqbPj78
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
389632
MD5
d1bab4a30f2889ad392d17573302f097
SHA1
5b045d98606f000a236b1bd4ac4c9e482b3f5475
SHA256
312dc69dd6ea16842d6e58cd7fd98ba4d28eefeb4fd4c4d198fac4eee76f93c3
SSDEEP
3072:hi7HsQQXwwybPRzHQMlspVicPQMq9x1JPvqbPjUCtorSSXBKBlp4:hi7HQ6HZmVibMq9x1JPvqbPjR0Bi+
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
369152
MD5
19417f7551bc54db6783823325557773
SHA1
2d5c5e210c7db4ba6012bd761154db0d1f5cd658
SHA256
76721d08b83aae945aa00fe69319f896b92c456def4df5b203357cf443074c03
SSDEEP
6144:cmJ7yC3K9zZu39tQC8oE2QQzMCZf4zMCZf4zMCZfR:cmv3K9V43j9xqqp
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
MD5
bb269704ba8647da97377440d403ae4d
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
SHA256
c6b8ed157eed54958da73716f8db253ba5124a0e4b649f08de060c4aa6531afc
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
SHA256
f1ca9998ca9078c27a6dab286dfe25fcdfb1ad734cc2af390bdcb97da1214563
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
SHA256
9f01dd2b19a1032e848619428dd46bfeb6772be2e78b33723d2fa076f1320c57
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
SHA256
ca119725c2cef7baad0690d82b770c25ff64c7e7f1fc9e0e65c91d20151cd204
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
SSDEEP
384:ihQNEsZLpdT8VyreQrxCdd5EV37h4bU8wz3Iyf+VZsFFLRuAs
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
This indicator was previously provided IR-ALERT-MED-17-093-01 to identify potential malicious activity.
SSDEEP
768:Ga74qxW588yzTaq/nYkZIsKF/Ia5QaYuIzQchjtA5TykeovEDln7+qniYwP0:VSVyzffYkZi/IaDYljtAkkeN6kwP0
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to open source reporting, this executable file is legitimate, AOL instant messenger file which may be used to load libcef.dll which is associated with REDLEAVES malware.
aim.exe
1075552
MD5
fa89eeaac3c9de18aee8c58b6580dfea
SHA1
86cea2cb7510a6031d44b8472d806ae2205f438f
SHA256
6bc2558eb8915edc19835d9e734023a2368f876971f5580478782c7444f9581c
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to open source reporting, this file is associated with REDLEAVES malware
libcef.dll
SHA256
02e702af02a6b9a8b31cd470c18e383093ef4ed404811b414d6d131df01f9acd
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to open source reporting, this file is associated with REDLEAVES malware
pastime.dat
SHA256
79f61eda72c41b5ec526a3d5a1a91f86f0bc0eca470e07ab50d9626231143f11
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to open source reporting, this file is asociated with malicious activity
mem
249344
MD5
81df89d6fa0b26cadd4e50ef5350f341
SHA1
61df36789f7d2314c79a41be512300d7c84131bb
SHA256
2e1f902de32b999642bb09e995082c37a024f320c683848edadaf2db8e322c3c
SSDEEP
6144:W2bVESI/Gzfa0YrJkf41akMM0TWr1DAXnpld7aiAt:pCHtg48kqTE1DAXpld3A
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to open source reporting, this file is associated with REDLEAVES malware
ninjastuff.dat
SHA256
fb4e516e1e2a369d1cdfb208ee885cb4848bed707a0514367f464c8e7519cb50
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to open source reporting, this file is associated with REDLEAVES malware
dump.bin
405504
MD5
06b0af6ff00647f57119d8a261829f73
SHA1
bd4110fdaa3c99c09ad4883085ddd62b6f9f9bd7
SHA256
af9dde68c73d69ea535103e963f09587b6aa020081bbce06347de05fa469c257
SSDEEP
6144:a6Tl0vnG7PKavITBYAlCkkMUbWD904I/vRqNM6iAt:ZiaQdYA0kSb8904I/pqN+A
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to open source reporting, this file is associated with REDLEAVES malware
authority.dat
234154
MD5
dd0494eb1ab29e577354fca895bec92a
SHA1
9188923fcfca6bda9e13ec2efeb3b4ccc5f560cc
SHA256
ff0b79ed5ca3a5e1a9dabf8e47b15366c1d0783d0396af2cbba8e253020dbb34
SSDEEP
6144:rqfg5tD+sZysueMjObWHJAbM0iKL1lttqPxvkv3:2fqlOjewOARCtMx83
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to open source reporting, this file is asociated with malicious activity
Sandvik_Group_Meeting_Document_20170222_doc_.exe
3804160
MD5
b3139b26a2dabb9b6e728884d8fa8b33
SHA1
de5672c7940e4fad3c8145ce9e8a5fcb1da0fcee
SHA256
5262cb9791df50fafcb2fbd5f93226050b51efe400c2924eecba97b7ce437481
