diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common
index 759f78f18..8db8fea52 100755
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -15,6 +15,8 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+IMAGEREPO=soshybridhunter
+
 # Check for prerequisites
 if [ "$(id -u)" -ne 0 ]; then
         echo "This script must be run using sudo!"
diff --git a/salt/common/tools/sbin/so-docker-refresh b/salt/common/tools/sbin/so-docker-refresh
index bd9993570..11200864f 100644
--- a/salt/common/tools/sbin/so-docker-refresh
+++ b/salt/common/tools/sbin/so-docker-refresh
@@ -14,12 +14,8 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-got_root(){
-    if [ "$(id -u)" -ne 0 ]; then
-        echo "This script must be run using sudo!"
-        exit 1
-    fi
-}
+
+. /usr/sbin/so-common
 
 manager_check() {
   # Check to see if this is a manager
@@ -39,10 +35,10 @@ update_docker_containers() {
   do
     # Pull down the trusted docker image
     echo "Downloading $i"
-    docker pull --disable-content-trust=false docker.io/soshybridhunter/$i
+    docker pull --disable-content-trust=false docker.io/$IMAGEREPO/$i
     # Tag it with the new registry destination
-    docker tag soshybridhunter/$i $HOSTNAME:5000/soshybridhunter/$i
-    docker push $HOSTNAME:5000/soshybridhunter/$i
+    docker tag $IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i
+    docker push $HOSTNAME:5000/$IMAGEREPO/$i
   done
   
 }
@@ -55,7 +51,7 @@ version_check() {
     exit 1
   fi
 }
-got_root
+
 manager_check
 version_check
 
diff --git a/salt/common/tools/sbin/so-elastic-download b/salt/common/tools/sbin/so-elastic-download
deleted file mode 100755
index b52d88c45..000000000
--- a/salt/common/tools/sbin/so-elastic-download
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/bash
-MANAGER=MANAGER
-VERSION="HH1.1.4"
-TRUSTED_CONTAINERS=( \
-"so-nginx:$VERSION" \
-"so-thehive-cortex:$VERSION" \
-"so-curator:$VERSION" \
-"so-domainstats:$VERSION" \
-"so-elastalert:$VERSION" \
-"so-elasticsearch:$VERSION" \
-"so-filebeat:$VERSION" \
-"so-fleet:$VERSION" \
-"so-fleet-launcher:$VERSION" \
-"so-freqserver:$VERSION" \
-"so-grafana:$VERSION" \
-"so-idstools:$VERSION" \
-"so-influxdb:$VERSION" \
-"so-kibana:$VERSION" \
-"so-logstash:$VERSION" \
-"so-mysql:$VERSION" \
-"so-playbook:$VERSION" \
-"so-redis:$VERSION" \
-"so-sensoroni:$VERSION" \
-"so-soctopus:$VERSION" \
-"so-steno:$VERSION" \
-#"so-strelka:$VERSION" \
-"so-suricata:$VERSION" \
-"so-telegraf:$VERSION" \
-"so-thehive:$VERSION" \
-"so-thehive-es:$VERSION" \
-"so-wazuh:$VERSION" \
-"so-zeek:$VERSION" )
-
-for i in "${TRUSTED_CONTAINERS[@]}"
-do
-  # Pull down the trusted docker image
-  echo "Downloading $i"
-  docker pull --disable-content-trust=false docker.io/soshybridhunter/$i
-  # Tag it with the new registry destination
-  docker tag soshybridhunter/$i $MANAGER:5000/soshybridhunter/$i
-  docker push $MANAGER:5000/soshybridhunter/$i
-  docker rmi soshybridhunter/$i
-done
diff --git a/salt/common/tools/sbin/so-features-enable b/salt/common/tools/sbin/so-features-enable
index 6ba9252a9..edc378bc5 100755
--- a/salt/common/tools/sbin/so-features-enable
+++ b/salt/common/tools/sbin/so-features-enable
@@ -31,13 +31,13 @@ for i in "${TRUSTED_CONTAINERS[@]}"
 do
     # Pull down the trusted docker image
     echo "Downloading $i"
-    docker pull --disable-content-trust=false docker.io/soshybridhunter/$i
+    docker pull --disable-content-trust=false docker.io/$IMAGEREPO/$i
     # Tag it with the new registry destination
-    docker tag soshybridhunter/$i $HOSTNAME:5000/soshybridhunter/$i
-    docker push $HOSTNAME:5000/soshybridhunter/$i
+    docker tag $IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i
+    docker push $HOSTNAME:5000/$IMAGEREPO/$i
 done
 for i in "${TRUSTED_CONTAINERS[@]}"
 do
     echo "Removing $i locally"
-    docker rmi soshybridhunter/$i
+    docker rmi $IMAGEREPO/$i
 done
diff --git a/salt/common/tools/sbin/so-import-pcap b/salt/common/tools/sbin/so-import-pcap
index 02b7ffedc..92dc27f50 100755
--- a/salt/common/tools/sbin/so-import-pcap
+++ b/salt/common/tools/sbin/so-import-pcap
@@ -17,6 +17,7 @@
 
 {% set MANAGER = salt['grains.get']('master') %}
 {% set VERSION = salt['pillar.get']('static:soversion') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {%- set MANAGERIP = salt['pillar.get']('static:managerip') -%}
 
 function usage {
@@ -31,13 +32,13 @@ EOF
 function pcapinfo() {
   PCAP=$1
   ARGS=$2
-  docker run --rm -v $PCAP:/input.pcap --entrypoint capinfos {{ MANAGER }}:5000/soshybridhunter/so-pcaptools:{{ VERSION }} /input.pcap $ARGS
+  docker run --rm -v $PCAP:/input.pcap --entrypoint capinfos {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-pcaptools:{{ VERSION }} /input.pcap $ARGS
 }
 
 function pcapfix() {
   PCAP=$1
   PCAP_OUT=$2
-  docker run --rm -v $PCAP:/input.pcap -v $PCAP_OUT:$PCAP_OUT --entrypoint pcapfix {{ MANAGER }}:5000/soshybridhunter/so-pcaptools:{{ VERSION }} /input.pcap -o $PCAP_OUT > /dev/null 2>&1
+  docker run --rm -v $PCAP:/input.pcap -v $PCAP_OUT:$PCAP_OUT --entrypoint pcapfix {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-pcaptools:{{ VERSION }} /input.pcap -o $PCAP_OUT > /dev/null 2>&1
 }
 
 function suricata() {
@@ -58,7 +59,7 @@ function suricata() {
     -v ${NSM_PATH}/:/nsm/:rw \
     -v $PCAP:/input.pcap:ro \
     -v /opt/so/conf/suricata/bpf:/etc/suricata/bpf:ro \
-    {{ MANAGER }}:5000/soshybridhunter/so-suricata:{{ VERSION }} \
+    {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-suricata:{{ VERSION }} \
     --runmode single -k none -r /input.pcap > $LOG_PATH/console.log 2>&1
 }
 
@@ -86,7 +87,7 @@ function zeek() {
     -v /opt/so/conf/zeek/bpf:/opt/zeek/etc/bpf:ro \
     --entrypoint /opt/zeek/bin/zeek \
     -w /nsm/zeek/logs \
-    {{ MANAGER }}:5000/soshybridhunter/so-zeek:{{ VERSION }} \
+    {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-zeek:{{ VERSION }} \
     -C -r /input.pcap local > $NSM_PATH/logs/console.log 2>&1
 }
 
diff --git a/salt/curator/init.sls b/salt/curator/init.sls
index 0896e0c6a..8873f401a 100644
--- a/salt/curator/init.sls
+++ b/salt/curator/init.sls
@@ -1,4 +1,5 @@
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% if grains['role'] in ['so-eval', 'so-node', 'so-managersearch', 'so-heavynode', 'so-standalone'] %}
 # Curator
@@ -111,7 +112,7 @@ so-curatordeletecron:
 
 so-curator:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-curator:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-curator:{{ VERSION }}
     - hostname: curator
     - name: so-curator
     - user: curator
diff --git a/salt/deprecated-bro/cron/packetloss.sh b/salt/deprecated-bro/cron/packetloss.sh
deleted file mode 100644
index 744fd09f4..000000000
--- a/salt/deprecated-bro/cron/packetloss.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/bash
-/usr/bin/docker exec so-bro /opt/bro/bin/broctl netstats | awk '{print $(NF-2),$(NF-1),$NF}' | awk -F '[ =]' '{RCVD += $2;DRP += $4;TTL += $6} END { print "rcvd: " RCVD, "dropped: " DRP, "total: " TTL}' >> /nsm/bro/logs/packetloss.log
diff --git a/salt/deprecated-bro/cron/zeek_clean b/salt/deprecated-bro/cron/zeek_clean
deleted file mode 100644
index 24bbc218c..000000000
--- a/salt/deprecated-bro/cron/zeek_clean
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/bin/bash
-
-# Delete Zeek Logs based on defined CRIT_DISK_USAGE value
-
-# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC
-
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-clean () {
-
-SENSOR_DIR='/nsm'
-CRIT_DISK_USAGE=90
-CUR_USAGE=$(df -P $SENSOR_DIR | tail -1 | awk '{print $5}' | tr -d %)
-LOG="/nsm/bro/logs/zeek_clean.log"
-
-if [ "$CUR_USAGE" -gt "$CRIT_DISK_USAGE" ]; then
-    while [ "$CUR_USAGE" -gt "$CRIT_DISK_USAGE" ];
-        do
-                TODAY=$(date -u "+%Y-%m-%d")
-
-                # find the oldest Zeek logs directory and exclude today
-                OLDEST_DIR=$(ls /nsm/bro/logs/ | grep -v "current" | grep -v "stats" | grep -v "packetloss" | grep -v "zeek_clean" | sort | grep -v $TODAY | head -n 1)
-                if [ -z "$OLDEST_DIR" -o "$OLDEST_DIR" == ".." -o "$OLDEST_DIR" == "." ]
-                then
-                        echo "$(date) - No old Zeek logs available to clean up in /nsm/bro/logs/" >> $LOG
-                        exit 0
-                else
-                        echo "$(date) - Removing directory: /nsm/bro/logs/$OLDEST_DIR" >> $LOG
-                        rm -rf /nsm/bro/logs/"$OLDEST_DIR"
-                fi
-
-                # find oldest files in extracted directory and exclude today
-                OLDEST_EXTRACT=$(find /nsm/bro/extracted -type f -printf '%T+ %p\n' 2>/dev/null | sort | grep -v $TODAY | head -n 1)
-                if [ -z "$OLDEST_EXTRACT" -o "$OLDEST_EXTRACT" == ".." -o "$OLDEST_EXTRACT" == "." ]
-                then
-                        echo "$(date) - No old extracted files available to clean up in /nsm/bro/extracted/" >> $LOG
-                else
-                        OLDEST_EXTRACT_DATE=`echo $OLDEST_EXTRACT | awk '{print $1}' | cut -d+ -f1`
-                        OLDEST_EXTRACT_FILE=`echo $OLDEST_EXTRACT | awk '{print $2}'`
-                        echo "$(date) - Removing extracted files for $OLDEST_EXTRACT_DATE" >> $LOG
-                        find /nsm/bro/extracted -type f -printf '%T+ %p\n' | grep $OLDEST_EXTRACT_DATE | awk '{print $2}' |while read FILE
-                        do
-                                echo "$(date) - Removing extracted file: $FILE" >> $LOG
-                                rm -f "$FILE"
-                        done
-                fi
-    done
-else
-  echo "$(date) - CRIT_DISK_USAGE value of $CRIT_DISK_USAGE not greater than current usage of $CUR_USAGE..." >> $LOG
-fi
-}
-
-clean
diff --git a/salt/deprecated-bro/files/local.bro b/salt/deprecated-bro/files/local.bro
deleted file mode 100644
index 30b216548..000000000
--- a/salt/deprecated-bro/files/local.bro
+++ /dev/null
@@ -1,139 +0,0 @@
-##! Local site policy. Customize as appropriate.
-##!
-##! This file will not be overwritten when upgrading or reinstalling!
-
-# This script logs which scripts were loaded during each run.
-@load misc/loaded-scripts
-
-# Apply the default tuning scripts for common tuning settings.
-@load tuning/defaults
-
-# Estimate and log capture loss.
-@load misc/capture-loss
-
-# Enable logging of memory, packet and lag statistics.
-@load misc/stats
-
-# Load the scan detection script.
-@load misc/scan
-
-# Detect traceroute being run on the network. This could possibly cause
-# performance trouble when there are a lot of traceroutes on your network.
-# Enable cautiously.
-#@load misc/detect-traceroute
-
-# Generate notices when vulnerable versions of software are discovered.
-# The default is to only monitor software found in the address space defined
-# as "local".  Refer to the software framework's documentation for more
-# information.
-@load frameworks/software/vulnerable
-
-# Detect software changing (e.g. attacker installing hacked SSHD).
-@load frameworks/software/version-changes
-
-# This adds signatures to detect cleartext forward and reverse windows shells.
-@load-sigs frameworks/signatures/detect-windows-shells
-
-# Load all of the scripts that detect software in various protocols.
-@load protocols/ftp/software
-@load protocols/smtp/software
-@load protocols/ssh/software
-@load protocols/http/software
-# The detect-webapps script could possibly cause performance trouble when
-# running on live traffic.  Enable it cautiously.
-#@load protocols/http/detect-webapps
-
-# This script detects DNS results pointing toward your Site::local_nets
-# where the name is not part of your local DNS zone and is being hosted
-# externally.  Requires that the Site::local_zones variable is defined.
-@load protocols/dns/detect-external-names
-
-# Script to detect various activity in FTP sessions.
-@load protocols/ftp/detect
-
-# Scripts that do asset tracking.
-@load protocols/conn/known-hosts
-@load protocols/conn/known-services
-@load protocols/ssl/known-certs
-
-# This script enables SSL/TLS certificate validation.
-@load protocols/ssl/validate-certs
-
-# This script prevents the logging of SSL CA certificates in x509.log
-@load protocols/ssl/log-hostcerts-only
-
-# Uncomment the following line to check each SSL certificate hash against the ICSI
-# certificate notary service; see http://notary.icsi.berkeley.edu .
-# @load protocols/ssl/notary
-
-# If you have libGeoIP support built in, do some geographic detections and
-# logging for SSH traffic.
-@load protocols/ssh/geo-data
-# Detect hosts doing SSH bruteforce attacks.
-@load protocols/ssh/detect-bruteforcing
-# Detect logins using "interesting" hostnames.
-@load protocols/ssh/interesting-hostnames
-
-# Detect SQL injection attacks.
-@load protocols/http/detect-sqli
-
-#### Network File Handling ####
-
-# Enable MD5 and SHA1 hashing for all files.
-@load frameworks/files/hash-all-files
-
-# Detect SHA1 sums in Team Cymru's Malware Hash Registry.
-@load frameworks/files/detect-MHR
-
-# Uncomment the following line to enable detection of the heartbleed attack. Enabling
-# this might impact performance a bit.
-# @load policy/protocols/ssl/heartbleed
-
-# Uncomment the following line to enable logging of connection VLANs. Enabling
-# this adds two VLAN fields to the conn.log file. This may not work properly
-# since we use AF_PACKET and it strips VLAN tags.
-# @load policy/protocols/conn/vlan-logging
-
-# Uncomment the following line to enable logging of link-layer addresses. Enabling
-# this adds the link-layer address for each connection endpoint to the conn.log file.
-# @load policy/protocols/conn/mac-logging
-
-# Uncomment the following line to enable the SMB analyzer.  The analyzer
-# is currently considered a preview and therefore not loaded by default.
-@load base/protocols/smb
-
-# BPF Configuration
-@load securityonion/bpfconf
-
-# Add the interface to the log event
-#@load securityonion/add-interface-to-logs.bro
-
-# Add Sensor Name to the conn.log
-#@load securityonion/conn-add-sensorname.bro
-
-# File Extraction
-#@load securityonion/file-extraction
-
-# Intel from Mandiant APT1 Report
-#@load securityonion/apt1
-
-# ShellShock - detects successful exploitation of Bash vulnerability CVE-2014-6271
-#@load securityonion/shellshock
-
-# JA3 - SSL Detection Goodness
-@load policy/ja3
-
-# HASSH
-@load policy/hassh
-
-# You can load your own intel into:
-# /opt/so/saltstack/bro/policy/intel/ on the manager
-@load intel
-
-# Load a custom Bro policy
-# /opt/so/saltstack/bro/policy/custom/ on the manager
-#@load custom/somebropolicy.bro
-
-# Write logs in JSON
-redef LogAscii::use_json = T;
-redef LogAscii::json_timestamps = JSON::TS_ISO8601;
diff --git a/salt/deprecated-bro/files/local.bro.community b/salt/deprecated-bro/files/local.bro.community
deleted file mode 100644
index 76b18587f..000000000
--- a/salt/deprecated-bro/files/local.bro.community
+++ /dev/null
@@ -1,133 +0,0 @@
-##! Local site policy. Customize as appropriate.
-##!
-##! This file will not be overwritten when upgrading or reinstalling!
-
-# This script logs which scripts were loaded during each run.
-@load misc/loaded-scripts
-
-# Apply the default tuning scripts for common tuning settings.
-@load tuning/defaults
-
-# Estimate and log capture loss.
-@load misc/capture-loss
-
-# Enable logging of memory, packet and lag statistics.
-@load misc/stats
-
-# Load the scan detection script.
-@load misc/scan
-
-# Detect traceroute being run on the network. This could possibly cause
-# performance trouble when there are a lot of traceroutes on your network.
-# Enable cautiously.
-#@load misc/detect-traceroute
-
-# Generate notices when vulnerable versions of software are discovered.
-# The default is to only monitor software found in the address space defined
-# as "local".  Refer to the software framework's documentation for more
-# information.
-@load frameworks/software/vulnerable
-
-# Detect software changing (e.g. attacker installing hacked SSHD).
-@load frameworks/software/version-changes
-
-# This adds signatures to detect cleartext forward and reverse windows shells.
-@load-sigs frameworks/signatures/detect-windows-shells
-
-# Load all of the scripts that detect software in various protocols.
-@load protocols/ftp/software
-@load protocols/smtp/software
-@load protocols/ssh/software
-@load protocols/http/software
-# The detect-webapps script could possibly cause performance trouble when
-# running on live traffic.  Enable it cautiously.
-#@load protocols/http/detect-webapps
-
-# This script detects DNS results pointing toward your Site::local_nets
-# where the name is not part of your local DNS zone and is being hosted
-# externally.  Requires that the Site::local_zones variable is defined.
-@load protocols/dns/detect-external-names
-
-# Script to detect various activity in FTP sessions.
-@load protocols/ftp/detect
-
-# Scripts that do asset tracking.
-@load protocols/conn/known-hosts
-@load protocols/conn/known-services
-@load protocols/ssl/known-certs
-
-# This script enables SSL/TLS certificate validation.
-@load protocols/ssl/validate-certs
-
-# This script prevents the logging of SSL CA certificates in x509.log
-@load protocols/ssl/log-hostcerts-only
-
-# Uncomment the following line to check each SSL certificate hash against the ICSI
-# certificate notary service; see http://notary.icsi.berkeley.edu .
-# @load protocols/ssl/notary
-
-# If you have libGeoIP support built in, do some geographic detections and
-# logging for SSH traffic.
-@load protocols/ssh/geo-data
-# Detect hosts doing SSH bruteforce attacks.
-@load protocols/ssh/detect-bruteforcing
-# Detect logins using "interesting" hostnames.
-@load protocols/ssh/interesting-hostnames
-
-# Detect SQL injection attacks.
-@load protocols/http/detect-sqli
-
-#### Network File Handling ####
-
-# Enable MD5 and SHA1 hashing for all files.
-@load frameworks/files/hash-all-files
-
-# Detect SHA1 sums in Team Cymru's Malware Hash Registry.
-@load frameworks/files/detect-MHR
-
-# Uncomment the following line to enable detection of the heartbleed attack. Enabling
-# this might impact performance a bit.
-# @load policy/protocols/ssl/heartbleed
-
-# Uncomment the following line to enable logging of connection VLANs. Enabling
-# this adds two VLAN fields to the conn.log file. This may not work properly
-# since we use AF_PACKET and it strips VLAN tags.
-# @load policy/protocols/conn/vlan-logging
-
-# Uncomment the following line to enable logging of link-layer addresses. Enabling
-# this adds the link-layer address for each connection endpoint to the conn.log file.
-# @load policy/protocols/conn/mac-logging
-
-# Uncomment the following line to enable the SMB analyzer.  The analyzer
-# is currently considered a preview and therefore not loaded by default.
-# @load policy/protocols/smb
-
-# Add the interface to the log event
-#@load securityonion/add-interface-to-logs.bro
-
-# Add Sensor Name to the conn.log
-#@load securityonion/conn-add-sensorname.bro
-
-# File Extraction
-#@load securityonion/file-extraction
-
-# Intel from Mandiant APT1 Report
-#@load securityonion/apt1
-
-# ShellShock - detects successful exploitation of Bash vulnerability CVE-2014-6271
-#@load securityonion/shellshock
-
-# JA3 - SSL Detection Goodness
-@load policy/ja3
-
-# You can load your own intel into:
-# /opt/so/saltstack/bro/policy/intel/ on the manager
-@load intel
-
-# Load a custom Bro policy
-# /opt/so/saltstack/bro/policy/custom/ on the manager
-#@load custom/somebropolicy.bro
-
-# Use JSON
-redef LogAscii::use_json = T;
-redef LogAscii::json_timestamps = JSON::TS_ISO8601;
diff --git a/salt/deprecated-bro/files/node.cfg b/salt/deprecated-bro/files/node.cfg
deleted file mode 100644
index 804771728..000000000
--- a/salt/deprecated-bro/files/node.cfg
+++ /dev/null
@@ -1,47 +0,0 @@
-{%- set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
-
-{%- if salt['pillar.get']('sensor:zeek_pins') or salt['pillar.get']('sensor:zeek_lbprocs') %}
-{%- if salt['pillar.get']('sensor:zeek_proxies') %}
-  {%- set proxies =  salt['pillar.get']('sensor:zeek_proxies', '1') %}
-{%- else %}
-  {%- if salt['pillar.get']('sensor:zeek_pins') %}
-    {%- set proxies = (salt['pillar.get']('sensor:zeek_pins')|length/10)|round(0, 'ceil')|int %}
-  {%- else %}
-    {%- set proxies = (salt['pillar.get']('sensor:zeek_lbprocs')/10)|round(0, 'ceil')|int %}
-  {%- endif %}
-{%- endif %}
-[manager]
-type=manager
-host=localhost
-
-[logger]
-type=logger
-host=localhost
-
-[proxy]
-type=proxy
-host=localhost
-
-[worker-1]
-type=worker
-host=localhost
-interface=af_packet::{{ interface }}
-lb_method=custom
-
-{%- if salt['pillar.get']('sensor:zeek_lbprocs') %}
-lb_procs={{ salt['pillar.get']('sensor:zeek_lbprocs', '1') }}
-{%- else %}
-lb_procs={{ salt['pillar.get']('sensor:zeek_pins')|length }}
-{%- endif %}
-{%- if salt['pillar.get']('sensor:zeek_pins') %}
-pin_cpus={{ salt['pillar.get']('sensor:zeek_pins')|join(", ") }}
-{%- endif %}
-af_packet_fanout_id=23
-af_packet_fanout_mode=AF_Packet::FANOUT_HASH
-af_packet_buffer_size=128*1024*1024
-{%- else %}
-[brosa]
-type=standalone
-host=localhost
-interface={{ interface }}
-{%- endif %}
diff --git a/salt/deprecated-bro/init.sls b/salt/deprecated-bro/init.sls
deleted file mode 100644
index 8f36be420..000000000
--- a/salt/deprecated-bro/init.sls
+++ /dev/null
@@ -1,206 +0,0 @@
-{% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
-{% set BPF_ZEEK = salt['pillar.get']('zeek:bpf') %}
-{% set BPF_STATUS = 0  %}
-
-# Bro Salt State
-# Add Bro group
-brogroup:
-  group.present:
-    - name: bro
-    - gid: 937
-
-# Add Bro User
-bro:
-  user.present:
-    - uid: 937
-    - gid: 937
-    - home: /home/bro
-
-# Create some directories
-bropolicydir:
-  file.directory:
-    - name: /opt/so/conf/bro/policy
-    - user: 937
-    - group: 939
-    - makedirs: True
-
-# Bro Log Directory
-brologdir:
-  file.directory:
-    - name: /nsm/bro/logs
-    - user: 937
-    - group: 939
-    - makedirs: True
-
-# Bro Spool Directory
-brospooldir:
-  file.directory:
-    - name: /nsm/bro/spool/manager
-    - user: 937
-    - makedirs: true
-
-# Bro extracted directory
-broextractdir:
-  file.directory:
-    - name: /nsm/bro/extracted
-    - user: 937
-    - group: 939
-    - makedirs: True
-
-brosfafincompletedir:
-  file.directory:
-    - name: /nsm/faf/files/incomplete
-    - user: 937
-    - makedirs: true
-
-brosfafcompletedir:
-  file.directory:
-    - name: /nsm/faf/files/complete
-    - user: 937
-    - makedirs: true
-
-# Sync the policies
-bropolicysync:
-  file.recurse:
-    - name: /opt/so/conf/bro/policy
-    - source: salt://bro/policy
-    - user: 937
-    - group: 939
-    - template: jinja
-
-# Sync node.cfg
-nodecfgsync:
-  file.managed:
-    - name: /opt/so/conf/bro/node.cfg
-    - source: salt://bro/files/node.cfg
-    - user: 937
-    - group: 939
-    - template: jinja
-
-plcronscript:
-  file.managed:
-    - name: /usr/local/bin/packetloss.sh
-    - source: salt://bro/cron/packetloss.sh
-    - mode: 755
-
-zeekcleanscript:
-  file.managed:
-    - name: /usr/local/bin/zeek_clean
-    - source: salt://bro/cron/zeek_clean
-    - mode: 755
-
-/usr/local/bin/zeek_clean:
-  cron.present:
-    - user: root
-    - minute: '*'
-    - hour: '*'
-    - daymonth: '*'
-    - month: '*'
-    - dayweek: '*'
-
-/usr/local/bin/packetloss.sh:
-  cron.present:
-    - user: root
-    - minute: '*/10'
-    - hour: '*'
-    - daymonth: '*'
-    - month: '*'
-    - dayweek: '*'
-
-# BPF compilation and configuration
-{% if BPF_ZEEK %}
-   {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', interface + ' ' + BPF_ZEEK|join(" ")  ) %}
-   {% if BPF_CALC['stderr'] == "" %}
-       {% set BPF_STATUS = 1  %}
-  {% else  %}
-zeekbpfcompilationfailure:
-  test.configurable_test_state:
-   - changes: False
-   - result: False
-   - comment: "BPF Syntax Error - Discarding Specified BPF"
-   {% endif %}
-{% endif %}
-
-zeekbpf:
-  file.managed:
-    - name: /opt/so/conf/bro/bpf
-    - user: 940
-    - group: 940
-   {% if BPF_STATUS %}
-    - contents_pillar: zeek:bpf
-   {% else %}
-    - contents:
-      - "ip or not ip"
-   {% endif %}
-
-# Sync local.bro
-{% if salt['pillar.get']('static:broversion', '') == 'COMMUNITY' %}
-localbrosync:
-  file.managed:
-    - name: /opt/so/conf/bro/local.bro
-    - source: salt://bro/files/local.bro.community
-    - user: 937
-    - group: 939
-    - template: jinja
-
-so-communitybroimage:
- cmd.run:
-   - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-communitybro:HH1.0.3
-
-so-bro:
-  docker_container.running:
-    - require:
-      - so-communitybroimage
-    - image: docker.io/soshybridhunter/so-communitybro:HH1.0.3
-    - privileged: True
-    - binds:
-      - /nsm/bro/logs:/nsm/bro/logs:rw
-      - /nsm/bro/spool:/nsm/bro/spool:rw
-      - /nsm/bro/extracted:/nsm/bro/extracted:rw
-      - /opt/so/conf/bro/local.bro:/opt/bro/share/bro/site/local.bro:ro
-      - /opt/so/conf/bro/node.cfg:/opt/bro/etc/node.cfg:ro
-      - /opt/so/conf/bro/policy/securityonion:/opt/bro/share/bro/policy/securityonion:ro
-      - /opt/so/conf/bro/policy/custom:/opt/bro/share/bro/policy/custom:ro
-      - /opt/so/conf/bro/policy/intel:/opt/bro/share/bro/policy/intel:rw
-    - network_mode: host
-    - watch:
-      - file: /opt/so/conf/bro/local.bro
-      - file: /opt/so/conf/bro/node.cfg
-      - file: /opt/so/conf/bro/policy
-
-{% else %}
-localbrosync:
-  file.managed:
-    - name: /opt/so/conf/bro/local.bro
-    - source: salt://bro/files/local.bro
-    - user: 937
-    - group: 939
-    - template: jinja
-
-so-broimage:
- cmd.run:
-   - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-bro:HH1.1.1
-
-so-bro:
-  docker_container.running:
-    - require:
-      - so-broimage
-    - image: docker.io/soshybridhunter/so-bro:HH1.1.1
-    - privileged: True
-    - binds:
-      - /nsm/bro/logs:/nsm/bro/logs:rw
-      - /nsm/bro/spool:/nsm/bro/spool:rw
-      - /nsm/bro/extracted:/nsm/bro/extracted:rw
-      - /opt/so/conf/bro/local.bro:/opt/bro/share/bro/site/local.bro:ro
-      - /opt/so/conf/bro/node.cfg:/opt/bro/etc/node.cfg:ro
-      - /opt/so/conf/bro/bpf:/opt/bro/share/bro/site/bpf:ro
-      - /opt/so/conf/bro/policy/securityonion:/opt/bro/share/bro/policy/securityonion:ro
-      - /opt/so/conf/bro/policy/custom:/opt/bro/share/bro/policy/custom:ro
-      - /opt/so/conf/bro/policy/intel:/opt/bro/share/bro/policy/intel:rw
-    - network_mode: host
-    - watch:
-      - file: /opt/so/conf/bro/local.bro
-      - file: /opt/so/conf/bro/node.cfg
-      - file: /opt/so/conf/bro/policy
-      - file: /opt/so/conf/bro/bpf
-{% endif %}
diff --git a/salt/deprecated-bro/policy/intel/__load__.bro b/salt/deprecated-bro/policy/intel/__load__.bro
deleted file mode 100644
index 4a4d603a7..000000000
--- a/salt/deprecated-bro/policy/intel/__load__.bro
+++ /dev/null
@@ -1 +0,0 @@
-#Intel
diff --git a/salt/deprecated-bro/policy/securityonion/add-interface-to-logs.bro b/salt/deprecated-bro/policy/securityonion/add-interface-to-logs.bro
deleted file mode 100644
index 674b9272a..000000000
--- a/salt/deprecated-bro/policy/securityonion/add-interface-to-logs.bro
+++ /dev/null
@@ -1,20 +0,0 @@
-{%- set interface = salt['pillar.get']('sensor:interface', '0') %}
-global interface = "{{ interface }}";
-
-event bro_init()
-	{
-	if ( ! reading_live_traffic() )
-		return;
-
-	Log::remove_default_filter(HTTP::LOG);
-	Log::add_filter(HTTP::LOG, [$name = "http-interfaces",
-	                            $path_func(id: Log::ID, path: string, rec: HTTP::Info) =
-	                            	{
-	                            	local peer = get_event_peer()$descr;
-	                            	if ( peer in Cluster::nodes && Cluster::nodes[peer]?$interface )
-	                            		return cat("http_", Cluster::nodes[peer]$interface);
-	                            	else
-	                            		return "http";
-	                            	}
-	                            ]);
-	}
diff --git a/salt/deprecated-bro/policy/securityonion/apt1/__load__.bro b/salt/deprecated-bro/policy/securityonion/apt1/__load__.bro
deleted file mode 100644
index de931eaac..000000000
--- a/salt/deprecated-bro/policy/securityonion/apt1/__load__.bro
+++ /dev/null
@@ -1,9 +0,0 @@
-@load frameworks/intel/seen
-@load frameworks/intel/do_notice
-@load frameworks/files/hash-all-files
-
-redef Intel::read_files += {
-  fmt("%s/apt1-fqdn.dat", @DIR),
-  fmt("%s/apt1-md5.dat", @DIR),
-  fmt("%s/apt1-certs.dat", @DIR)
-};
diff --git a/salt/deprecated-bro/policy/securityonion/apt1/apt1-certs.dat b/salt/deprecated-bro/policy/securityonion/apt1/apt1-certs.dat
deleted file mode 100644
index 3f5e643ac..000000000
--- a/salt/deprecated-bro/policy/securityonion/apt1/apt1-certs.dat
+++ /dev/null
@@ -1,26 +0,0 @@
-#fields	indicator	indicator_type	meta.source	meta.desc	meta.do_notice
-b054e26ef827fbbf5829f84a9bdbb697a5b042fc	Intel::CERT_HASH	Mandiant APT1 Report	ALPHA	T
-7bc0cc2cf7c3a996c32dbe7e938993f7087105b4	Intel::CERT_HASH	Mandiant APT1 Report	AOL	T
-7855c132af1390413d4e4ff4ead321f8802d8243	Intel::CERT_HASH	Mandiant APT1 Report	AOL	T
-f3e3c590d7126bd227733e9d8313d2575c421243	Intel::CERT_HASH	Mandiant APT1 Report	AOL	T
-d4d4e896ce7d73b573f0a0006080a246aec61fe7	Intel::CERT_HASH	Mandiant APT1 Report	AOL	T
-bcdf4809c1886ac95478bbafde246d0603934298	Intel::CERT_HASH	Mandiant APT1 Report	AOL	T
-6b4855df8afc8d57a671fe5ed628f6d88852a922	Intel::CERT_HASH	Mandiant APT1 Report	AOL	T
-d50fdc82c328319ac60f256d3119b8708cd5717b	Intel::CERT_HASH	Mandiant APT1 Report	AOL	T
-70b48d5177eebe9c762e9a37ecabebfd10e1b7e9	Intel::CERT_HASH	Mandiant APT1 Report	AOL	T
-3a6a299b764500ce1b6e58a32a257139d61a3543	Intel::CERT_HASH	Mandiant APT1 Report	AOL	T
-bf4f90e0029b2263af1141963ddf2a0c71a6b5fb	Intel::CERT_HASH	Mandiant APT1 Report	AOL	T
-b21139583dec0dae344cca530690ec1f344acc79	Intel::CERT_HASH	Mandiant APT1 Report	AOL	T
-21971ffef58baf6f638df2f7e2cceb4c58b173c8	Intel::CERT_HASH	Mandiant APT1 Report	EMAIL	T
-04ecff66973c92a1c348666d5a4738557cce0cfc	Intel::CERT_HASH	Mandiant APT1 Report	IBM	T
-f97d1a703aec44d0f53a3a294e33acda43a49de1	Intel::CERT_HASH	Mandiant APT1 Report	IBM	T
-c0d32301a7c96ecb0bc8e381ec19e6b4eaf5d2fe	Intel::CERT_HASH	Mandiant APT1 Report	IBM	T
-1b27a897cda019da2c3a6dc838761871e8bf5b5d	Intel::CERT_HASH	Mandiant APT1 Report	LAME	T
-d515996e8696612dc78fc6db39006466fc6550df	Intel::CERT_HASH	Mandiant APT1 Report	MOON-NIGHT	T
-8f79315659e59c79f1301ef4aee67b18ae2d9f1c	Intel::CERT_HASH	Mandiant APT1 Report	NONAME	T
-a57a84975e31e376e3512da7b05ad06ef6441f53	Intel::CERT_HASH	Mandiant APT1 Report	NS	T
-b3db37a0edde97b3c3c15da5f2d81d27af82f583	Intel::CERT_HASH	Mandiant APT1 Report	SERVER (PEM)	T
-6d8f1454f6392361fb2464b744d4fc09eee5fcfd	Intel::CERT_HASH	Mandiant APT1 Report	SUR	T
-b66e230f404b2cc1c033ccacda5d0a14b74a2752	Intel::CERT_HASH	Mandiant APT1 Report	VIRTUALLYTHERE	T
-4acbadb86a91834493dde276736cdf8f7ef5d497	Intel::CERT_HASH	Mandiant APT1 Report	WEBMAIL	T
-86a48093d9b577955c4c9bd19e30536aae5543d4	Intel::CERT_HASH	Mandiant APT1 Report	YAHOO	T
\ No newline at end of file
diff --git a/salt/deprecated-bro/policy/securityonion/apt1/apt1-fqdn.dat b/salt/deprecated-bro/policy/securityonion/apt1/apt1-fqdn.dat
deleted file mode 100644
index f0a57f8c3..000000000
--- a/salt/deprecated-bro/policy/securityonion/apt1/apt1-fqdn.dat
+++ /dev/null
@@ -1,2049 +0,0 @@
-#fields	indicator	indicator_type	meta.source	meta.do_notice
-# The following line is for testing only.  Please keep it commented out when running in production.
-#time.windows.com	Intel::DOMAIN	Test FQDN	T
-advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-aolon1ine.com	Intel::DOMAIN	Mandiant APT1 Report	T
-applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-attnpower.com	Intel::DOMAIN	Mandiant APT1 Report	T
-aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-avvmail.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-blackberrycluter.com	Intel::DOMAIN	Mandiant APT1 Report	T
-blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-bluecoate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bpyoyo.com	Intel::DOMAIN	Mandiant APT1 Report	T
-businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-businessformars.com	Intel::DOMAIN	Mandiant APT1 Report	T
-busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-chileexe77.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cnndaily.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cnnnewsdaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cometoway.org	Intel::DOMAIN	Mandiant APT1 Report	T
-companyinfosite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-competrip.com	Intel::DOMAIN	Mandiant APT1 Report	T
-comrepair.net	Intel::DOMAIN	Mandiant APT1 Report	T
-conferencesinfo.com	Intel::DOMAIN	Mandiant APT1 Report	T
-copporationnews.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cslisten.com	Intel::DOMAIN	Mandiant APT1 Report	T
-defenceonline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-dnsweb.org	Intel::DOMAIN	Mandiant APT1 Report	T
-downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-freshreaders.net	Intel::DOMAIN	Mandiant APT1 Report	T
-giftnews.org	Intel::DOMAIN	Mandiant APT1 Report	T
-globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-hkcastte.com	Intel::DOMAIN	Mandiant APT1 Report	T
-hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-hvmetal.com	Intel::DOMAIN	Mandiant APT1 Report	T
-idirectech.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ifexcel.com	Intel::DOMAIN	Mandiant APT1 Report	T
-infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-issnbgkit.net	Intel::DOMAIN	Mandiant APT1 Report	T
-jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-livemymsn.com	Intel::DOMAIN	Mandiant APT1 Report	T
-lksoftvc.net	Intel::DOMAIN	Mandiant APT1 Report	T
-maltempata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-marsbrother.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mediaxsds.net	Intel::DOMAIN	Mandiant APT1 Report	T
-microsoft-update-info.com	Intel::DOMAIN	Mandiant APT1 Report	T
-micyuisyahooapis.com	Intel::DOMAIN	Mandiant APT1 Report	T
-msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-myyahoonews.com	Intel::DOMAIN	Mandiant APT1 Report	T
-nationtour.net	Intel::DOMAIN	Mandiant APT1 Report	T
-newsesport.com	Intel::DOMAIN	Mandiant APT1 Report	T
-newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-newspappers.org	Intel::DOMAIN	Mandiant APT1 Report	T
-nirvanaol.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ns06.net	Intel::DOMAIN	Mandiant APT1 Report	T
-nytimesnews.net	Intel::DOMAIN	Mandiant APT1 Report	T
-olmusic100.com	Intel::DOMAIN	Mandiant APT1 Report	T
-onefastgame.net	Intel::DOMAIN	Mandiant APT1 Report	T
-oplaymagzine.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pcclubddk.net	Intel::DOMAIN	Mandiant APT1 Report	T
-phoenixtvus.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-progammerli.com	Intel::DOMAIN	Mandiant APT1 Report	T
-purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-regicsgf.net	Intel::DOMAIN	Mandiant APT1 Report	T
-reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-rssadvanced.org	Intel::DOMAIN	Mandiant APT1 Report	T
-safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-saltlakenews.org	Intel::DOMAIN	Mandiant APT1 Report	T
-satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-searchforca.com	Intel::DOMAIN	Mandiant APT1 Report	T
-shepmas.com	Intel::DOMAIN	Mandiant APT1 Report	T
-skyswim.net	Intel::DOMAIN	Mandiant APT1 Report	T
-softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sportreadok.net	Intel::DOMAIN	Mandiant APT1 Report	T
-staycools.net	Intel::DOMAIN	Mandiant APT1 Report	T
-symanteconline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-syscation.com	Intel::DOMAIN	Mandiant APT1 Report	T
-syscation.net	Intel::DOMAIN	Mandiant APT1 Report	T
-tfxdccssl.net	Intel::DOMAIN	Mandiant APT1 Report	T
-thehealthmood.net	Intel::DOMAIN	Mandiant APT1 Report	T
-tibethome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ushongkong.org	Intel::DOMAIN	Mandiant APT1 Report	T
-usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-usnftc.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ustvb.com	Intel::DOMAIN	Mandiant APT1 Report	T
-uszzcs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-voiceofman.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webservicesupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-youipcam.com	Intel::DOMAIN	Mandiant APT1 Report	T
-08elec.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-09back.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-3ml.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-3pma.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-4cback.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-7cback.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-911.cnnnewsdaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-a-ad.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-a-af.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-aam.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-aar.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-aarco.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-a-bne.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-abs.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-acer.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-acli-mail.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-a-co.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-acu.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-adb.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-add.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-addr.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-adi002.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-a-dl.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-admin.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-admin.datastorage01.org	Intel::DOMAIN	Mandiant APT1 Report	T
-admin.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-admin.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-adobe.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ads.bpyoyo.com	Intel::DOMAIN	Mandiant APT1 Report	T
-adt.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-adt001.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-adt002.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-adtk.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-adtkl.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-adtkl.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-adtlk.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ae.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-a-ec.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-a-ep.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-aero.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-aes.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-a-ex.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-af.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-afda.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-a-fj.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-africa.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-africa.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-africa.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-africadb.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-afw.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-a-ga.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-agl.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ago.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-a-gon.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-a-he.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-a-he.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-a-if.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-a-iho.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-aiic.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-aip.comrepair.net	Intel::DOMAIN	Mandiant APT1 Report	T
-airline.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-airplane.defenceonline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ait.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-a-ja.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-a-jsm.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-a-jsm.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ak47.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ak47.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-alarm.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-alarm.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-alcan.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-alion.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-alone.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-amanda.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-amne.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ams.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-amusement.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-analysis.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-anglo.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-anti.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-aol.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-a-ol.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-aol.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-aol.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-aon.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-a-ov.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-apa.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-apa.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-apa.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-apejack.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-apekl.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-a-pep.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-app.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-app.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-apple.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-apple.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-apple.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-apple.rssadvanced.org	Intel::DOMAIN	Mandiant APT1 Report	T
-aps.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-apss.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-apss.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ara.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ara.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ara2.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ara2.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-arainfo.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-arainfo.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-a-rdr.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ares.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-argsafhq.blackberrycluter.com	Intel::DOMAIN	Mandiant APT1 Report	T
-a-ri.comrepair.net	Intel::DOMAIN	Mandiant APT1 Report	T
-armi.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-army.newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-army.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ascn.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-asiv.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-asp.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-asp.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-asp.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-asp.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ass.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-astone.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-atm.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-atom.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-a-uac.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-a-un.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ausi.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-auto.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-auto.companyinfosite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-auto.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-auto.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-auto.livemymsn.com	Intel::DOMAIN	Mandiant APT1 Report	T
-auto.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-auto.myyahoonews.com	Intel::DOMAIN	Mandiant APT1 Report	T
-avast.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-avph.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-a-za.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-a-za.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-a-zx.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-b.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bab.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-back.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-back.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-back.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-back.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-backsun.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-backup.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-backup.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-backup.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-backupsw.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-banner.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-barity.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-basketball.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-bass.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bat.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-bat.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-bat.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bat.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bbb.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-bbh.dnsweb.org	Intel::DOMAIN	Mandiant APT1 Report	T
-bbs.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bbs.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bbsfu.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bcc.blackberrycluter.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bcc.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bcc.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-bee.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-bee.newspappers.org	Intel::DOMAIN	Mandiant APT1 Report	T
-bee.usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bg-g.comrepair.net	Intel::DOMAIN	Mandiant APT1 Report	T
-bhbt.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-bhbt.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-bing.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bitdefender.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bkav.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bkav2007.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bksy.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-black.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-black.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-blackfish.defenceonline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-bll.dnsweb.org	Intel::DOMAIN	Mandiant APT1 Report	T
-blog.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-blog.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-blog.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-blog.regicsgf.net	Intel::DOMAIN	Mandiant APT1 Report	T
-blow.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-blue.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bluefin.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bmi.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-bob.dnsweb.org	Intel::DOMAIN	Mandiant APT1 Report	T
-bobo.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-bobo.oplaymagzine.com	Intel::DOMAIN	Mandiant APT1 Report	T
-book.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-book.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-book.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bot.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-bourne.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-bphb.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-bring.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-brog.regicsgf.net	Intel::DOMAIN	Mandiant APT1 Report	T
-bswt.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-built.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-business.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-business.chileexe77.com	Intel::DOMAIN	Mandiant APT1 Report	T
-business.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-business.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-business.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-business.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-buy.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-buy.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-buycow.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-buyer.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-buz.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-c.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-caaid.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cac.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cac.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cache.aolon1ine.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cacq.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cadfait.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cais.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cais.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-can.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-canada.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-canary.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cappuccino.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-car1.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-care.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-care.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cars.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-carvin.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-catalog.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ccsukl.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cdc01.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-cdcd.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cdd.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cdrnkl.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cecilia.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ce-ip.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-center.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-center.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-center.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ceros.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cetv.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-chat.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-chat.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-check.staycools.net	Intel::DOMAIN	Mandiant APT1 Report	T
-check.thehealthmood.net	Intel::DOMAIN	Mandiant APT1 Report	T
-chicken.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-chicken.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-chivas.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-chq.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-christitannahill.appspot.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cib.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cibuc.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-citrix.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-citt.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-city.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-class.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-client.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-climate.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-climate.oplaymagzine.com	Intel::DOMAIN	Mandiant APT1 Report	T