SSDEEP
98304:drzo0aM7e5O92nAv/tyE6peB1IY8CEueiSH0h292bNcx:pzo0S4yRY8tueiSUh1bCx
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to open source reporting, this file is associated with malicious activity
MD5
d316848ce47c098ccfe72aa7311aaffa
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a open source reporting, this file is a SHA-256 hash value of PlugX malware
SHA256
fcccc611730474775ff1cfd4c60481deef586f01191348b07d7a143d174a07b0
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this file is asociated with malicious activity
run.dll
MD5
6fccfa1559a64edff571d6042abd8a59
SHA1
81ba8a1a9e26950c52580f5b046dbe1c8b6f6868
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this file is asociated with malicious activity
Vba32ar.exe
MD5
9ae3b326cf716fbccbecfd292846a3a9
SHA1
da3cb3ade7f129838ff3c816b223859d91d377b6
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this file is asociated with malicious activity
MD5
598ff82ea4fb52717acafb227c83d474
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this file is asociated with malicious activity
SHA1
c793c4e63fe61140dc92749a38e63820776548a3
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this file is asociated with malicious activity
runsna.dll
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this file is asociated with malicious activity
MD5
0b05143e2e4b56dbf5ef7a58b5013bc3
SHA1
9e0b78aacf4871cddc0468d517f928970fd54c8d
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
Acoording to a trusted third party, this legimate application hijacked and used to load malicious file
dragon.exe
MD5
9c2f3bbfbb1cdfe30ef0aad88d461daf
SHA1
2a07420c768fa49c05327741e0709c3ac5a71a06
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this DLL file is used to decode and execute embedded buffer containing PLUGX 4.0
dragon.dll
MD5
7d10708a518b26cc8c3cbfbaa224e032
SHA1
e418387dd296e00aea9141c8c4b73690495640a0
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this malicious DLL loads, decodes, and executes special.dat
IPHLPAPI.dll
MD5
6235e5a45fa51a10826ced8e90adcf93
SHA1
aaec782a5256150c88b75c912bf4d091cf0c32e9
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this legitimate file can be hijacked and used to load a malicious file
GeekBuddyRSP.exe
MD5
ad879f64e9137836283592720d95aadb
SHA1
3cfb1bf0063ea9d893f9e95c11e223cc06299337
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this malicious file contains REDLEAVES configuration data encoded using XOR
special.dat
MD5
af406d35c77b1e0df17f839e36bce630
SHA1
a6284ed7e11fdffa6b187c0fefafa421e0f56318
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this legitimate file is hijacked and used to load a malicious file.
cif.exe
MD5
6ec0f91b5b74bc06ebb561cdeb0f4796
SHA1
a82a59fd073c3c868be93f52d09203e93e87d79a
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this is associated with REDLEAVES malware.
condition.dat
MD5
80dfcb6ec50f381f153ade2866f18d4b
SHA1
aaa19e15cfe66a105428048f3242889afae170dd
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this malicious DLL is used to read, decode, and execute condition.dat
gentee.dll
MD5
f50460d3ddcc9628d0e86de1aa292895
SHA1
0876f0cb9d03bc5539b242a374976b217095ec0d
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this may be a file name for PLUGX malware.
quser.exe
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this may be a file name for PLUGX malware.
query.exe
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this may be a file name for PLUGX malware.
dsquery.exe
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this may be a file name for PLUGX malware.
csvde.exe
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Malicious File Indicator
File Hash Watchlist
According to a trusted third party, this may be a file name for PLUGX malware.
nltest.exe
../../../descendant-or-self::node() | ../../../descendant-or-self::node()/@*
DISCLAIMER: This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is distributed as TLP:WHITE: Disclosure is not limited. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.