-clin.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-cman.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cmp.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cobh.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-coco.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-code.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-code.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-coe.nationtour.net	Intel::DOMAIN	Mandiant APT1 Report	T
-coe.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-coer.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cok.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-com.conferencesinfo.com	Intel::DOMAIN	Mandiant APT1 Report	T
-comfile.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-commpany.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-company.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-compfile.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-compu.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-compute.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-conn.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-contact.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-contact.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-contact.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-contact.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-contact.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-contact.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-content.cnnnewsdaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-control.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-control.blackberrycluter.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cook.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cool.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-cool.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-corn.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-corp.booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-corp.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cost.cnnnewsdaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-count.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-country.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cow.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cowboy.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cowboy.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-crab.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-crab.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-crab.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-crackling123.appspot.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cross.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-crz.dnsweb.org	Intel::DOMAIN	Mandiant APT1 Report	T
-cs.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-csch.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-csupp.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ctcn.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ctcs.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ctcs.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ctimoon.marsbrother.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ctisk.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cubbh.newspappers.org	Intel::DOMAIN	Mandiant APT1 Report	T
-cubh.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-culture.chileexe77.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cure.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-current.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cw.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cw.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cw.nationtour.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cw.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cw.searchforca.com	Intel::DOMAIN	Mandiant APT1 Report	T
-cwe.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cwe80.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cwel.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-cws.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-d.bpyoyo.com	Intel::DOMAIN	Mandiant APT1 Report	T
-da.comrepair.net	Intel::DOMAIN	Mandiant APT1 Report	T
-daa.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-daily.newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-data.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-date.freshreaders.net	Intel::DOMAIN	Mandiant APT1 Report	T
-date.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-date.rssadvanced.org	Intel::DOMAIN	Mandiant APT1 Report	T
-date.voiceofman.com	Intel::DOMAIN	Mandiant APT1 Report	T
-datehelp.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-dating.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-db.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-default.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-defense.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-del.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-demo.myyahoonews.com	Intel::DOMAIN	Mandiant APT1 Report	T
-den.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-denel.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-densun.comrepair.net	Intel::DOMAIN	Mandiant APT1 Report	T
-des.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-des.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-develop.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-dhfx.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-dias.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-digi.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-dith.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-dl.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-dlkl.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-dnn.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-dns.chileexe77.com	Intel::DOMAIN	Mandiant APT1 Report	T
-dns.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-dns.issnbgkit.net	Intel::DOMAIN	Mandiant APT1 Report	T
-dns.progammerli.com	Intel::DOMAIN	Mandiant APT1 Report	T
-dns.webservicesupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-dns1.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-dnsg.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-do.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-doa.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-docu.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-documents.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-documents.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-documents.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-documents.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-documents.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-documents.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-documents.nationtour.net	Intel::DOMAIN	Mandiant APT1 Report	T
-documents.voiceofman.com	Intel::DOMAIN	Mandiant APT1 Report	T
-dod.dnsweb.org	Intel::DOMAIN	Mandiant APT1 Report	T
-doekl.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-domain.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-domain.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-domain.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-dorkia.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-dot.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-dotnet.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-dove.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-down.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-down.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-down.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-download.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-download.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-download.freshreaders.net	Intel::DOMAIN	Mandiant APT1 Report	T
-download.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-download.idirectech.com	Intel::DOMAIN	Mandiant APT1 Report	T
-download.symanteconline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-download.voiceofman.com	Intel::DOMAIN	Mandiant APT1 Report	T
-downloads.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-downupdate.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-dp.booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-dq.booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-drb.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-drinkwater.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-drop.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-dsh.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-dsw.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-dvid.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-dvid.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-dvn.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-dyn.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-dyn.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-dyns.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-e.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-e.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-e.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-e.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-e.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-e.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-e.ifexcel.com	Intel::DOMAIN	Mandiant APT1 Report	T
-e.microsoft-update-info.com	Intel::DOMAIN	Mandiant APT1 Report	T
-e.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-e.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-e.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-e.staycools.net	Intel::DOMAIN	Mandiant APT1 Report	T
-e.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-e.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-e.usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-e.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-e.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-eaof.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-east.freshreaders.net	Intel::DOMAIN	Mandiant APT1 Report	T
-eatbeef.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ecli-cow.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-edit.aolon1ine.com	Intel::DOMAIN	Mandiant APT1 Report	T
-edu.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-education.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-education.rssadvanced.org	Intel::DOMAIN	Mandiant APT1 Report	T
-eeaa.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-eee.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-egcc.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-email.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.cnndaily.net	Intel::DOMAIN	Mandiant APT1 Report	T
-email.companyinfosite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.defenceonline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-email.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-email.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-email.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.micyuisyahooapis.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.symanteconline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-email.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-email.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-email.usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.voiceofman.com	Intel::DOMAIN	Mandiant APT1 Report	T
-email.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-emam.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-en.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-energy.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-energy.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-energy.nationtour.net	Intel::DOMAIN	Mandiant APT1 Report	T
-energy.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-energy.searchforca.com	Intel::DOMAIN	Mandiant APT1 Report	T
-energy.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-engine.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-engineering.newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-environment.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-eoaf.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-epod.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-eu.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-eum.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-europa.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-europe.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ever.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-everest.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-eye.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-f3tel.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-face.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-facebook.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-faq.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fashion.cnnnewsdaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fax.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fax.cnndaily.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fax.companyinfosite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fax.defenceonline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fax.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-fax.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fax.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fax.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fax.micyuisyahooapis.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fax.newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fax.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fax.symanteconline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fax.voiceofman.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fcn.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-fed.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ffej.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ffej.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fher.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fher.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fhh.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-file.cnnnewsdaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-file.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-files.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-files.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-fileshare.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-fileyp.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-film.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-fim.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-fim.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-finance.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-finance.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-finance.chileexe77.com	Intel::DOMAIN	Mandiant APT1 Report	T
-finance.cnnnewsdaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-finance.newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-finance.staycools.net	Intel::DOMAIN	Mandiant APT1 Report	T
-finance.thehealthmood.net	Intel::DOMAIN	Mandiant APT1 Report	T
-finance.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-finance.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-finance.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-finance.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-financial.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fine.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fineca.blackberrycluter.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fineca.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-finekl.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-finekl.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-finekl.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fiona.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fire.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fire1.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-first.voiceofman.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fjod.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fkfc.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-flash.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-flash.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-flash.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-flash.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-flash.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-flash.livemymsn.com	Intel::DOMAIN	Mandiant APT1 Report	T
-flash.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-flash.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-flash.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-flash.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-flucare.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fly.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fme.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-f-mi.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fmp.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fmp.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fnem.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fni.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fni.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fni.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fnpc.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fnrn.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fntel.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fok.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-follow.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-food.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-food.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-football.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-forum.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-free.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-friends.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-froum.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-fs.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fs.searchforca.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fstl.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fstl.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fstl.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.bpyoyo.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.cnndaily.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.companyinfosite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.defenceonline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.micyuisyahooapis.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.staycools.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.symanteconline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.ustvb.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftp.voiceofman.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftph.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ftrj.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fuck.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fun.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-function.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-function.symanteconline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-funny.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-funny.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fwb.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fwb.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fwmo.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fwmo.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-fy.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-fza.marsbrother.com	Intel::DOMAIN	Mandiant APT1 Report	T
-gaca.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-gaca.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-game.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-game.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-games.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-gannett.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-gatu.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-gayi.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-gee.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-gege.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-gege.oplaymagzine.com	Intel::DOMAIN	Mandiant APT1 Report	T
-geneticmedicine.conferencesinfo.com	Intel::DOMAIN	Mandiant APT1 Report	T
-geo.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-geology.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-geology.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-gg.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-gg.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ghma.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-gjjr.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-gjmy.comrepair.net	Intel::DOMAIN	Mandiant APT1 Report	T
-gl.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-glj.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-global.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-global.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-globalization.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-glx.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-gmail.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-gmail.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-gmail.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-google.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-goverment.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-green.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ground.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ground.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ground.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-gsti.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-gsup.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-half.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-half.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-happy.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-happy.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-happy.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-happy.nationtour.net	Intel::DOMAIN	Mandiant APT1 Report	T
-happyfish.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-hav.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-health.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-hello.mediaxsds.net	Intel::DOMAIN	Mandiant APT1 Report	T
-help.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-help.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-help.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-help.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-help.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-help.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-help.thehealthmood.net	Intel::DOMAIN	Mandiant APT1 Report	T
-hi.bpyoyo.com	Intel::DOMAIN	Mandiant APT1 Report	T
-hill.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-hill.booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-hill.businessformars.com	Intel::DOMAIN	Mandiant APT1 Report	T
-hill.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-hm.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-home.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-home.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-home.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-home.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-home.staycools.net	Intel::DOMAIN	Mandiant APT1 Report	T
-hon.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-host.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-host.issnbgkit.net	Intel::DOMAIN	Mandiant APT1 Report	T
-host.regicsgf.net	Intel::DOMAIN	Mandiant APT1 Report	T
-hostname.regicsgf.net	Intel::DOMAIN	Mandiant APT1 Report	T
-hot.thehealthmood.net	Intel::DOMAIN	Mandiant APT1 Report	T
-hotel.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-house.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-house.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-house.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-housew.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-hpd.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-hq.lksoftvc.net	Intel::DOMAIN	Mandiant APT1 Report	T
-hrsy.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-https.lksoftvc.net	Intel::DOMAIN	Mandiant APT1 Report	T
-https.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-https.progammerli.com	Intel::DOMAIN	Mandiant APT1 Report	T
-hu.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-hun.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-hy.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-hy.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-iabk.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-iabk.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-iai.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-iamge.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-idtheft.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-iea.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-iexchangefxn.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ifc.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-image.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-image.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-image.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-image.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-image.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-images.spmiller.org	Intel::DOMAIN	Mandiant APT1 Report	T
-important.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-index.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-india.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-indian.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-indian.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-indonesia.newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-info.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-info.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-info.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-info.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-info.companyinfosite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-info.defenceonline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-info.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-info.freshreaders.net	Intel::DOMAIN	Mandiant APT1 Report	T
-info.idirectech.com	Intel::DOMAIN	Mandiant APT1 Report	T
-info.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-info.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-info.newspappers.org	Intel::DOMAIN	Mandiant APT1 Report	T
-info.rssadvanced.org	Intel::DOMAIN	Mandiant APT1 Report	T
-info.saltlakenews.org	Intel::DOMAIN	Mandiant APT1 Report	T
-info.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-info.symanteconline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-info.theagenews.com	Intel::DOMAIN	Mandiant APT1 Report	T
-info.thehealthmood.net	Intel::DOMAIN	Mandiant APT1 Report	T
-info.usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-info.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-information.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-information.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-information.defenceonline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-information.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-information.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ins.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-insat.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-int.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-int.freshreaders.net	Intel::DOMAIN	Mandiant APT1 Report	T
-intel.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-intel.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-intel.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-inter.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-international.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-invest.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ips.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-iri.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-iri.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-irl.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-irs.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-irs.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-irsauctions.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-irssales.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-iscu.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-iswb.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-it.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-it.newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-itau.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-itinfo.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-japan.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-java.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-jbei.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-jeff.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-jeph.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-jf.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-jfn.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-jfs.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-jhd.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-jhd.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-jhsfkjlhjsf.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-job.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-job.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-job.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-jobs.mediaxsds.net	Intel::DOMAIN	Mandiant APT1 Report	T
-johnford985.appspot.com	Intel::DOMAIN	Mandiant APT1 Report	T
-jr.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-juda.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-jwss.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-kf.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-khoda.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-king-kl.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-kit.dnsweb.org	Intel::DOMAIN	Mandiant APT1 Report	T
-kit.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-klape.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-klati.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-klbakerm.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-klbar.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-klbis.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-klbis.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-klbis.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-kl-care.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-klcirf.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-klcocon.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-klecca.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-klecca.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-klenvi.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-kl-hqun.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-kl-hqun.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-kliee.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-kl-knab.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-kllhd.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-kllhd.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-kl-mfa.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-klmfat.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-klnrdc.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-klnrdc.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-klotp.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-klpiec.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-kl-rfc.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-kl-rio.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-kluscc.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-kl-vfw.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-klwest.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-knab.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-knews.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-koa.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ks.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ks.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ks.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ks.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ks.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ks.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ks.petrotdl.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ks.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ks.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ksaa.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ksap.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-kshan.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-kusw.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-lab.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-lan.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-launch.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-law.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-law.myyahoonews.com	Intel::DOMAIN	Mandiant APT1 Report	T
-lawste.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-lawste2.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-lcan.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-leets.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-leon.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-lhd.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-lib.freshreaders.net	Intel::DOMAIN	Mandiant APT1 Report	T
-life.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-link.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-linkup.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-linux.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-lion.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-listen.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-live.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-living.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ln.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-lnz.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-loading.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-local.dnsweb.org	Intel::DOMAIN	Mandiant APT1 Report	T
-log.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-log.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-log.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-log.issnbgkit.net	Intel::DOMAIN	Mandiant APT1 Report	T
-log.sportreadok.net	Intel::DOMAIN	Mandiant APT1 Report	T
-login.aolon1ine.com	Intel::DOMAIN	Mandiant APT1 Report	T
-login.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-login.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-login.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-login.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-login.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-logo.freshreaders.net	Intel::DOMAIN	Mandiant APT1 Report	T
-logo.staycools.net	Intel::DOMAIN	Mandiant APT1 Report	T
-logo.thehealthmood.net	Intel::DOMAIN	Mandiant APT1 Report	T
-logon.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-logs.chileexe77.com	Intel::DOMAIN	Mandiant APT1 Report	T
-logs.issnbgkit.net	Intel::DOMAIN	Mandiant APT1 Report	T
-logs.pcclubddk.net	Intel::DOMAIN	Mandiant APT1 Report	T
-logs.sportreadok.net	Intel::DOMAIN	Mandiant APT1 Report	T
-lone.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-loper.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-lost.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-lost.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-love.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-love.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-love.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-lovecocon.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-loveit.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-lrl.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-lucie.dnsweb.org	Intel::DOMAIN	Mandiant APT1 Report	T
-lucy.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-lucy.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-lucy.booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-lucy.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-lucy2.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-lucy2.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-lw.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-lw.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-lw.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-lw.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-lwave.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-m.cslisten.com	Intel::DOMAIN	Mandiant APT1 Report	T
-m.ifexcel.com	Intel::DOMAIN	Mandiant APT1 Report	T
-macfee.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-magazine.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-magazine.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-magic.tfxdccssl.net	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.chileexe77.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.cnndaily.net	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.companyinfosite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.defenceonline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.lksoftvc.net	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.micyuisyahooapis.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.oplaymagzine.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.symanteconline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.ustvb.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.voiceofman.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mail2.syscation.net	Intel::DOMAIN	Mandiant APT1 Report	T
-mailbbs.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mails.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mailsrv.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-main.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-man001.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-man001.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-map.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-maria.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-marines.defenceonline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-max.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-mc.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-mcsc.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-me.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-media.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-media.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-media.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-media.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-media.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-media.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-media.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-media.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-medicine.chileexe77.com	Intel::DOMAIN	Mandiant APT1 Report	T
-medicine.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-meg.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-meily.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-memberd.booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-message.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-messenger.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-method.ns06.net	Intel::DOMAIN	Mandiant APT1 Report	T
-mfa.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mfc.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-micro.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-microsoft.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-milk.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-mini.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-mint.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-mko.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mlls.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mobile.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-money.sportreadok.net	Intel::DOMAIN	Mandiant APT1 Report	T
-moon.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-moon.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mor.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-more.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-mos.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-moto.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-moto.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-moto.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-moto1.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-moto2.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-motoa.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-motor.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-movie.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-movies.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-mpe.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-msn.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-music.bpyoyo.com	Intel::DOMAIN	Mandiant APT1 Report	T
-music.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-music.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-music.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-mx.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-my.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-my550.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-myfamily.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mynet.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-myoil.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-mysql.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-na.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-na.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-nat.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-nature.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-nav.booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-navi.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-navi.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-nci.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-nci.dnsweb.org	Intel::DOMAIN	Mandiant APT1 Report	T
-nci.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ncih.dnsweb.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ncsc.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ne.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-nes.nationtour.net	Intel::DOMAIN	Mandiant APT1 Report	T
-net.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-net.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-new.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-new.booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-new.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-new.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-newport.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-newport.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-newport.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.aolon1ine.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-news.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-news.booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.bpyoyo.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-news.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.chileexe77.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.cnnnewsdaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.defenceonline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-news.dnsweb.org	Intel::DOMAIN	Mandiant APT1 Report	T
-news.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-news.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.freshreaders.net	Intel::DOMAIN	Mandiant APT1 Report	T
-news.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-news.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.issnbgkit.net	Intel::DOMAIN	Mandiant APT1 Report	T
-news.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.lksoftvc.net	Intel::DOMAIN	Mandiant APT1 Report	T
-news.marsbrother.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.mediaxsds.net	Intel::DOMAIN	Mandiant APT1 Report	T
-news.micyuisyahooapis.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-news.myyahoonews.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.nationtour.net	Intel::DOMAIN	Mandiant APT1 Report	T
-news.newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.newspappers.org	Intel::DOMAIN	Mandiant APT1 Report	T
-news.nytimesnews.net	Intel::DOMAIN	Mandiant APT1 Report	T
-news.pcclubddk.net	Intel::DOMAIN	Mandiant APT1 Report	T
-news.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.rssadvanced.org	Intel::DOMAIN	Mandiant APT1 Report	T
-news.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.saltlakenews.org	Intel::DOMAIN	Mandiant APT1 Report	T
-news.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-news.sportreadok.net	Intel::DOMAIN	Mandiant APT1 Report	T
-news.staycools.net	Intel::DOMAIN	Mandiant APT1 Report	T
-news.symanteconline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-news.thehealthmood.net	Intel::DOMAIN	Mandiant APT1 Report	T
-news.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-news.usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.voiceofman.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.yahoo.com.conferencesinfo.com	Intel::DOMAIN	Mandiant APT1 Report	T
-news.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-newstar.nytimesnews.net	Intel::DOMAIN	Mandiant APT1 Report	T
-newstar.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-newstime.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-newyork.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ngc.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ngng.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-nh.microsoft-update-info.com	Intel::DOMAIN	Mandiant APT1 Report	T
-nhc.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-nhs.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-nhs1.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-nhs1.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-nhsl.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-nic.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-nicenews.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-night.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-nis.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-nl.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-nod.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-nol.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-norin.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-notebook.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-nousage.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-nrfn.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ns.issnbgkit.net	Intel::DOMAIN	Mandiant APT1 Report	T
-nt.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-nucor001.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-nukor001.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-nullmx.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-num.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-o.ifexcel.com	Intel::DOMAIN	Mandiant APT1 Report	T
-object.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-office.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-okie.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-old.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-oliver.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-once.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-onk.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-online.livemymsn.com	Intel::DOMAIN	Mandiant APT1 Report	T
-online.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-online.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-online.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-online.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ope.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-opp.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-oppa.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-opts.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-orca.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ord.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-orient.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-otp.blackberrycluter.com	Intel::DOMAIN	Mandiant APT1 Report	T
-otps.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ou.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ou1.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ou1.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ou2.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ou2.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ou3.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ou4.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ou5.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ou6.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ou7.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-outlook.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-outlooks.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-owa.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-owa.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-owa.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-owa.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-pacific.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-pacific.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-pack.cnnnewsdaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pact.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-paekl.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-papper.booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-papper.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pars.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-part.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-part.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-parth.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-pay.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pay.freshreaders.net	Intel::DOMAIN	Mandiant APT1 Report	T
-payse.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pcie.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-pda.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pda.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-pda.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pda.staycools.net	Intel::DOMAIN	Mandiant APT1 Report	T
-pda.usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pdoc.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-pear.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-pear.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pear.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-people.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-phb.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-phe.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-philippines.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pic.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-picture.chileexe77.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pink.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-plane.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-planning.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-play.conferencesinfo.com	Intel::DOMAIN	Mandiant APT1 Report	T
-play.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pme.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-png.sportreadok.net	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.cnndaily.net	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.companyinfosite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.defenceonline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.dnsweb.org	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.micyuisyahooapis.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.staycools.net	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.symanteconline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.voiceofman.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop2.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-pop2.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop3.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-pop3.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop4.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-pop5.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-pop6.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pop9.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-popw.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-popwk.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-portbab.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-portpop.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ppt.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-prc.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-prefix.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-prefix.usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pro.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-proc.blackberrycluter.com	Intel::DOMAIN	Mandiant APT1 Report	T
-proc.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-product.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-program.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-progress.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-protoc.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-psp.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-psp.staycools.net	Intel::DOMAIN	Mandiant APT1 Report	T
-psu.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-psu.nytimesnews.net	Intel::DOMAIN	Mandiant APT1 Report	T
-psu.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ptp.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-pz.booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-qedh.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-qhun-mons.businessformars.com	Intel::DOMAIN	Mandiant APT1 Report	T
-qiao1.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-qiao1.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-qiao2.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-qiao3.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-qiao4.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-qiao5.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-qiao6.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-qiao7.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-qiao8.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-qua.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-qual.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-quick.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-quiet.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-qusc12.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-rank.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-rcs.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-reas.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-record.companyinfosite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-records.marsbrother.com	Intel::DOMAIN	Mandiant APT1 Report	T
-red.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-red.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-reg.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-release.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-release.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-release.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-report.cnnnewsdaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-report.regicsgf.net	Intel::DOMAIN	Mandiant APT1 Report	T
-reports.saltlakenews.org	Intel::DOMAIN	Mandiant APT1 Report	T
-research.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-research.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-rice.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-rj.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-rj.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-rnew.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-roger.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-root.newspappers.org	Intel::DOMAIN	Mandiant APT1 Report	T
-root.saltlakenews.org	Intel::DOMAIN	Mandiant APT1 Report	T
-rou.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-rsut.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-s.ifexcel.com	Intel::DOMAIN	Mandiant APT1 Report	T
-s.microsoft-update-info.com	Intel::DOMAIN	Mandiant APT1 Report	T
-saf.blackberrycluter.com	Intel::DOMAIN	Mandiant APT1 Report	T
-saf.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-safbejn.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-safe.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-safe.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-safety.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-safety.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-safety.newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-safr.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sale.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sale.staycools.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sales.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sam.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sam.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sam.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-satellite.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sauu.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sav.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sb.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-sbh.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-scc.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-scc.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-science.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-scorpion.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-scpkl.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sea.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sea001.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-search.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-search.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-search.searchforca.com	Intel::DOMAIN	Mandiant APT1 Report	T
-security.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-security.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-security.nationtour.net	Intel::DOMAIN	Mandiant APT1 Report	T
-security.symanteconline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-self.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sells.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sells.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-send.issnbgkit.net	Intel::DOMAIN	Mandiant APT1 Report	T
-serv.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-serve.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-server.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-service.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-service.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-service.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-service.issnbgkit.net	Intel::DOMAIN	Mandiant APT1 Report	T
-service.symanteconline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-services.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-services.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-servmail.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-servmailb.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-servmails.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-set.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-sfn.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sh.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-share.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-share.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-share.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-share.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-share.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-shit.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-shop.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-shop.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-shop.newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-shop.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-shop.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-shot.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-shot.newspappers.org	Intel::DOMAIN	Mandiant APT1 Report	T
-shot.usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sifcc.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-signal.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sinbg.comrepair.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sisc.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sites.progammerli.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sk2.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-skills.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-skills.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sklcenter.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-sky.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sky.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sky.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-sky.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-slnoa.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-slnoa.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-slrfc.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-slrj.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-slrou.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-slrouji.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sls.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-slutc.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sma.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smile.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smlk.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smooth.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.cnndaily.net	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.companyinfosite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.defenceonline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.micyuisyahooapis.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.symanteconline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.voiceofman.com	Intel::DOMAIN	Mandiant APT1 Report	T
-smtp.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-snoopy.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-snoot.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-sns.syscation.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sns.syscation.net	Intel::DOMAIN	Mandiant APT1 Report	T
-soft.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-soft.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-soft.cnnnewsdaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-soft.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-soft.nytimesnews.net	Intel::DOMAIN	Mandiant APT1 Report	T
-soft.thehealthmood.net	Intel::DOMAIN	Mandiant APT1 Report	T
-software.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-software.nytimesnews.net	Intel::DOMAIN	Mandiant APT1 Report	T
-solar.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-solar.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-solar.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-soler.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sona.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sonah.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-songhong.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sope.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sos.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sotp.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-source.livemymsn.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sp.booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sp.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-space.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-spah.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-spahi.dnsweb.org	Intel::DOMAIN	Mandiant APT1 Report	T
-spckl.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-spcmon.businessformars.com	Intel::DOMAIN	Mandiant APT1 Report	T
-special.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-sports.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sports.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sports.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sports.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sports.chileexe77.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sports.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sports.newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sports.nytimesnews.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sports.rssadvanced.org	Intel::DOMAIN	Mandiant APT1 Report	T
-sports.staycools.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sports.thehealthmood.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sports.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-sports.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sports.voiceofman.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sports.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sports3.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-sprts.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-spte.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-squick.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sremx.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-srs.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-srs.dnsweb.org	Intel::DOMAIN	Mandiant APT1 Report	T
-srs.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-srvmail.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sslsrv1.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sslsrv2.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sslsrv5.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sslsrv5.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-sslsrv6.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ssun.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-star.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-star.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-star.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-stars.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-stars.nytimesnews.net	Intel::DOMAIN	Mandiant APT1 Report	T
-static.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-stell.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-step.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-stk.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-stk.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-stock.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-stock.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-stone.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-stone.symanteconline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-stulaw.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-stuwal.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-stuwal.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-submarine.defenceonline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-submarine.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-suffering.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-suffering.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-suffering.nationtour.net	Intel::DOMAIN	Mandiant APT1 Report	T
-suffering.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-suffering.searchforca.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sun.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sun.newspappers.org	Intel::DOMAIN	Mandiant APT1 Report	T
-sun.usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-support.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-support.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-support.companyinfosite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-support.livemymsn.com	Intel::DOMAIN	Mandiant APT1 Report	T
-support.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-support.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-support.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-support.searchforca.com	Intel::DOMAIN	Mandiant APT1 Report	T
-support.symanteconline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-support.thehealthmood.net	Intel::DOMAIN	Mandiant APT1 Report	T
-support.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-support.voiceofman.com	Intel::DOMAIN	Mandiant APT1 Report	T
-support.webservicesupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sute.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sw.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-swiss.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sword.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sword.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-syn.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sync.ns06.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sys.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-sys.newspappers.org	Intel::DOMAIN	Mandiant APT1 Report	T
-sys.usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sysj.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-system.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-sysy.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-tag.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-tape.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-tape.dnsweb.org	Intel::DOMAIN	Mandiant APT1 Report	T
-tape.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-tclient.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-tclient.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-teach.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-tech.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-tech.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-tech.saltlakenews.org	Intel::DOMAIN	Mandiant APT1 Report	T
-tech.usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-tele.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-telnet.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-test.bpyoyo.com	Intel::DOMAIN	Mandiant APT1 Report	T
-test.chileexe77.com	Intel::DOMAIN	Mandiant APT1 Report	T
-test.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-test.issnbgkit.net	Intel::DOMAIN	Mandiant APT1 Report	T
-test.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-test.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-thanhnien.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-thec.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-think.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-think.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-tia.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-time.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-time.issnbgkit.net	Intel::DOMAIN	Mandiant APT1 Report	T
-time.mediaxsds.net	Intel::DOMAIN	Mandiant APT1 Report	T
-time.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-time1.mediaxsds.net	Intel::DOMAIN	Mandiant APT1 Report	T
-times.nytimesnews.net	Intel::DOMAIN	Mandiant APT1 Report	T
-tk.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-tnjs.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-tod.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-top.ifexcel.com	Intel::DOMAIN	Mandiant APT1 Report	T
-topmoney.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-train.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-train.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-travel.cnndaily.net	Intel::DOMAIN	Mandiant APT1 Report	T
-travel.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-travel.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-travel.nationtour.net	Intel::DOMAIN	Mandiant APT1 Report	T
-trb.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-trip.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-trip.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-triu.booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ts.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-tt.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-ttl.tfxdccssl.net	Intel::DOMAIN	Mandiant APT1 Report	T
-tx.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-aa.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-aaon.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-aeai.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-ag.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-asg.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-ati.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-bdai.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-bdai.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-bdfa.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-bpd.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-cccc.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-ccr.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-chsaw.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-co.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-cti.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-dfait.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-enrc.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-ga.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-hst.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-hst.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-irpf.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-kfc.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-man.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-mbi.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-nema.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-opm.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-piec.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-pmet.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-pnl.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-rev.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-rj.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-rj.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-sbig.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-tree.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-tta.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-volpe.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ug-west.hugesoft.org	Intel::DOMAIN	Mandiant APT1 Report	T
-unifh.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-up.bpyoyo.com	Intel::DOMAIN	Mandiant APT1 Report	T
-up.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-upback.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update.booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update.companyinfosite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update.defenceonline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-update.dnsweb.org	Intel::DOMAIN	Mandiant APT1 Report	T
-update.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-update.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update.freshreaders.net	Intel::DOMAIN	Mandiant APT1 Report	T
-update.idirectech.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update.livemymsn.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update.lksoftvc.net	Intel::DOMAIN	Mandiant APT1 Report	T
-update.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-update.nationtour.net	Intel::DOMAIN	Mandiant APT1 Report	T
-update.progammerli.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update.safalife.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update.searchforca.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update.staycools.net	Intel::DOMAIN	Mandiant APT1 Report	T
-update.symanteconline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-update.tfxdccssl.net	Intel::DOMAIN	Mandiant APT1 Report	T
-update.thehealthmood.net	Intel::DOMAIN	Mandiant APT1 Report	T
-update.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-update.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-update.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update7.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-update8.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-updater.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-updatevn.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-upload.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-u-rfc.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-url.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-url.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-us.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-us.issnbgkit.net	Intel::DOMAIN	Mandiant APT1 Report	T
-us.rssadvanced.org	Intel::DOMAIN	Mandiant APT1 Report	T
-utex.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-value.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-vedio.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-velp.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-via.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-via.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-via.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-video.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-vip.issnbgkit.net	Intel::DOMAIN	Mandiant APT1 Report	T
-vip.pcclubddk.net	Intel::DOMAIN	Mandiant APT1 Report	T
-vip.sportreadok.net	Intel::DOMAIN	Mandiant APT1 Report	T
-vis.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-visual.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-vockl.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-vol.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-vop.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-vope.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-vopm.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-vpn.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-vpn.businessformars.com	Intel::DOMAIN	Mandiant APT1 Report	T
-vpn.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-vpn.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-vsec.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-vseh.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-walk.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-walste.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-wangye.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-wangye.reutersnewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-wapi.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-was.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-water.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-wave.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-wcasekl.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-wcov.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wdeh.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-weather.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-weather.chileexe77.com	Intel::DOMAIN	Mandiant APT1 Report	T
-weather.freshreaders.net	Intel::DOMAIN	Mandiant APT1 Report	T
-weather.staycools.net	Intel::DOMAIN	Mandiant APT1 Report	T
-weather.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-weather.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-web.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-web.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-web.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-web.companyinfosite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-web.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-web.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-web.newspappers.org	Intel::DOMAIN	Mandiant APT1 Report	T
-web.rssadvanced.org	Intel::DOMAIN	Mandiant APT1 Report	T
-web.saltlakenews.org	Intel::DOMAIN	Mandiant APT1 Report	T
-web.searchforca.com	Intel::DOMAIN	Mandiant APT1 Report	T
-web.thehealthmood.net	Intel::DOMAIN	Mandiant APT1 Report	T
-web.webservicesupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webdata.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webjbs.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-weblog.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-weblog.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.companyinfosite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.usnewssite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.ustvb.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-webmail.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webmailh.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webmails.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webmailw.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-webs.newspappers.org	Intel::DOMAIN	Mandiant APT1 Report	T
-wed5.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wed5.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-week.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-week.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-weg.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-wehmail.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-west.freshreaders.net	Intel::DOMAIN	Mandiant APT1 Report	T
-west.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-west1.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-westjoe.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-westking.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-westking.comrepair.net	Intel::DOMAIN	Mandiant APT1 Report	T
-westkl.blackberrycluter.com	Intel::DOMAIN	Mandiant APT1 Report	T
-westkl.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-westnew.marsbrother.com	Intel::DOMAIN	Mandiant APT1 Report	T
-wfcx.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wff.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wgl.infobusinessus.org	Intel::DOMAIN	Mandiant APT1 Report	T
-wgw.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wh1.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-what.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-whi.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-windows.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-wins.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-wish.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-wk.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-wmp.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wnam.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wnara.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wned.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wnew.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-woil.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-women.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-wopec.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wopm.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-work.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-work.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-work.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-work.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-work.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-work.yahoodaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-workstation.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-world.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-world.nationtour.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wow.newspappers.org	Intel::DOMAIN	Mandiant APT1 Report	T
-wow.saltlakenews.org	Intel::DOMAIN	Mandiant APT1 Report	T
-wpcs.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wpot.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wpot.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wptex.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wpvn.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wpvn.softsolutionbox.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wrim.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wsyggfw.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wtom.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wwab.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-wwebmails.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-wwt.blackcake.net	Intel::DOMAIN	Mandiant APT1 Report	T
-www.advanbusiness.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.aolon1ine.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.applesoftupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-www.attnpower.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.aunewsonline.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.avvmail.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.bigish.net	Intel::DOMAIN	Mandiant APT1 Report	T
-www.bluecoate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.bpyoyo.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.businessformars.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.busketball.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.canadatvsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.cnndaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.cnndaily.net	Intel::DOMAIN	Mandiant APT1 Report	T
-www.cometoway.org	Intel::DOMAIN	Mandiant APT1 Report	T
-www.companyinfosite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.competrip.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.comtoway.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.conferencesinfo.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.copporationnews.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.defenceonline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-www.doemarkennel.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.downloadsite.me	Intel::DOMAIN	Mandiant APT1 Report	T
-www.e-cardsshop.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.freshreaders.net	Intel::DOMAIN	Mandiant APT1 Report	T
-www.giftnews.org	Intel::DOMAIN	Mandiant APT1 Report	T
-www.globalowa.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.gmailboxes.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.hkcastte.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.hvmetal.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.idirectech.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.ifexcel.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.jjpopp.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.jobsadvanced.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.livemymsn.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.maltempata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.microsoft-update-info.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.micyuisyahooapis.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-www.myyahoonews.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.nationtour.net	Intel::DOMAIN	Mandiant APT1 Report	T
-www.newsesport.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.newsonlinesite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.newspappers.org	Intel::DOMAIN	Mandiant APT1 Report	T
-www.nirvanaol.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.olmusic100.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.online.mcafeepaying.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.phoenixtvus.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.pop-musicsite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.rssadvanced.org	Intel::DOMAIN	Mandiant APT1 Report	T
-www.safety-update.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.satellitebbs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.searchforca.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.shepmas.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.skyswim.net	Intel::DOMAIN	Mandiant APT1 Report	T
-www.staycools.net	Intel::DOMAIN	Mandiant APT1 Report	T
-www.symanteconline.net	Intel::DOMAIN	Mandiant APT1 Report	T
-www.syscation.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.syscation.net	Intel::DOMAIN	Mandiant APT1 Report	T
-www.tibethome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-www.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-www.ueopen.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.usabbs.org	Intel::DOMAIN	Mandiant APT1 Report	T
-www.usapappers.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.ushongkong.org	Intel::DOMAIN	Mandiant APT1 Report	T
-www.ustvb.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.uszzcs.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.voiceofman.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.webservicesupdate.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.widewebsense.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www.worthhummer.net	Intel::DOMAIN	Mandiant APT1 Report	T
-www.youipcam.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www-01.marsbrother.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www-049.businessformars.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www1.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-www1.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-www1.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-www1.saltlakenews.org	Intel::DOMAIN	Mandiant APT1 Report	T
-www2.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-www3.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-wwwcb.newspappers.org	Intel::DOMAIN	Mandiant APT1 Report	T
-www-ctr.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-wwwi.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-wwwt.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-x-admin.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-xawh.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-x-book.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-x-fmgg.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-xinge3344.cccpan.com	Intel::DOMAIN	Mandiant APT1 Report	T
-xinge3344.ys168.com	Intel::DOMAIN	Mandiant APT1 Report	T
-xmer.businessconsults.net	Intel::DOMAIN	Mandiant APT1 Report	T
-x-stone.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-xtap.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-xwclient.arrowservice.net	Intel::DOMAIN	Mandiant APT1 Report	T
-xwclient.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-xwclient.newsonet.net	Intel::DOMAIN	Mandiant APT1 Report	T
-yang.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-yang.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-yang1.bigdepression.net	Intel::DOMAIN	Mandiant APT1 Report	T
-yang1.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-yang2.infosupports.com	Intel::DOMAIN	Mandiant APT1 Report	T
-yard.earthsolution.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ysb.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ysb.purpledaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-z0.booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-z4.booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-za.booksonlineclub.com	Intel::DOMAIN	Mandiant APT1 Report	T
-zapts.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-zc.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-zero.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
-zh.lksoftvc.net	Intel::DOMAIN	Mandiant APT1 Report	T
-zone.aoldaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-zone.canoedaily.com	Intel::DOMAIN	Mandiant APT1 Report	T
-zone.companyinfosite.com	Intel::DOMAIN	Mandiant APT1 Report	T
-zone.msnhome.org	Intel::DOMAIN	Mandiant APT1 Report	T
-zone.searchforca.com	Intel::DOMAIN	Mandiant APT1 Report	T
-zone.todayusa.org	Intel::DOMAIN	Mandiant APT1 Report	T
-ztl.firefoxupdata.com	Intel::DOMAIN	Mandiant APT1 Report	T
diff --git a/salt/deprecated-bro/policy/securityonion/apt1/apt1-md5.dat b/salt/deprecated-bro/policy/securityonion/apt1/apt1-md5.dat
deleted file mode 100644
index 421549121..000000000
--- a/salt/deprecated-bro/policy/securityonion/apt1/apt1-md5.dat
+++ /dev/null
@@ -1,1012 +0,0 @@
-#fields	indicator	indicator_type	meta.source	meta.do_notice
-# The following lines are for testing purposes only.  Please keep them commented out when running in production.
-#4285358dd748ef74cb8161108e11cb73	Intel::FILE_HASH	Test MD5	T
-#9593fcbd91fdb1a41d0304bf684d29fd	Intel::FILE_HASH	Test MD5	T
-#e2c33fa7a3802289d46a7c3e4e1df342	Intel::FILE_HASH	Test MD5	T
-001dd76872d80801692ff942308c64e6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-002325a0a67fded0381b5648d7fe9b8e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-00dbb9e1c09dbdafb360f3163ba5a3de	Intel::FILE_HASH	Mandiant Apt1 Report	T
-00f24328b282b28bc39960d55603e380	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0115338e11f85d7a2226933712acaae8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0141955eb5b90ce25b506757ce151275	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0149b7bd7218aab4e257d28469fddb0d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-016da6ee744b16656a2ba3107c7a4a29	Intel::FILE_HASH	Mandiant Apt1 Report	T
-01e0dc079d4e33d8edd050c4900818da	Intel::FILE_HASH	Mandiant Apt1 Report	T
-024fd07dbdacc7da227bede3449c2b6a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0285bd1fbdd70fd5165260a490564ac8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-02a2d148faba3b6310e7ba81eb62739d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-02c65973b6018f5d473d701b3e7508b2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-034374db2d35cf9da6558f54cec8a455	Intel::FILE_HASH	Mandiant Apt1 Report	T
-03ae71eba61af2d497e226da3954f3af	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0469a42d71b4a55118b9579c8c772bb6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0496e3b17cf40c45f495188a368c203a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-04a7b7dab5ff8ba1486df9dbe68c748c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-04e83832146034f9797d2e8145413daa	Intel::FILE_HASH	Mandiant Apt1 Report	T
-04f481d6710ac5d68d0eacac2600a041	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0501bb10d646b29cab7d17a8407010d9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0522e955aaee70b102e843f14c13a92c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-052ec04866e4a67f31845d656531830d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0545a524a6bb0b042f4b00da53fec948	Intel::FILE_HASH	Mandiant Apt1 Report	T
-05552a77620933dd80f1e176736f8fe7	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0583f58ac3d804d28cd433d369b096b8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0588ffa0a244a2c4431c5c4faac60b1f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-05bc8309b93676087d5fb0b58ad5e9d8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-05cc052686fbdf25fb610c1fe120195f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-06598b0490133815541c5ac023623e82	Intel::FILE_HASH	Mandiant Apt1 Report	T
-065e63afdfa539727f63af7530b22d2f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-078f1e2c528f2318b073e871f73efc21	Intel::FILE_HASH	Mandiant Apt1 Report	T
-079028d315d039da0ffec2728b2c9ef6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-07ae235391f7b290ea3a35067239a290	Intel::FILE_HASH	Mandiant Apt1 Report	T
-07c4032f24ae44614676fbdfe539afe0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-07fe9f901fb4f14e16fb5d114a92b0fc	Intel::FILE_HASH	Mandiant Apt1 Report	T
-08084604344b5ed11c2612795b2d3608	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0829207a8400e2814990f79fbdfe7f4d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-082cc969b3eb6786e3e951b450b8de0d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-089c9e5407ddb464dfeca2e528536395	Intel::FILE_HASH	Mandiant Apt1 Report	T
-08d7679a9c806a2f7d2be26fe9b425ee	Intel::FILE_HASH	Mandiant Apt1 Report	T
-08e0d0f5cdfe1bc2e5fc1b992fe1e073	Intel::FILE_HASH	Mandiant Apt1 Report	T
-08f21a020f41f0bcacdc9427f84987da	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0908d8b3e459551039bade50930e4c1b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-09531f851ef74a7238685fd287a395bd	Intel::FILE_HASH	Mandiant Apt1 Report	T
-097b5abb53a3d84fa9eabda02fef9e91	Intel::FILE_HASH	Mandiant Apt1 Report	T
-09d372e4259980ac95fdadf1846578d9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0b506c6dde8d07f9eeb82fd01a6f97d4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0b680e7bd5c0501d5dd73164122a7faf	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0c28ad34f90950bc784339ec9f50d288	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0c5858f293aed44ea00eb9e0019609df	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0c5e9f564115bfcbee66377a829de55f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0ca6e2ad69826c8e3287fc8576112814	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0cad42671e5771574df44a23b3634f32	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0ccfaeb11defb100b5ddb40057e8fce4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0cf8259502d178a099ab2852e2bddbe1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0cf9e999c574ec89595263446978dc9f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0d0240672a314a7547d328f824642da8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0d678350f05b274844da5d79fee75324	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0dd3677594632ce270bcf8af94819caf	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0df42947e167cd006b176d305c08d57e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0e84132e5ad04351b644b8d8743fc4d3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0ec0fcd649f3d5aa2e19f110c0089164	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0f23d5b93c30681655d8a4258b8de129	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0fbdc6e3f79063a4773d4872fa1f15d1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0fed203f3df6a82c9124f24aa3d9d75d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0ff20d023d6b54661d66fb3ce09afe3c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-0ff48a336655869a74611236e6e2d249	Intel::FILE_HASH	Mandiant Apt1 Report	T
-106338ad223b84fbc2528a55e3e22302	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1097ca5269dea866d5c9f2b0cc50af6d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-10a38dd9598cc31efe664cfaa8f37bf1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-10a68e08c514d3b69296b0eb557d822c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-10bb5a8ae053e335fe047cf38db95452	Intel::FILE_HASH	Mandiant Apt1 Report	T
-11504971bb85cdacb8ef7d45e6e2aeb7	Intel::FILE_HASH	Mandiant Apt1 Report	T
-11ccf3f93b00b01887e50283742cd1e6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-11d350127ff1e9ecd665c34326475584	Intel::FILE_HASH	Mandiant Apt1 Report	T
-11dbecc954bf8a89d59407a992889cfd	Intel::FILE_HASH	Mandiant Apt1 Report	T
-11de4b1ab84bcb8dd28ef0ea4641f6d0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-120c2e085992ff59a21ba401ec29fec9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1224527e295380dce1ac9953c850ce97	Intel::FILE_HASH	Mandiant Apt1 Report	T
-123505024f9e5ff74cb6aa67d7fcc392	Intel::FILE_HASH	Mandiant Apt1 Report	T
-125ebbc6f0c957ee994fcef1431a93f4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-129c6cd9d2aa895cf6fa137fa1d3a188	Intel::FILE_HASH	Mandiant Apt1 Report	T
-12a410d82a1fc9a8c18b350872e0d465	Intel::FILE_HASH	Mandiant Apt1 Report	T
-12f25ce81596aeb19e75cc7ef08f3a38	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1328eaceb140a3863951d18661b097af	Intel::FILE_HASH	Mandiant Apt1 Report	T
-13835f0d5aafbeda50560afc92c8b7b7	Intel::FILE_HASH	Mandiant Apt1 Report	T
-13f0b56c28995e4efc8da784ad862853	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1415eb8519d13328091cc5c76a624e3d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1486f48948db4f9afaebd69c7c52f899	Intel::FILE_HASH	Mandiant Apt1 Report	T
-150c4c1f589c4baa794160276a3d4aba	Intel::FILE_HASH	Mandiant Apt1 Report	T
-150c95865766c2dd0562e7bedb6db104	Intel::FILE_HASH	Mandiant Apt1 Report	T
-15137b710414e4e8508ac5ab27e2cbaa	Intel::FILE_HASH	Mandiant Apt1 Report	T
-15244d2321faa3a271ff0b1e5a23148f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-15901ddbccc5e9e0579fc5b42f754fe8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-15d1330be5e27f6f51d011b0575ffa05	Intel::FILE_HASH	Mandiant Apt1 Report	T
-165ef79e7caa806f13f82cc2bbf3dedd	Intel::FILE_HASH	Mandiant Apt1 Report	T
-16e53c619803d0068611bb6d448d1d49	Intel::FILE_HASH	Mandiant Apt1 Report	T
-17199ddac616938f383a0339f416c890	Intel::FILE_HASH	Mandiant Apt1 Report	T
-173cd315008897e56fa812f2b2843f83	Intel::FILE_HASH	Mandiant Apt1 Report	T
-177e0270f25a901c216ffb2e7a36e5b1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-17f5a2e0997b59449ca2120b20b5b7ce	Intel::FILE_HASH	Mandiant Apt1 Report	T
-17f6602f1c507b006b9d09eedcde0096	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1809c3cc93332d7bc0799238519a2938	Intel::FILE_HASH	Mandiant Apt1 Report	T
-18316e6ebb356a66c8ff51e73c1bcc8a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-18e5ef23b634344321b2b3f5fa80a598	Intel::FILE_HASH	Mandiant Apt1 Report	T
-19fc27aeb48b3ce8d00eb2e76dfe2837	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1a0c7e61bcc50d57b7bcf9d9af691de5	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1ae2dadd85cd97452bb26b2c901d0890	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1aea4d24f3bd2c51288ad643fc66e0d2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1b36190794516da078decaff881d9864	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1b7eed9d2438b494197e95fe57114f9b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1ba6fee7d4e73752b39a09b1396b69f0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1baa7f5813e259c6346d1b02a1370d75	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1c16bd1488163c03cd506c2f71486a0f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1c7538951b21d93ef7ecf3fa94ae5c5e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1ca3ca9ec20474d07fc798f2b41e2625	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1ce4605e771a04e375e0d1083f183e8e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1e314c972075b8058099fd8759c11ce8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1e48f6ba839d2c4794e23c10e5c4c138	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1e5ec6c06e4f6bb958dcbb9fc636009d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1ea61a0945bde3c6f41e12bc01928d37	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1ede2c69d50e0efbe23f758d902216e0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1f2eb7b090018d975e6d9b40868c94ca	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1f92ff8711716ca795fbd81c477e45f5	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1f9b32bac55ba4c015181ebf55767752	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1fad25d4fef631f8ec3115e0944e4621	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1fb4ce2e56ced51ddf1edff8ed15c21b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-1fff3f96f53c5bbdd39eb2351f12549d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-201fb83679a1fe05007fc6b8d6d96680	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2080f463388aebe6deb7edf11c01f7ff	Intel::FILE_HASH	Mandiant Apt1 Report	T
-20e2c8c7a98ddd4c16f6e878194c1e78	Intel::FILE_HASH	Mandiant Apt1 Report	T
-212c724346400853d05a4440cabd716c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2156942db0293565c9420c1e254a2c32	Intel::FILE_HASH	Mandiant Apt1 Report	T
-215df0c319b98dad4f202849b097f8b2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2198fea94bb79b001fcfd3e03b269001	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2244c60f4c1dc285c259f3ac5bf88ff8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-225e33508861984dd2a774760bfdfc52	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2272791cadf422ce02a117a3a857f84e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-22aa55134d621672e93c6de928c8b122	Intel::FILE_HASH	Mandiant Apt1 Report	T
-22d9466d6aab8410bea006b5d3df8bd0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-23059de2797774bbdd9b21f979aaec51	Intel::FILE_HASH	Mandiant Apt1 Report	T
-23e371b816bab10cd9cfc4a46154022c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-24259ae8b0018b0ce9992fb1d9b69e2a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2479a9a50308cb72fcd5e4e18ef06468	Intel::FILE_HASH	Mandiant Apt1 Report	T
-24c4ed0a6cc4e9671b72c104977fa215	Intel::FILE_HASH	Mandiant Apt1 Report	T
-24f1b8266f4faf550999581bf0edac83	Intel::FILE_HASH	Mandiant Apt1 Report	T
-24fefb8b9338e2300308260be19bbaab	Intel::FILE_HASH	Mandiant Apt1 Report	T
-251c817f4144264c3e7a9dac03071daf	Intel::FILE_HASH	Mandiant Apt1 Report	T
-255cd53f9bdb6f3755e621885cb34382	Intel::FILE_HASH	Mandiant Apt1 Report	T
-257258344edad17f689b1c6d14833cbc	Intel::FILE_HASH	Mandiant Apt1 Report	T
-25f240aed433c4ea52ccdb898e43756f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2640cb47de607a8276c26e8a27f1150b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-268988aa1df82ab073f527b5b6c8bff7	Intel::FILE_HASH	Mandiant Apt1 Report	T
-268eef019bf65b2987e945afaf29643f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-270d42f292105951ee81e4085ea45054	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2762fb36161086f7ef3f33232aa790dc	Intel::FILE_HASH	Mandiant Apt1 Report	T
-277964807a66aeeb6bd81dbfcaa3e4e6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-277f95bff2e0fe317f86b5010bd83a18	Intel::FILE_HASH	Mandiant Apt1 Report	T
-286f48dda20e2ccc3250a6e09a130db1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-28dbd86bd86eb9153ecb20d883c41ae0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-28e64dfeab48030bc532ae4ace2c9e4c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2976a62c2a829a153a9b0b5f433bdc77	Intel::FILE_HASH	Mandiant Apt1 Report	T
-29c691978af80dc23c4df96b5f6076bb	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2a214ce037f5f6bb01ddc453f0265d92	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2a4604fcae876dee445de5ad74fd7835	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2a84b88c4a2ce0fb6227f7990f465737	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2acfc925e66e1b820a67c4d0f3e6ae8c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2af105519133baaee57c9ade00543de2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2b379d5346ffd386c28038630a9b0292	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2b659d71ae168e774faaf38db30f4a84	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2b732257d8d9f09560fdcb7d84d430ca	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2ba0d0083976a5c1e3315413cdcffcd2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2bd02b41817d227058522cca40acd390	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2bdc196cdac4478ae325c94bab433732	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2c49f47c98203b110799ab622265f4ef	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2c78d8bb5912d8174042f81197d9b449	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2c9c691e15a48b20dbead0a6d6bf0300	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2ca8ba14ff07ef8616372c53ee84d20e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2cdbeebcf4e0b6dbd24b8c7b4cd6d862	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2d08595e73de31a36c1187fcaac73bf0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2d57aa4e7f2f4088f1b96313b24c7602	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2daa4a4574ba06aa3203ae0e0b45b3b8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2dd892986b2249b5214639ecc8ac0223	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2e8484f59899046452392c236460ebb6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2ef062fa86537db34f5907a9775664a1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2f5979eaa728550a352c1ffee0b31236	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2f930d92dc5ebc9d53ad2a2b451ebf65	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2fae9efa753d3d821e1efdbc1335b966	Intel::FILE_HASH	Mandiant Apt1 Report	T
-2fccaa39533de02490b1c6395878dd79	Intel::FILE_HASH	Mandiant Apt1 Report	T
-30a7aa13b1f8d272cb36576952e8b6c0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-30b3b17eab05ecffaa055b5091aa66f9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-30e78d186b27d2023a2a7319bb679c3f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3107de21e480ab1f2d67725f419b28d0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3120fc8630c5252002f26f6e11b09eca	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3122fbb558e1a5f32c90eba31f674add	Intel::FILE_HASH	Mandiant Apt1 Report	T
-31b1d316b46c967c80fe7398a9e4cf41	Intel::FILE_HASH	Mandiant Apt1 Report	T
-31e5e58dbdfad05175613e795298ebb5	Intel::FILE_HASH	Mandiant Apt1 Report	T
-321d75c9990408db812e5a248a74f8c8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-328c3ebb2fd2e170483e8d51ccc6c505	Intel::FILE_HASH	Mandiant Apt1 Report	T
-32c32e936cffa8ab370c7f3f2dd43d65	Intel::FILE_HASH	Mandiant Apt1 Report	T
-335df3ffb8cee61c20ab91a401204df4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3364813bcbd111fc5ec1e4265c533506	Intel::FILE_HASH	Mandiant Apt1 Report	T
-338782d2df367156a2c7e12e9526c600	Intel::FILE_HASH	Mandiant Apt1 Report	T
-33d974011c4b047bf9874a71ba261a11	Intel::FILE_HASH	Mandiant Apt1 Report	T
-33de5067a433a6ec5c328067dc18ec37	Intel::FILE_HASH	Mandiant Apt1 Report	T
-33e9ccd45ef133b2c100d5a4f50635d5	Intel::FILE_HASH	Mandiant Apt1 Report	T
-341f5e7215826d07ada1ed2b96264c0d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-342939e5fe4770c545659a6bf1e50df4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3441cbdf8de9472c19b021b241429b22	Intel::FILE_HASH	Mandiant Apt1 Report	T
-349f6cfb77bb360063c477e9b6ca24d6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-34ca3fbcaac48498aeff6035b172bf69	Intel::FILE_HASH	Mandiant Apt1 Report	T
-34cebbb4d35a66a7a7fb1ce857c195c9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-35008d12dfa47447112495f430e4aefe	Intel::FILE_HASH	Mandiant Apt1 Report	T
-351afebaf03ef12e6ad1b412612d0c53	Intel::FILE_HASH	Mandiant Apt1 Report	T
-35b9f05cf70017cc485af87660109dc8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-35f32431a069398d25efda2dafa32d93	Intel::FILE_HASH	Mandiant Apt1 Report	T
-36a7c3a6460c98e161e1005c925da0b2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-36c0d3f109aede4d76b05431f8a64f9e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-36cd49ad631e99125a3bb2786e405cea	Intel::FILE_HASH	Mandiant Apt1 Report	T
-36d5c8fc4b14559f73b6136d85b94198	Intel::FILE_HASH	Mandiant Apt1 Report	T
-370c50aea66cc338b37801e1bd1c244f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-37cf3f25895c27ca5e647bbfdc1d5b2d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-37ddd3d72ead03c7518f5d47650c8572	Intel::FILE_HASH	Mandiant Apt1 Report	T
-37df1896ba54e85ef549ccc1a88d34ab	Intel::FILE_HASH	Mandiant Apt1 Report	T
-37e7dc80c1eb618b3cd1b442858afa60	Intel::FILE_HASH	Mandiant Apt1 Report	T
-37eee514b04167f8e17e2caa3bfd3049	Intel::FILE_HASH	Mandiant Apt1 Report	T
-389f43a8af199da8da6b7c75b2c69595	Intel::FILE_HASH	Mandiant Apt1 Report	T
-390d1f2a620912104f53c034c8aef14b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-39e28f48c138dc156d1436fd02222e45	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3a3e4bca1197e4abab03340ea97d718d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3a45d4bfd1f919f167ce4a5e5ba00e15	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3a4cda1973cacd78740ff30774d6375e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3abe9c84fc13d0a82c1c3e0dced5825d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3b0829e2e966dae17d4c235893a3ae8a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3b1b190407b868406c5c155a79f3d146	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3b320b90e024bfa48bda72aa7a82322c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3c1b2fabb7d74bc5be0820eae4107f8a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3c4066b252722c873348d43b4c3ec0e5	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3cda17269c246a2e3bfcda6fa02fceb8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3d0c1dc5ac55f6d0e6b7fabfeb5158f5	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3d328395d0cefc67e2909774125196b1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3d573866620eae070a220be89e113f69	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3d61d23c2be95177937aa50769c0c512	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3d6fe3928f2f5ce41622f3f958b894a0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3de1bd0f2107198931177b2b23877df4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3de60420845a582b0e44081b1138a7e4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3e12ffa5ad676a41754e2cc59e980e57	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3e32ab6a2eac5bd1cddd3146d1a1348b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3e3e6fe1a8c6ffc00a9c644997a4f7a1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3e69945e5865ccc861f69b24bc1166b6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3e6ed3ee47bce9946e2541332cb34c69	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3e72fd40e47e232496b303734f1b2b11	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3e87051b1dc3463f378c7e1fe398dc7d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3ea7bf3b469499f0f6d4a78af865138f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3f19992be3606c136b15041207daf6e4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3f243b304358041fb163007e0c066d4a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3f33c0dab564c35485fd227d97b98443	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3f34e41d8ea034e6246ef6426bc91336	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3f8682ab074a097ebbaadbf26dfff560	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3fb8f4cdcb4d1d48be2e473fd8727239	Intel::FILE_HASH	Mandiant Apt1 Report	T
-3fc26910f9c31bd9ba3ccb09132d9ca3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-40831b3799c94b609a91d517d14bea21	Intel::FILE_HASH	Mandiant Apt1 Report	T
-40b1e9cf468f499d749c0863cfa6c8c1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-40ee45b1343406b6f7ad6204f1af7693	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4111fbc14558385c10091543c439264a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-411d770b2939e968c692dbdd3116e179	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4192479b055b2b21cb7e6c803b765d34	Intel::FILE_HASH	Mandiant Apt1 Report	T
-41a5d40ecc735172b18b61e01a30a178	Intel::FILE_HASH	Mandiant Apt1 Report	T
-41bb847963a8fce70ad21e70dd786107	Intel::FILE_HASH	Mandiant Apt1 Report	T
-41d623c1de3b0d182c51e56b2a3f3fba	Intel::FILE_HASH	Mandiant Apt1 Report	T
-420deefd91db5e177b46e4134441a35e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4227f2872817cfc74d134ee9f3d06d14	Intel::FILE_HASH	Mandiant Apt1 Report	T
-42462d31a2e5b1e4602a1a4d39abeca9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-435991e0c67f0c0b4504355b6d4493f0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-438401c9ae36e9ed1bf4f410ae116484	Intel::FILE_HASH	Mandiant Apt1 Report	T
-438983192903f3fecf77500a39459ee6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-43b844c35e1a933e9214588be81ce772	Intel::FILE_HASH	Mandiant Apt1 Report	T
-44066f29aab6a9379f8dd30f6bec257d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-456d298649a7ec31a7250ed9312ebbaf	Intel::FILE_HASH	Mandiant Apt1 Report	T
-45aa4177bb42eb3ded5edf397a4aaded	Intel::FILE_HASH	Mandiant Apt1 Report	T
-465b085d3ddd22f63d8f7721ce5736d7	Intel::FILE_HASH	Mandiant Apt1 Report	T
-46817cabd6618d2126067430a78f06a3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-468ff2c12cffc7e5b2fe0ee6bb3b239e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-46a86e3c12d5025aa78c7ddf46717c38	Intel::FILE_HASH	Mandiant Apt1 Report	T
-46acae84a04e41730d0502d9080bbb4a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-46c36c11238100e155f6d418332869ea	Intel::FILE_HASH	Mandiant Apt1 Report	T
-471005f73280264c48f769e1c21fbcc1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4749f6336eb86b5fa7029661f88ded20	Intel::FILE_HASH	Mandiant Apt1 Report	T
-476fea8761a03bef16e322996c2f6666	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4788960e489197f2633f581607eb0d26	Intel::FILE_HASH	Mandiant Apt1 Report	T
-47e7f92419eb4b98ff4124c3ca11b738	Intel::FILE_HASH	Mandiant Apt1 Report	T
-494637c4ac6d04bb50a681e87b81043f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-494fca685834f3158d133f6b09cbb507	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4962cb3f255b2eaf48847c754d2a553d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-496f04719a365f9718919002eff5748b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-497f07f54a4c29fe3be1a15f4516e32d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-49bacedcd18f6d8929d43a10dae8645f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4a2320b41a5216c741bf63fce562961a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4a54d7878d4170c3d4e3c3606365c42c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4aadab80ce16c588b8719f15e84aba82	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4ab62c8e525bee410cd4b6cfeea7d221	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4ad4258b73430fc3e843a2e59d8ee70a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4b19a2a6d40a5825e868c6ef25ae445e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4c6bddcca2695d6202df38708e14fc7e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4c858a80df0d6de5d69824c9502b65cf	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4c9c9dbf388a8d81d8cfb4d3fc05f8e4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4cabfaef26fd8e5aec01d0c4b90a32f3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4cd3bed14aaffcf61f4d2948484c4c90	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4d21cc82e4031e1d6bb15541827b9e67	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4e1a92036a577a87a6fa36168d192c4b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4e3ddb5c27e45ee0e6dcc02e87b0abb5	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4e551abcd14506092a0f8d54a45f3569	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4f65bc571cdd9c9cd11e771e1db35a4c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-4f763b07a7b8a80f1f9408e590f79532	Intel::FILE_HASH	Mandiant Apt1 Report	T
-50361f8793258b6e883b31269e053ed2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-50a3aaaebae6cee7ecb150ac395276b9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-50f35b7c86aede891a72fcb85f06b0b7	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5100f0a34695c4c9dc7e915177041cad	Intel::FILE_HASH	Mandiant Apt1 Report	T
-51326bf40da5a5357a143dd9a6e6a11c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-51ce169debea41314f591290839fd55f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-522d32a505f78f09303e689999a3e461	Intel::FILE_HASH	Mandiant Apt1 Report	T
-523cf1c9741f5f9d11388a58de6a83a4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-523f56515221161579ee6090c962e5b1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-52509abd1cc7b7fb391b19929e0d99c0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-52bd3ceef33900d53315f89538128026	Intel::FILE_HASH	Mandiant Apt1 Report	T
-52cb7fed85bd7ff6797fbc70105a09fe	Intel::FILE_HASH	Mandiant Apt1 Report	T
-531a3b0acd95f55c3a7418d31f741357	Intel::FILE_HASH	Mandiant Apt1 Report	T
-53600687ec97c297f03b4f0f4710d0c5	Intel::FILE_HASH	Mandiant Apt1 Report	T
-53b263dd41838aa178a5ced338a207f3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-543c283d691939d99667e22bcb7be610	Intel::FILE_HASH	Mandiant Apt1 Report	T
-543e03cc5872e9ed870b2d64363f518b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-54d5d171a482278cc8eacf08d9175fd7	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5537bdce991797198a9ff97ff1492f90	Intel::FILE_HASH	Mandiant Apt1 Report	T
-55886d571c2a57984ea9659b57e1c63a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-55bd26326db3d512b6bd9f75d6671819	Intel::FILE_HASH	Mandiant Apt1 Report	T
-55f60194833efcbc8ac16bd0a1cced1a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-55fb1409170c91740359d1d96364f17b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5613e6d7111b327307c02bec1701ac3f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-565b6fedccab184c92e40483ea49a25f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-567395a3c720fcd09eb75b6c188b8687	Intel::FILE_HASH	Mandiant Apt1 Report	T
-56892b0befe8b7a188fdb7e72a07e60f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-56a5d0575c0c712deb16f465ac888a65	Intel::FILE_HASH	Mandiant Apt1 Report	T
-56c26b175ae23d90244805a6ec347e42	Intel::FILE_HASH	Mandiant Apt1 Report	T
-56c8ff5c6832f1e31a59e0717c3ab79c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-56de2854ef64d869b5df7af5e4effe3e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-56dff5cdfee293100b59096326fb0daf	Intel::FILE_HASH	Mandiant Apt1 Report	T
-57326cd78a56d26e349bbd4bcc5b9fa2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-575836ebb1b8849f04e994e9160370e4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5790c7c09735cf1ccf10625c7cd87f5e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-57cbf78c226265cc1e61ad86779bf906	Intel::FILE_HASH	Mandiant Apt1 Report	T
-57cfef3e32e60df11b8d2c5375f3185c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-57e79f7df13c0cb01910d0c688fcd296	Intel::FILE_HASH	Mandiant Apt1 Report	T
-57f98d16ac439a11012860f88db21831	Intel::FILE_HASH	Mandiant Apt1 Report	T
-580a4c05982accc678a72c366b45815d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-585691777080b419b523938edd3ba2d6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-588c40520a3cea27d2b35cd1fa05e23f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-58b020fd3bc0d34e8c4eaf0a3f3135af	Intel::FILE_HASH	Mandiant Apt1 Report	T
-592a33f691daa01ccbfc8078ad961b43	Intel::FILE_HASH	Mandiant Apt1 Report	T
-59620925bf1c4f760c4bf225c7efd6c0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5a032c13942a46c5ae015f53d9ce138a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5a3abb8053c271c58e879b3b9cf8c8f5	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5a728cb9ce56763dccb32b5298d0f050	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5aeaa53340a281074fcb539967438e3f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5bac505fdc202e1c6507ef381a881ed1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5bcaa2f4bc7567f6ffd5507a161e221a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5bd5a22d42c04db7ac1343a2a9f471fe	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5c4806b5859b35a3df03763e9c7ecbf6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5c6f30cc369cd164d44941d381e282cc	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5ccb52a8e3c31dde2ddbc486a2215e85	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5cd578614afb50b925008b68b3accdb9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5cd7526fc7d849cbbf8c9d1ffe97a991	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5cf0959687427850a92d7f69edd41b86	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5d8129be965fab8115eca34fc84bd7f0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5dea347d29a3e9c21c52385a10224b65	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5e17055c51724b0b89ff036d02f5208a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5e1d81618eaf005b8e0cd63fbc9a4937	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5e33a9835bced338cb1959c347ac6798	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5e42780f52763c77d592044e535e4b01	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5e686bd284022e35559a9c6118df8f1e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5f837bbfd3b458321070e2aebca4ec46	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5fa50476240c9c59cb72b345751434ce	Intel::FILE_HASH	Mandiant Apt1 Report	T
-5ff3269faca4a67d1a4c537154aaad4b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6040dd5b603483f738be6a02a63538f2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-605c1dc91a5c85024160ce78dfac842d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-609d917a7f0c526b0d8091c8191da376	Intel::FILE_HASH	Mandiant Apt1 Report	T
-611b1577ba976f76fc01368545bc395c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-611c8f862864af818202865b78ad7ca8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-61daab56e07dfa3a236d8aec9eb80545	Intel::FILE_HASH	Mandiant Apt1 Report	T
-61e0da42d5d084af24d31fbcef4ff409	Intel::FILE_HASH	Mandiant Apt1 Report	T
-620c6a6cff832e35090487680123f52b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-62a35021454e17f4a913e577d7ecd22f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-62bee50b480f6a6aa427a00464baf376	Intel::FILE_HASH	Mandiant Apt1 Report	T
-62c72767508e461cfe94b0c706e6d446	Intel::FILE_HASH	Mandiant Apt1 Report	T
-62d60a1cd1e7ba73aebc98812e5ac266	Intel::FILE_HASH	Mandiant Apt1 Report	T
-62ea10608f0d54cd284e8d7be32f206e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-633cb95904ab9dc0a3de4ddd443494e8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6377ec0c87f4ec1e7897751dd85d73d4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-63db2f4fd717723f0e6f94e0a6a62c7b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6461ea41f179e660c40ed65aee1a4a2d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-648ce1c45927b24563dd8361a1b74311	Intel::FILE_HASH	Mandiant Apt1 Report	T
-649d54bc9eef5a60a4b9d8b889fee139	Intel::FILE_HASH	Mandiant Apt1 Report	T
-64fa1239f5aa9a9031e61533283f8c22	Intel::FILE_HASH	Mandiant Apt1 Report	T
-65018cd542145a3792ba09985734c12a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-650a6fca433ee243391e4b4c11f09438	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6510cee34da30c7ef5e5e39980402257	Intel::FILE_HASH	Mandiant Apt1 Report	T
-651d83c1b85acb204abd5bf7990a1298	Intel::FILE_HASH	Mandiant Apt1 Report	T
-656baf38fa5ee776e2576cead664d004	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6570163cd34454b3d1476c134d44b9d9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6576c196385407b0f7f4b1b537d88983	Intel::FILE_HASH	Mandiant Apt1 Report	T
-668b92feb7cbcc7ac75ff97dcec28d10	Intel::FILE_HASH	Mandiant Apt1 Report	T
-66c287675cd4c7172590f71181e723a8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-67504a0c2c2bf47efccdab5ca981ad7d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6767eeb485232436de9553988765fb89	Intel::FILE_HASH	Mandiant Apt1 Report	T
-67f62f5accfeacf5e828c3b3905248fe	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6808ec6dbb23f0fa7637c108f44c5c80	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6846ad52c9208830ceaf4cfd81402015	Intel::FILE_HASH	Mandiant Apt1 Report	T
-687a58dcbc076b04bef4ec6050310fb5	Intel::FILE_HASH	Mandiant Apt1 Report	T
-689dcd40d5eae8c0d315265f3d90ffae	Intel::FILE_HASH	Mandiant Apt1 Report	T
-68af7be698e8a7408451c158c04a9712	Intel::FILE_HASH	Mandiant Apt1 Report	T
-68c67a6e26855ebc2569d67689c69a6e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-68d2fd5049e70942d164e4e25d13dd8e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-68e5bff12ac33ecb98977afed51ebad0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-693f711d8fab66a3efca98a19a733d56	Intel::FILE_HASH	Mandiant Apt1 Report	T
-698fbe7ed1ddd7f5c76b86fad3f7a485	Intel::FILE_HASH	Mandiant Apt1 Report	T
-69dc1e1ee273e531e91c60eb86396cc8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6a4fbcfb44717eae2145c761c1c99b6a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6a88f170ab6cb0f9b3252adc61b4f487	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6ab7fa8e5fb63b8d0723387d0a1ffe6d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6b3d19cc86d82b06f5db3ae9d5ba8a5f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6b4ac249f918be9f7bc64ae7fdda947e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6b6c4c0e2959df248be90d89899953a9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6bf8f1f99ac5bba0db1b66518df378a4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6bf9083f1567edce004bd1f7c456659d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6c5c5e4049265fffc87973f3e4978b26	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6c65c697bcff935484a5cd2e7dd2e7d2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6c9c9e40683467f60b910d5bad5285ae	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6ca59c9c4165796e08ba6ca3eeffdee6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6d2320af561b2315c1241e3efd86067f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6db47757ba324bb61ce3cbcabbec52d4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6deae79fc82df523ba99852266a33f9e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6e442c5ef460bee4c9457c6bf7a132d6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6e8f302794cfaae731840e345063e652	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6e9bedcf80f21171adb951a0d85d2adb	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6eb99bed5b5fcb3fdb26f37aff2c9adb	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6ebbfa603aa4e90148ad0b726806c359	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6ebd05a02459d3b22a9d4a79b8626bf1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6eebee2aebd5194db62cb8230502378c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6f4182baa5a57b717cb9d850dfadb60a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6f551594fdf3539c62389c0cf0d2e16a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6f6abd53e10567d1534514fc36fca2e9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6f9992c486195edcf0bf2f6ee6c3ec74	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6faa4740f99408d4d2dddd0b09bbdefd	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6fbf667e82c1477c4ce635b57b83bfa0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-6fdec862951e8b128cd7a07b2031eef6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-70a55fdc712c6e31e013e6b5d412b0d6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-70bb674fc97d7bf4d8dbbe3636f65c4a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-70c10f8b4dcd01b07be6cfb4df0d3348	Intel::FILE_HASH	Mandiant Apt1 Report	T
-70e2827ab4af1a38dc09a02fa95b82fe	Intel::FILE_HASH	Mandiant Apt1 Report	T
-71173ad2bc7b39342b1bdaadeaaa0d8a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7127241c033c403b18bd281d0dfc4e31	Intel::FILE_HASH	Mandiant Apt1 Report	T
-71536d2e95420c55412c12dffea1a0a6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7253de652a025b2b4fa7b02e97a1ee6b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-727a6800991eead454e53e8af164a99c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7388d67561d0a7989202ad4d37eff24f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-73a63c21a08b0ad2c69999e448f8e6a1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-73d125f84503bd87f8142cf2ba8ab05e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-74b3ee9f3f6c52413db6e5c9ace34893	Intel::FILE_HASH	Mandiant Apt1 Report	T
-75372eb37415140fa5464f1ebb8a0e74	Intel::FILE_HASH	Mandiant Apt1 Report	T
-753ec12f61c2f7c9a5763c9063a16106	Intel::FILE_HASH	Mandiant Apt1 Report	T
-759b320aca72ba446e7e156407ebc10d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-75dad1ccabae8adeb5bae899d0c630f8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-75f37a69664362462ad491741a34f195	Intel::FILE_HASH	Mandiant Apt1 Report	T
-75ff4bd6b209b6f10472c4cd22e3f9e6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-760339e927e391e289bd91bad4cd59c3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-769aeae232c6162cedcb6c7255640c4c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-76ba06bac23a2c445cb982bf38b82199	Intel::FILE_HASH	Mandiant Apt1 Report	T
-76bf44d7734ec8581e846a9f3005aed4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-76c1b246703a10cb6e71a3e5b7b55b24	Intel::FILE_HASH	Mandiant Apt1 Report	T
-76f6c7301dbf0219eae991d65804292a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7704ad9e8e0e3d75075e4c294f698d53	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7712d05c8b499fc7a1f4a6a6b6dee825	Intel::FILE_HASH	Mandiant Apt1 Report	T
-772c771e13e599cbf25bf9e0199681f7	Intel::FILE_HASH	Mandiant Apt1 Report	T
-77382bb7fd431211b32d84d4de74b043	Intel::FILE_HASH	Mandiant Apt1 Report	T
-775459afc5415984dfa2a0f533011763	Intel::FILE_HASH	Mandiant Apt1 Report	T
-77afced93e20b1bb906796197fa1dd1d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-77dc072fdd632c12bacc09ceb8e6ee39	Intel::FILE_HASH	Mandiant Apt1 Report	T
-77fbfed235d6062212a3e43211a5706e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-785003a405bc7a4ebcbb21ddb757bf3f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-78524ba7f66c0ec4a3755e51709db1aa	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7852b941a46e37fe9b332b1be77a6960	Intel::FILE_HASH	Mandiant Apt1 Report	T
-79841c13f645118a600d19def3642d1a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-79f3bac2826f8511c96240758af116b4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7a2692cafec377c444bc3147fc43e57f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7a2eba5ca6f9b2cec61c5cc55dfca762	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7a660a9e48f6065333f388f2c0a67bd8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7a670d13d4d014169c4080328b8feb86	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7a7a46e8fbc25a624d58e897dee04ffa	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7ab86c938b960dfc0c4ffbadd4163666	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7acb0d1df51706536f33bbdb990041d3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7aecb34616245eb6b2906358151be55b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7aef47f9fd84669976c4b152910a6328	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7af399ff99109a9501da73337c0bdf4b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7b3ce6c2af1acd119a25831fac670bab	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7b42b35832855ab4ff37ae9b8fa9e571	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7b451bbbdc840378b785bed6b9e30e0f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7be6c90facbfe9ecf470fb27e6673fbc	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7bfeb0eaa1c51513e60bc0abafb1be9f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7c82cd17b0fa420f09f97e060621ed7b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7cb055ac3acbf53e07e20b65ec9126a1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7ce16b35201d8d35965ec7aeebdc80ff	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7d0efb2480834a6a80210b7342d51154	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7d25a80fe2c42368adaea5fcbab866b6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7d3140bd028f70f1fa865364b69c5999	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7deed54a40efc12ea03e3f1859522862	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7e56369d466dd3d85a9b31f65ee8e551	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7e64b28b0050d23970478c81e8037470	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7e8d1f26679a88268e273ab498e597f4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7eedcd6d00b4f08b825b4c134b6d8f1a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7f1a4bc267ace340a5aa7a0b79cbf349	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7f26403f8e59a5f2728af2d3e0efaabb	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7f398b00546c3a0946cd6142c308a556	Intel::FILE_HASH	Mandiant Apt1 Report	T
-7fc52a32337386d867a952a2c8644353	Intel::FILE_HASH	Mandiant Apt1 Report	T
-80856bd8ef7d5dbc3dc774f581855549	Intel::FILE_HASH	Mandiant Apt1 Report	T
-80bca9f272152280a462f84f1588c0cc	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8153b612499dbf432e2d9805b20ae783	Intel::FILE_HASH	Mandiant Apt1 Report	T
-815a89041dea3e56348f8f5c8b7d1457	Intel::FILE_HASH	Mandiant Apt1 Report	T
-81602ce95a4b7f3d3cd1953a2456cd92	Intel::FILE_HASH	Mandiant Apt1 Report	T
-81b03cbcfc4b9d090cd8f5e5da816895	Intel::FILE_HASH	Mandiant Apt1 Report	T
-81ce61ed2dc567ce70589386563890ca	Intel::FILE_HASH	Mandiant Apt1 Report	T
-82390e18379710df84d48881a1c1d0ed	Intel::FILE_HASH	Mandiant Apt1 Report	T
-827040a5f5ae8de281a63899224b2f3a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-82b065518f085c6ceb0a9135ab51df41	Intel::FILE_HASH	Mandiant Apt1 Report	T
-830a748959bdd1ad3b6a1f72aab6f063	Intel::FILE_HASH	Mandiant Apt1 Report	T
-830e5cd6d590aa65dd3e2c1a01b42259	Intel::FILE_HASH	Mandiant Apt1 Report	T
-831a67dc75e2d4505180888747bc8ea9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8387adb5325035baa3fe3a2b0cb4921a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-839c8c06c4d81f523078b0d45d8250ff	Intel::FILE_HASH	Mandiant Apt1 Report	T
-83b3711c32d28a87b173e7e5aba5f826	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8412a3e37499f8289faf54546824ab61	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8442ae37b91f279a9f06de4c60b286a3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8454918f639a1b0719e00627f211d2ed	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8462a62f13f92c34e4b89a7d13a185ad	Intel::FILE_HASH	Mandiant Apt1 Report	T
-855ca1b45a247754ad91d50827a2e16c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-85c4081a97255ac7ca7d0d5554e86ec1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-85c828f5ea5d99e0c98017f6d6be243f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-86a906db5686bbf487689937d15bf71a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-86b1f3874bf741a3f9c0d74625af5f8d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-86b68ad2e9c33eadf134285ea142ccc2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-86dd715a8d28788e68a575207d66df34	Intel::FILE_HASH	Mandiant Apt1 Report	T
-871cc547feb9dbec0285321068e392b8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8725870a43192cb0176c82012996910a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-874bb818208655b59a8c4c1ae2aef379	Intel::FILE_HASH	Mandiant Apt1 Report	T
-876ee736ebad6917a259456fc3a2f11b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-87efe3671ef8f1eca57f2d8f7e4711d9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8845cb5b4e450cb10a3b6ca41a9b4319	Intel::FILE_HASH	Mandiant Apt1 Report	T
-88b5f635ac9031bcdeda1f751952f966	Intel::FILE_HASH	Mandiant Apt1 Report	T
-88c7c50cd4130561d57a1d3b82c5b953	Intel::FILE_HASH	Mandiant Apt1 Report	T
-88dbcc682635b4013bcba5ad28bb976b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8913ac72cdb8afd98bd8446896e1595a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-89164a973ae081991a973aa9d5cdee7c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8934aeed5d213fe29e858eee616a6ec7	Intel::FILE_HASH	Mandiant Apt1 Report	T
-898a8a43c8708961094944fb42c278ab	Intel::FILE_HASH	Mandiant Apt1 Report	T
-89a2802e2f2356ce6a757f833c3ba3ef	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8a7764ded8467bd0fd0c30adc2acc1d4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8a86df3d382bfd1e4c4165f4cacfdff8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8b75bcbff174c25a0161f30758509a44	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8bf9698c18b2aa23f71444af2571a6ad	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8c57b287a1d2140ccedd6cd097d62ded	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8c6ece2ade2bfad3171c925baa64af50	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8c9871a9eb88ffc43507f988b222dc52	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8cb321a7871706fb6246489cb7c4da03	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8cda4e0ee20ddd00003caf7947af7fe4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8d251ef81b1e2251601a7b2b0c03ec05	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8d81eeaeb0bd74a1faab257079452078	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8dc3561ca52bfe40089f3ee0af7fdd9d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8dfbf8a46d3a302fd420305918e9414d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8e1ec7e556b8c6612b6c34e310c50b66	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8e8622c393d7e832d39e620ead5d3b49	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8f3d20c983f9d82a8ff17466f45ee757	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8f4863b4dfb52d8362c031d3720a6d97	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8fc5fb519a222ab919f28d21545774c6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-8fdb15f3d5480de78c61ccef23722683	Intel::FILE_HASH	Mandiant Apt1 Report	T
-91dc97c4b66e3282e1aa831e0bb0bb14	Intel::FILE_HASH	Mandiant Apt1 Report	T
-91deceb64c795927c6ea07f695f67334	Intel::FILE_HASH	Mandiant Apt1 Report	T
-91f538c08b9dee1bb0c6b6c82f727c5d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9206ae65b685dc7ea1cf1ec02606de6c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-929802a27737cebc59d19da724fdf30a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-933b11bc4799f8d9f65466fb2e3ea659	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9371fcd92ef86ccf450af903bc74ec01	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9400fb97c145587b17fb456fac636771	Intel::FILE_HASH	Mandiant Apt1 Report	T
-94a59ce0fadf84f6efa10fe7d5ee3a03	Intel::FILE_HASH	Mandiant Apt1 Report	T
-950234183528ce107d65b700be1bbbd3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9548e5ed4fbacd0ed4a9d6a27f5d8fec	Intel::FILE_HASH	Mandiant Apt1 Report	T
-959c680c26f26e7f1dd61607942dc96a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-95d85aa629a786bb67439a064c4349ec	Intel::FILE_HASH	Mandiant Apt1 Report	T
-95f25d3afc5370f5d9fd8e65c17d3599	Intel::FILE_HASH	Mandiant Apt1 Report	T
-966db6a32ccf7e57394706abc3999189	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9675827a495f4ba6a4efd4dd70932b7c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-973f4a238d6d19bdc7b42977b07b9cef	Intel::FILE_HASH	Mandiant Apt1 Report	T
-97c83d85bd76a38b13cea960a1a97f70	Intel::FILE_HASH	Mandiant Apt1 Report	T
-98409dbf432419024dbf028c004344c1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-989b797c2a63fbfc8e1c6e8a8ccd6204	Intel::FILE_HASH	Mandiant Apt1 Report	T
-98bddd6c789a883afa1de3524bb8ea8e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-98cf219830733fb98fd2a957b7c4b163	Intel::FILE_HASH	Mandiant Apt1 Report	T
-98d257a13d176940910d6441a854d7a4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-99882234b814b860a22b4d441b92fd82	Intel::FILE_HASH	Mandiant Apt1 Report	T
-99a29ccea951a950040f3944abafed40	Intel::FILE_HASH	Mandiant Apt1 Report	T
-99a39866a657a10949fcb6d634bb30d5	Intel::FILE_HASH	Mandiant Apt1 Report	T
-99a7e4a01b813b9b26ba76bf0b484742	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9a58cc73e103fd5a14ef3564e35c03df	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9a66fa24268d158341d497feecbed889	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9ad292de00b2175a80b5909fa173cdcd	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9c03ab63a45d29aee90b72ae89f2f613	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9c36333385d351e59d6c4372d757479e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9cb07b71dcd1ac9dfdbf9f4cdfd4f273	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9d1d58e370bea4b5e79a1f914516cbc0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9d5aabcda9106132d1e1b6cf6cae28aa	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9d7499c3a01daba5c9b5090b079808ca	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9d75897d9c0a5da7e95082ea5ae1f648	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9d85a2ae1e7971a49cb417d97797ac8a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9d8a7970be7826d29732817c0cc84bde	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9d93fc89fb6e0a8142e837b2de045fdd	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9dab4da07ed669b44f409eb60f3b0e50	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9df30198f52b16925db1e3da61cfc754	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9e30b1665077b7e65bc8ff1e7c752306	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9e511dc5ad8a884f4416e68c54f742e1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9e860622fee66074dfe81dcfcc40c4e2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9ea3c16194ce354c244c1b74c46cd92e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9ecf9d5d8872fe55ab120265c3749ffc	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9f11bc08af048c5c3a110e567082fe0b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9f3fbec4341f246aa6131ab01d6e4234	Intel::FILE_HASH	Mandiant Apt1 Report	T
-9fc3ed6c9b8056fbf155f79569ca7cb1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a039a61e4c274811b0388aa517d29fbb	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a1468ce16f2d17979cc1a61878c1c8c6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a14e8df8bc55f7459d24fe526f51a16d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a17bb80ae02c8b003cf69222fa13f506	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a1b8aa19c92c257cbace54337f6672d3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a1b924b8c8fa157ae8775fd86f692053	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a1cb8a9f2b8926afeb254a64f1d78ee3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a24112e4b875038331d2672b6427763c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a241eec892637dec971bd925a40d3efb	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a2534e9b7e4146368ea3245381830eb0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a28ee614e3d783a7561cf8a5a469959f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a2cd1189860b9ba214421aab86ecbc8a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a2feee5e0ac3f825d4b7de7e0b95bb1f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a311516cdf06d3db4f49e67da5213ebe	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a316d5aeca269ca865077e7fff356e7d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a34234a27157851300d9b698f6c56d9a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a354e3c566645100e757f3e43c9b007d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a360b16c19ab9dea6763f777257c5f38	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a38a367d6696ba90b2e778a5a4bf98fd	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a40e20ff8b991308f508239625f275d8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a4143ade719c2222d8602819a3e212ae	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a44312eb63de002383a57b5a93271cdc	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a4903f7c293993069f865468bd7cec78	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a4ad7335aa391519cc5fc9140f2562f2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a510d0c9b7930abaa7aa6b0ac294e675	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a517ca12e2648b0590a5af565f8346b3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a565682d8a13a5719977223e0d9c7aa4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a5b581c0600815b1112ca2fed578928b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a5d4ebc0285f0213e0c29d23bc410889	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a6117891e42ee7db36253b57839c8b8f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a639f598d4c0b9aa7a4691d05f27d977	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a6725f263daf3e94adc3668751b909d0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a6a583aeaf4952787e15f30d289ca138	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a6b99080565aa7933d946b8b9d9d7476	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a70aaf335f7f1a04c7fe194602b11c14	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a7117612ea6b6fa3307943f5ed21fbb4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a7f17c75519fb8a39d37c47617202b05	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a807ad465b2fe5859c85626e97eaf907	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a810ab506857c933df2bea40ae0eb548	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a8b183fe32ad8d426e20227f3c8b7592	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a8b2ac446c614fd5d4880d95369deb3b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a8f259bb36e00d124963cfa9b86f502e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a96a6c91e71e243f00a64f53e2fd6415	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a9993969be3ea340d420eea5868c0d1d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-a99e06e2f90db4e506ef1347a8774dd5	Intel::FILE_HASH	Mandiant Apt1 Report	T
-aa4f1ecc4d25b33395196b5d51a06790	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ab00b38179851c8aa3f9bc80ed7baa23	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ab208f0b517ba9850f1551c9555b5313	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ab445da3ee4e81a84d644476f669d35c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-abcaf816de63c632ec23d6bda3f02bb5	Intel::FILE_HASH	Mandiant Apt1 Report	T
-abe6ab89f957f6edf8f41b5ad198e5e6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-abff707cb54a6e5a9fcbb3fef74dbddc	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ac87816b9a371e72512d8fd82f61c737	Intel::FILE_HASH	Mandiant Apt1 Report	T
-acb99e5318f7001298df1aef51a9463e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ace798670a64b38aa7d065c776b49f17	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ad3cccbe9ddff04b670d353b938f5da9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ad7bdadde9a4da73ffc776c606dbb75e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ad8cde8841208ff226e04e8514dc699c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-adb2fc194b960e694aa450161f1df6fc	Intel::FILE_HASH	Mandiant Apt1 Report	T
-adb62105427567ddc11124fc27921c40	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ae1dda87cc5998de79ecb68527bbd191	Intel::FILE_HASH	Mandiant Apt1 Report	T
-af2745e8888f2ba17a9cf2e0779d3874	Intel::FILE_HASH	Mandiant Apt1 Report	T
-af2f7b070245c90bd2a0a0845314173a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-af719814507fdca4b96184f33b6b92ea	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b0538781d47dde1e9a46a2610155c2d3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b07322743778b5868475dbe66eedac4f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b0d4fbcc0c65c7d5ef7e1c4309c719cb	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b145e4d19f5ecfaad45c795aee69c8dc	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b1838a6c341260fbdaf288795cc63900	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b1912db011633d98bc40ac568a4167a7	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b1ee00cec6c2318fa86f320dd7fc99a8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b1ff1ef983a1aee3a395788ec441d006	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b2599b3078c28a278a3e7cd8b46304da	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b305b543da332a2fcf6e1ce55ed2ea79	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b36168ea438520875c621f5603db003f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b3848edbabfbce246a9faf5466e743bf	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b3af1381f69e36b72e5b272f06aa1fa2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b3bc979d8de3be09728c5de1a0297c4b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b3defdbd173738d44137f88a571647e1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b43266a047b2895399f4883cfe37c089	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b47e5d095be9fd61016817359f6c2887	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b54f58c484f56c704858ccfffbb9d535	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b5a430a0696b5b25ae6b4fa5cbfe3333	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b5e9ce72771217680efaeecfafe3da3f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b631a3d832f7c22c26554711188f59c3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b63452ecd2da62f30923a124bcd41b45	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b661f78279ca0b2e0ae611013eb00f20	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b6f2f483e03b9399f055a1ba5e0713a4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b74022a7b9b63fdc541ae0848b28a962	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b743f6af7e307221ba425d6023ebe42c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b7dba6184f07b1e824362a2307d91ae2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b8277cce81e0a372bc35d33a0c9483c2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b86e89a42a1c1bc6ea15096c68e38ba4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b883f8e5a1420d1f511266b9253c11c4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b8dfe540bef505cd1adbd5f8ff31d028	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b8f61242e28f2edf6cb1be8781438491	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b92db06d17d3bf906c47a0384e771076	Intel::FILE_HASH	Mandiant Apt1 Report	T
-b9b3673a721578b230490f7dfc6df21e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ba0c4d3dbf07d407211b5828405a9b91	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ba10b9486043f76bb9e9a160bc1d2576	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ba56035e10b423734e0ce01bb7bb8b6d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ba773e1608198cf8337c5902d7930710	Intel::FILE_HASH	Mandiant Apt1 Report	T
-baabd9b76bff84ed27fd432cfc6df241	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bac2e89bd92ce23e1e93a63d26dea01a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bb286e9969ca197b461286b679c0886e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bc7092008ca37adf497b75eb98e2e175	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bc723e4f93a3bf85f4d1e1910393d1a3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bc756bb6bf4e7b2058e8dce6ba8b1a79	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bca9bd0abbb31a422458abf521a6a2fb	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bcb087f69792b69494a3edad51a842bb	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bcbdef1678049378be04719ed29078d2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bcdf8cb0868daaec3ba6176e3e7d3cfc	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bce4b77a4e4acc70a3f6f52ec0a2f033	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bd15714360c12ffca4c3c1e86fc69d0e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bd402e910e03b70f00685d8b8be5093c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bd8b082b7711bc980252f988bb0ca936	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bdc5e16aec2c3796fb879a5c260d6ca9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bdd2ad4c0e1e5667d117810ae9e36c4b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-be58ff564c854be419a19a030af25c86	Intel::FILE_HASH	Mandiant Apt1 Report	T
-be74bf5afd4ba64cc8ce237307e9254d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bebbbc50a561681f48d174d6b7c2824e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bee9b7835a02973678e9ead683da1ac4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bf0d5aff9c1f33e089c9c85f03c6ba8a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bf0ee4367ea32f8e3b911c304258e439	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bf80dbf969b73790253f683cd723fd71	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bf9aeefc53d97bb23d35d47986504cef	Intel::FILE_HASH	Mandiant Apt1 Report	T
-bfcae0468de0c7bcf92e9989589082f1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c0134285a276ab933e2a2b9b33b103cd	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c044715c2626ab515f6c85a21c47c7dd	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c04c796ef126ad7429be7d55720fe392	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c0a33a1b472a8c16123fd696a5ce5ebb	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c0a494e643c42a89d5bf718ea274df04	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c110f08399c5dca64d7dc4539eb82083	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c116f5f89e24c7de3ea9cae83b7fc829	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c1bd23ece59e36143d80f7eec0e38c52	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c21591aa72ac72872f5bd05bbca5e4da	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c2a79bb15a31fd6584d9bf0891673d14	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c2e06531a2e6de3c1b7d18b14af53fdf	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c2fa9f567fd34fb14fee6a38b6644ff9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c307bad133cc160a0129fda4c57e0f52	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c30c7fa2eb06fc8c9ebbe955abe26edd	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c39bc83c16f9db8a7c43a966048bca7b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c39e272e9ea15d61e0c8e6b749a1ad46	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c3af09a9fc487314eb4c9fe92a01845a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c3dbd79adfa21706f5451cc68331d31e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c3de028cbc5aa0934008d95689d5f334	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c3e5603a38e700274d1ab30ce93d08b9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c4188c3bb6982d41aa783c499113a8e3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c41e44045cebebfba234063de8fd7c4d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c425b8782075da33cba5aae5ad612582	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c4c638750526e28f68d6d71fd1266bdf	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c4f144febf16ff8f36df15353d5347ce	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c53332a5bf112f03ed22b06d85140626	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c65617a4eedb8e0369ef8fe58ce20a02	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c69a708a2a8e4581dd95f90da3833840	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c6a29993234488fcbdcf45668eac9c47	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c6a4bb1a4e4f69ec71855d70d6960859	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c72edb12880a9af12b439a7a2d0584c1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c763e041c8e85c195ade90e120338be7	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c799e1d25839e1efb2b3d42d6d6efd26	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c7b48b6965642b504f6f36933762df8a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c8d2b7f92fff545b3b19e9b1e1057071	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c9172b3e83c782bc930c06b628f31fa5	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c91eacab7655870764d13ba741aa9a73	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c99fa835350aa9e2427ce69323b061a9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-c9f77569aa98f71cc42644d66d9f371c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ca27a87928443e21dc279008008018ba	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ca327bc83fbe38b3689cd1a5505dfc33	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ca68ccc887cfe5d2194f6a4d3101ae66	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ca6fe7a1315af5afeac2961460a80569	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ca899eda2c32e7d305272dd48bc8e1e1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ca9c1f8d709ed34d388dc7cba2bd7602	Intel::FILE_HASH	Mandiant Apt1 Report	T
-caf33d1e15953c0e782846e1709498f6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-cb15768a3e5c86d22289dcefec56d8a2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-cb3a9d7505be48019e242fbccc7e5f6b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-cb3c5c3f53ecb2cb656fb0f4b8de03f6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-cc0b9bf4ea738d63f06bfe411460412b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-cc17fe9f2d254ad28d050bf5c1df983d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-cc3a9a7b026bfe0e55ff219fd6aa7d94	Intel::FILE_HASH	Mandiant Apt1 Report	T
-cc7c8aba24c66373502ba5934696b7b6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-cca290cd2abe96392378b71e9835ce06	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ccfb7a84bb87cc8f86ddd260ad38ed5b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-cd2102c5db1ed828a9c196448c40af3e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-cd4674e2b7be30121a46a053205472a8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-cd677f9ede43b4b86b421db249c0e020	Intel::FILE_HASH	Mandiant Apt1 Report	T
-cd6c1dbf08d8864b382678284ef13358	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ce003a75c85627cbc7e6eb39beff0722	Intel::FILE_HASH	Mandiant Apt1 Report	T
-cf038194f0fe222f31ec24cb80941bb1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-cf9c2d5a8fbdd1c5adc20cfc5e663c21	Intel::FILE_HASH	Mandiant Apt1 Report	T
-cfc6112254a69030521d0d2bba152d4d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-cfce9478c880934b3548c3022a956e14	Intel::FILE_HASH	Mandiant Apt1 Report	T
-cfe738fcc07b9ece6a11c3390d43b5df	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d0d5a20c5a6c4fddab4d43b85632b6a9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d0fb18b1e1f642f595a4746826350c21	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d16947b200afa74a917f055597b772c0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d197c388184fef263b7944a7186bc6db	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d1a18c7de189170c588e7128ec3f8453	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d20f0fbd001fd30610c3317fd3c6f7c0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d22863c5e6f098a4b52688b021beef0a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d25be76b6d871a26eec08ad1bee0273d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d262cb8267beb0e218f6d11d6af9052e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d263fed2e1c18f2cb439afcef0cd1b45	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d271ae0f4e9230af3b61eafe7f671fde	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d2c616bf238fc18f9ea0a1643bd2d4bc	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d2f1be7e10ed39aa8bc0f7f671d824d2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d3358ed4001ec0366fa23fe82759df2a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d34e357461c55d90c52309c1ff952b4c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d3f9d4bc51db1e602093e3003fc789d9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d41c6005a75a6d28480d63f540d36c70	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d47b04327157fb188c0e81886e346c48	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d4ba6430996fb4021241efc97c607504	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d4c1bfc5cd3e33643a562696d5d29bf2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d4c7f1f80883412f9796f1270accff50	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d5e56f7da9d2a78e49d3d0685e9613ca	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d5fd1ce9189cd54f157d691e317c0821	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d60ee4a39667a733c075bb7f7b36285a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d62cd4ad2a919b6acfa6d49d446dffdb	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d6a01b61f490488d61dfb9376186d844	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d74b169e98dd16d0f3af0dc770dffac0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d751c7f7d2eab52c43ab31312e229307	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d76ea982d614c66c5faa36ab5fdd8b41	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d776379bda9fdf695d6a54db8a5b4c72	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d7796209412da17b2ee2ccf2309b4abf	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d7aa32b7465f55c368230bb52d52d885	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d802a0c3e0c3dcac43877bd488f2b042	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d8238e950608e5aba3d3e9e83e9ee2cc	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d8315c114107b7418c32f85e263766b7	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d8b7b276710127d233abcdb7313aac36	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d8fdd9cfca25315635378dd2564094ca	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d915f1c6792eed61dddb30e512e6c202	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d9b1c95fb4424cf69a0ac8e40b3ab39b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d9c4ebd61c1aee52b3597aae048a592f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d9fb6620e4402764bbf2088de02898ca	Intel::FILE_HASH	Mandiant Apt1 Report	T
-d9fbf759f527af373e34673dc3aca462	Intel::FILE_HASH	Mandiant Apt1 Report	T
-da383cc098a5ea8fbb87643611e4bfb6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-da52e6701c9eba92459c6be28efdba74	Intel::FILE_HASH	Mandiant Apt1 Report	T
-da5ff7927d608d7ccc7495939d457bd3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-da60673b4f2a4660d2734a16a832282f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-da6b0ee7ec735029d1ff4fa863a71de8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-db05df0498b59b42a8e493cf3c10c578	Intel::FILE_HASH	Mandiant Apt1 Report	T
-db2580f5675f04716481b24bb7af468e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-db50416d9e67f4982e89e0ffb0ade6f3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-db5805604f84b7303fa04feb18ce8271	Intel::FILE_HASH	Mandiant Apt1 Report	T
-dba356a4726b94731e6ea97aa73cfc3f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-dbdd2a9c86e71ba0c9953ff4f89cc25b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-dc059121677ec7a038589cda28cbcc49	Intel::FILE_HASH	Mandiant Apt1 Report	T
-dc1cff84900afc9d292b305f9b9aae34	Intel::FILE_HASH	Mandiant Apt1 Report	T
-dc373f011e86d5528ca4824bb287c406	Intel::FILE_HASH	Mandiant Apt1 Report	T
-dc78fd49b7f39fa3bb06b927e8413dd0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-dcb90efe7e09d6900242af25aeca7b73	Intel::FILE_HASH	Mandiant Apt1 Report	T
-dd1222f96024ac28179c7508e4193285	Intel::FILE_HASH	Mandiant Apt1 Report	T
-dd1bede0e42d26fd2439a6e48547023c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-dd21d1ea2146861a4219b1cbdaefe59b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ddf3db31f9fa21cd43ff19dde393aba8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-de016572ade175d37cfbfabe8174391a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-df4da15796910690b05e393561b86fa1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-df5c89d49ef8997c9b5abd8f808298c8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-dff4d874b2bfc64a4d1805959c379074	Intel::FILE_HASH	Mandiant Apt1 Report	T
-dffd04ea26c03d3f6c67e10405abc5ad	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e06145fccac413d8c753bc822619945c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e0c4cbf3ed293e8a8df3f3987b42caac	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e0fc0fae758d7c6091cdb11d5ef98e0e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e1b6940985a23e5639450f8391820655	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e22f2e9ee73ab8b12ee5069f7e39a615	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e24e889e826df04f552e0d133548b693	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e43040ede0645a38ea5a35c26192126f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e476e4a24f8b4ff4c8a0b260aa35fc9f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e480c8839e819eaa9b19d53acfa95052	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e4a9b8993e55e3d0ba355b13d1f27a2e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e4be1e46775081b1d5405b3dd7dd1c64	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e50af782414228e52e59bcbe518b1966	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e5237615fde0977c0ea3626fba609ab8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e54ce5f0112c9fdfe86db17e85a5e2c5	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e55f7d80d99b6aacb0c8d9ed46856d25	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e56e4b20ef6dc09d29be49481bd29561	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e649f31f7f3a7b15ce1290e8d096c058	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e64d657ce32118b415fa91dc05037c4c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e65c0b3f4dd2f3c9f728077ed1e48f7e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e65db662e449cab03a6c1ac51af41360	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e689b1fb0610b752f42adafc403fa49f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e6c25f9994b723d39c785ddfd38a31b8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e6ff0431a9a9028808efc582405ea7df	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e7f728e3bce0e59c3ba973545a3b3a92	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e83f60fb0e0396ea309faf0aed64e53f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-e9df2f69ed3d9c895ad9d399eaff1bc8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ea1b44094ae4d8e2b63a1771a3e61fd5	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ea3155748f9788b741b6799691250579	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ea34b72cbeb07aaac2398704c3ca6b0f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ea47431d832faff7802710dae0abb0d3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ea502cd3504e74bac454835bd23e019b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ea7309fa59e9347a0715f164edf6b200	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ea7aeea782173eb19ef880c6a54456f2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ea8b6c2c083d6b7b2b6ebc015b0488ca	Intel::FILE_HASH	Mandiant Apt1 Report	T
-eb0c8b05ee6a4334f45968cf45656597	Intel::FILE_HASH	Mandiant Apt1 Report	T
-eb50c166074ae4f13cfea362dc7b668a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-eb61cedc9793226a66e4611e6ea25d7f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ebf8eebe3aa218dea5e3f0b2222267b0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ec09d3b72b282872db4afb0cc9ba7d9d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ec3a2197ca6b63ee1454d99a6ae145ab	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ec63f49236858c85168da81c1ac7802a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ec82a53f44511ac09e916bde02cddef0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ec8aa67b05407c01094184c33d2b5a44	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ec8c89aa5e521572c74e2dd02a4daf78	Intel::FILE_HASH	Mandiant Apt1 Report	T
-eca18e3872fd32f17410167871fbd1d2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ecf18654e4a2668fb8b2e3db144809af	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ecf900c9d743631b59442240ac4ce9da	Intel::FILE_HASH	Mandiant Apt1 Report	T
-edb4faeee6542572aff2ec1b6affbd28	Intel::FILE_HASH	Mandiant Apt1 Report	T
-eef298d0bc5b8c89f582e48556d77b6a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-eef80511aa490b2168ed4c9fa5eafef0	Intel::FILE_HASH	Mandiant Apt1 Report	T
-eefa8d6c9a26dcc13604b11bbe5635c1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ef0a6c79f99a537f932a5e64999972b3	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ef29229f7b633f634db3a5c49a3f4a1c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ef349196b0ffef5a02d30413c8dffc7c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ef6c375e3e6930e2b50e1e97fe6fbcc9	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ef8e0fb20e7228c7492ccdc59d87c690	Intel::FILE_HASH	Mandiant Apt1 Report	T
-efc2025431e7ec8f8784fe81389c77cf	Intel::FILE_HASH	Mandiant Apt1 Report	T
-effa99ea879e5be518f242d5820be070	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f02abd537e481109142b6170933d1b3d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f07ac0b4301fccbae233a44e07a2a634	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f0bab119faa296c680a10ba81693915e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f0d2ad2002557a86ecc780bf938b6dfd	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f113e1c754679164b0e137449b7631cc	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f172ff6b65140f342e6ee51966ea3c4c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f1ad5daacace5d4a7b18a03132ec2716	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f1db65d3c48ad5a9d1576aefdca036d1	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f1e5d9bf7705b4dc5be0b8a90b73a863	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f1eea61e49a3f86e95836d1c9f67e074	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f2009007bd6718582ad62ad29b742f6b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f2693de8b687c20aca98bfc1c5aa5b38	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f3611c5c793f521f7ff2a69c22d4174e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f38e76417c0f87322d55062428283e58	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f3b54c188185ee0921848b3a6ad4751e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f3f2881a1cf3f81f1ecd952ccb616504	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f445b22897a27ac5852ee19589bea8c2	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f4bea18e9d38ab9fa7c1cf6eea2bdc79	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f4ed3b7a8a58453052db4b5be3707342	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f4f8067d501bfef385274912d2a833b5	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f627990bbe2ec5c48c180f724490c332	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f6549d4a4097bac446acf8b31d250d2e	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f65eee78ac150924cd37c7f1f3c96518	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f6655e39465c2ff5b016980d918ea028	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f67357d9fa1c3014050f2feefd39c784	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f7c63592ffb87b81ce45c89d207e9403	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f7f85d7f628ce62d1d8f7b39d8940472	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f802b6e448c054c9c16b97ff85646825	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f81991fab3b7d58d66629e26d21176ed	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f8437e44748d2c3fcf84019766f4e6dc	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f8892c6dacbf7ac756abb361e48bbc82	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f904ea9bc8e2d7ce13a6007183da5957	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f9a46d5024c05a827912a89ca270c553	Intel::FILE_HASH	Mandiant Apt1 Report	T
-f9ed623f13481da16a97aeacdca646dc	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fa11cb78f53db2d2718d536d4bd20b85	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fa66312d7e2ed95814f30871cae61d7c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fab6b0b33d59f393e142000f128a9652	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fab7c555a511f4d4e318817455bbb75a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fad92f849e3bbfab211af339eb6a8d66	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fade2270a6c7cb47893ac600a9a0509f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fae6eaf695af058af4b8dfee0709bf51	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fb671e6de6e301c892d2fdaa58f9cd9a	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fbde5068f85ce0aac2e9ff387b5f8c06	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fc1937c1aa536b3744ebdfb1716fd54d	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fc50743af221ccbff7b7c7ec378117f4	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fc89424a2d33ea5af3f49b02e743773b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fc9d20d555a88fc827f3a2bfec4dfa36	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fcdaa67e33357f64bc4ce7b57491fc53	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fd37fa026747059559197461aa7c63e6	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fdef1329ae626656c8389f82c4f9ad38	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fe5ba680a96757ff232d4bad9c0db2b8	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fe8ff84a23feb673a59d8571575fee0b	Intel::FILE_HASH	Mandiant Apt1 Report	T
-feb406ff01d9fd5abc5ea079e0543e31	Intel::FILE_HASH	Mandiant Apt1 Report	T
-fefa3638e4d6f2e00b5194ae3fa0c931	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ff085d421518772ce2df75282363279f	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ff9aa093a37819af65a06046ea0c830c	Intel::FILE_HASH	Mandiant Apt1 Report	T
-ffcc7271e951055f12b61f520ce1e4c7	Intel::FILE_HASH	Mandiant Apt1 Report	T
diff --git a/salt/deprecated-bro/policy/securityonion/bpfconf.bro b/salt/deprecated-bro/policy/securityonion/bpfconf.bro
deleted file mode 100644
index 595aef8f2..000000000
--- a/salt/deprecated-bro/policy/securityonion/bpfconf.bro
+++ /dev/null
@@ -1,106 +0,0 @@
-##! This script is to support the bpf.conf file like other network monitoring tools use.
-##! Please don't try to learn from this script right now, there are a large number of
-##! hacks in it to work around bugs discovered in Bro.
-
-@load base/frameworks/notice
-
-module BPFConf;
-
-export {
-	## The file that is watched on disk for BPF filter changes.
-	## Two templated variables are available; "sensorname" and "interface".
-	## They can be used by surrounding the term by doubled curly braces.
-	const filename = "/opt/bro/share/bro/site/bpf" &redef;
-
-	redef enum Notice::Type += { 
-		## Invalid filter notice.
-		InvalidFilter
-	};
-}
-
-global filter_parts: vector of string = vector();
-global current_filter_filename = "";
-
-type FilterLine: record {
-	s: string;
-};
-
-redef enum PcapFilterID += {
-	BPFConfPcapFilter,
-};
-
-event BPFConf::line(description: Input::EventDescription, tpe: Input::Event, s: string)
-	{
-	local part = sub(s, /[[:blank:]]*#.*$/, "");
-
-	# We don't want any blank parts.
-	if ( part != "" )
-		filter_parts[|filter_parts|] = part;
-	}
-
-event Input::end_of_data(name: string, source:string)
-	{
-	if ( name == "bpfconf" )
-		{
-		local filter = join_string_vec(filter_parts, " ");
-		capture_filters["bpf.conf"] = filter;
-		if ( Pcap::precompile_pcap_filter(BPFConfPcapFilter, filter) )
-			{
-			PacketFilter::install();
-			}
-		else
-			{
-			NOTICE([$note=InvalidFilter,
-			        $msg=fmt("Compiling packet filter from %s failed", filename),
-			        $sub=filter]);
-			}
-
-		filter_parts=vector();
-		}
-	}
-
-
-function add_filter_file()
-	{
-	local real_filter_filename = BPFConf::filename;
-
-	# Support the interface template value.
-	#if ( SecurityOnion::sensorname != "" )
-	#	real_filter_filename = gsub(real_filter_filename, /\{\{sensorname\}\}/, SecurityOnion::sensorname);
-
-	# Support the interface template value.
-	#if ( SecurityOnion::interface != "" )
-	#	real_filter_filename = gsub(real_filter_filename, /\{\{interface\}\}/, SecurityOnion::interface);
-
-	#if ( /\{\{/ in real_filter_filename )
-	#	{
-	#	return;
-	#	}
-	#else
-	#	Reporter::info(fmt("BPFConf filename set: %s (%s)", real_filter_filename, Cluster::node));
-
-	if ( real_filter_filename != current_filter_filename )
-		{
-		current_filter_filename = real_filter_filename;
-		Input::add_event([$source=real_filter_filename,
-		                  $name="bpfconf",
-		                  $reader=Input::READER_RAW,
-		                  $mode=Input::REREAD,
-		                  $want_record=F,
-		                  $fields=FilterLine,
-		                  $ev=BPFConf::line]);
-		}
-	}
-
-#event SecurityOnion::found_sensorname(name: string)
-#	{
-#	add_filter_file();
-#	}
-
-event bro_init() &priority=5
-	{
-	if ( BPFConf::filename != "" )
-		add_filter_file();
-	}
-
-
diff --git a/salt/deprecated-bro/policy/securityonion/conn-add-sensorname.bro b/salt/deprecated-bro/policy/securityonion/conn-add-sensorname.bro
deleted file mode 100644
index 0fbe50297..000000000
--- a/salt/deprecated-bro/policy/securityonion/conn-add-sensorname.bro
+++ /dev/null
@@ -1,10 +0,0 @@
-global sensorname = "{{ grains.host }}";
-
-redef record Conn::Info += {
-	sensorname: string &log &optional;
-};
-
-event connection_state_remove(c: connection)
-	{
-	c$conn$sensorname = sensorname;
-	}
diff --git a/salt/deprecated-bro/policy/securityonion/file-extraction/__load__.bro b/salt/deprecated-bro/policy/securityonion/file-extraction/__load__.bro
deleted file mode 100644
index b2707c803..000000000
--- a/salt/deprecated-bro/policy/securityonion/file-extraction/__load__.bro
+++ /dev/null
@@ -1 +0,0 @@
-@load ./extract
diff --git a/salt/deprecated-bro/policy/securityonion/file-extraction/extract.bro b/salt/deprecated-bro/policy/securityonion/file-extraction/extract.bro
deleted file mode 100644
index 7f0f1c902..000000000
--- a/salt/deprecated-bro/policy/securityonion/file-extraction/extract.bro
+++ /dev/null
@@ -1,21 +0,0 @@
-global ext_map: table[string] of string = {
-    ["application/x-dosexec"] = "exe",
-    ["text/plain"] = "txt",
-    ["image/jpeg"] = "jpg",
-    ["image/png"] = "png",
-    ["text/html"] = "html",
-} &default ="";
-
-event file_sniff(f: fa_file, meta: fa_metadata)
-    {
-    if ( ! meta?$mime_type || meta$mime_type != "application/x-dosexec" )
-        return;
-
-    local ext = "";
-
-    if ( meta?$mime_type )
-        ext = ext_map[meta$mime_type];
-
-    local fname = fmt("/nsm/bro/extracted/%s-%s.%s", f$source, f$id, ext);
-    Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);
-    }
diff --git a/salt/deprecated-bro/policy/securityonion/json-logs/__load__.bro b/salt/deprecated-bro/policy/securityonion/json-logs/__load__.bro
deleted file mode 100644
index 780208248..000000000
--- a/salt/deprecated-bro/policy/securityonion/json-logs/__load__.bro
+++ /dev/null
@@ -1,3 +0,0 @@
-@load tuning/json-logs
-redef LogAscii::json_timestamps = JSON::TS_ISO8601;
-redef LogAscii::use_json = T;
diff --git a/salt/domainstats/init.sls b/salt/domainstats/init.sls
index 01e673764..8d329c785 100644
--- a/salt/domainstats/init.sls
+++ b/salt/domainstats/init.sls
@@ -13,6 +13,8 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+
 # Create the group
 dstatsgroup:
   group.present:
@@ -37,13 +39,13 @@ dstatslogdir:
 
 so-domainstatsimage:
  cmd.run:
-   - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-domainstats:HH1.0.3
+   - name: docker pull --disable-content-trust=false docker.io/{{ IMAGEREPO }}/so-domainstats:HH1.0.3
 
 so-domainstats:
   docker_container.running:
     - require:
       - so-domainstatsimage
-    - image: docker.io/soshybridhunter/so-domainstats:HH1.0.3
+    - image: docker.io/{{ IMAGEREPO }}/so-domainstats:HH1.0.3
     - hostname: domainstats
     - name: so-domainstats
     - user: domainstats
diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls
index 9bfc8ded4..5703b8717 100644
--- a/salt/elastalert/init.sls
+++ b/salt/elastalert/init.sls
@@ -13,6 +13,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 
 {% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone'] %}
@@ -101,7 +102,7 @@ elastaconf:
 
 so-elastalert:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-elastalert:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elastalert:{{ VERSION }}
     - hostname: elastalert
     - name: so-elastalert
     - user: elastalert
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index 14cc38434..7a791c0d2 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -13,6 +13,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
 
@@ -101,7 +102,7 @@ eslogdir:
 
 so-elasticsearch:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-elasticsearch:{{ VERSION }}{{ FEATURES }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }}{{ FEATURES }}
     - hostname: elasticsearch
     - name: so-elasticsearch
     - user: elasticsearch
diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index 8a2b868ce..6889b892f 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -12,6 +12,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set MANAGERIP = salt['pillar.get']('static:managerip', '') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
@@ -51,7 +52,7 @@ filebeatconfsync:
         OUTPUT: {{ salt['pillar.get']('filebeat:config:output', {}) }}
 so-filebeat:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-filebeat:{{ VERSION }}{{ FEATURES }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-filebeat:{{ VERSION }}{{ FEATURES }}
     - hostname: so-filebeat
     - user: root
     - extra_hosts: {{ MANAGER }}:{{ MANAGERIP }}
diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls
index 7858ca298..0b402a54b 100644
--- a/salt/fleet/init.sls
+++ b/salt/fleet/init.sls
@@ -2,6 +2,7 @@
 {%- set FLEETPASS = salt['pillar.get']('secrets:fleet', None) -%}
 {%- set FLEETJWT = salt['pillar.get']('secrets:fleet_jwt', None) -%}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set FLEETARCH = salt['grains.get']('role') %}
 
@@ -105,7 +106,7 @@ fleet_password_none:
 
 so-fleet:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-fleet:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-fleet:{{ VERSION }}
     - hostname: so-fleet
     - port_bindings:
       - 0.0.0.0:8080:8080
diff --git a/salt/freqserver/init.sls b/salt/freqserver/init.sls
index 783d11b6a..08661f3da 100644
--- a/salt/freqserver/init.sls
+++ b/salt/freqserver/init.sls
@@ -13,6 +13,8 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+
 # Create the user
 fservergroup:
   group.present:
@@ -37,13 +39,13 @@ freqlogdir:
 
 so-freqimage:
  cmd.run:
-   - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-freqserver:HH1.0.3
+   - name: docker pull --disable-content-trust=false docker.io/{{ IMAGEREPO }}/so-freqserver:HH1.0.3
 
 so-freq:
   docker_container.running:
     - require:
       - so-freqimage
-    - image: docker.io/soshybridhunter/so-freqserver:HH1.0.3
+    - image: docker.io/{{ IMAGEREPO }}/so-freqserver:HH1.0.3
     - hostname: freqserver
     - name: so-freqserver
     - user: freqserver
diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls
index 1f448f6f0..e3119314b 100644
--- a/salt/grafana/init.sls
+++ b/salt/grafana/init.sls
@@ -1,6 +1,7 @@
 {% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 
 {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %}
 
@@ -216,7 +217,7 @@ dashboard-{{ SN }}:
 
 so-grafana:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-grafana:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-grafana:{{ VERSION }}
     - hostname: grafana
     - user: socore
     - binds:
diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls
index 68d14d397..3313fa901 100644
--- a/salt/idstools/init.sls
+++ b/salt/idstools/init.sls
@@ -13,6 +13,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 # IDSTools Setup
 idstoolsdir:
@@ -60,7 +61,7 @@ synclocalnidsrules:
 
 so-idstools:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-idstools:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-idstools:{{ VERSION }}
     - hostname: so-idstools
     - user: socore
     - binds:
diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls
index 6d6bfd328..6d8ba4566 100644
--- a/salt/influxdb/init.sls
+++ b/salt/influxdb/init.sls
@@ -1,7 +1,7 @@
 {% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
-
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 
 {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %}
 
@@ -26,7 +26,7 @@ influxdbconf:
 
 so-influxdb:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-influxdb:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-influxdb:{{ VERSION }}
     - hostname: influxdb
     - environment:
       - INFLUXDB_HTTP_LOG_ENABLED=false
diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls
index 792f41579..9521c5bb1 100644
--- a/salt/kibana/init.sls
+++ b/salt/kibana/init.sls
@@ -1,4 +1,5 @@
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
 {% if FEATURES %}
@@ -69,7 +70,7 @@ kibanabin:
 # Start the kibana docker
 so-kibana:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-kibana:{{ VERSION }}{{ FEATURES }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-kibana:{{ VERSION }}{{ FEATURES }}
     - hostname: kibana
     - user: kibana
     - environment:
diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls
index 784db9525..87f348744 100644
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -13,6 +13,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
 
@@ -159,7 +160,7 @@ lslogdir:
 
 so-logstash:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-logstash:{{ VERSION }}{{ FEATURES }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-logstash:{{ VERSION }}{{ FEATURES }}
     - hostname: so-logstash
     - name: so-logstash
     - user: logstash
diff --git a/salt/manager/files/registry/scripts/so-docker-download b/salt/manager/files/registry/scripts/so-docker-download
deleted file mode 100644
index dcba7a531..000000000
--- a/salt/manager/files/registry/scripts/so-docker-download
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/bin/bash
-
-MANAGER={{ MANAGER }}
-VERSION="HH1.2.2"
-TRUSTED_CONTAINERS=( \
-"so-nginx:$VERSION" \
-"so-cyberchef:$VERSION" \
-"so-acng:$VERSION" \
-"so-soc:$VERSION" \
-"so-kratos:$VERSION" \
-"so-fleet:$VERSION" \
-"so-soctopus:$VERSION" \
-"so-steno:$VERSION" \
-"so-playbook:$VERSION" \
-"so-thehive-cortex:$VERSION" \
-"so-thehive:$VERSION" \
-"so-thehive-es:$VERSION" \
-"so-wazuh:$VERSION" \
-"so-kibana:$VERSION" \
-"so-elastalert:$VERSION" \
-"so-filebeat:$VERSION" \
-"so-suricata:$VERSION" \
-"so-logstash:$VERSION" \
-"so-bro:$VERSION" \
-"so-idstools:$VERSION" \
-"so-fleet-launcher:$VERSION" \
-"so-freqserver:$VERSION" \
-"so-influxdb:$VERSION" \
-"so-grafana:$VERSION" \
-"so-telegraf:$VERSION" \
-"so-redis:$VERSION" \
-"so-mysql:$VERSION" \
-"so-curtor:$VERSION" \
-"so-elasticsearch:$VERSION" \
-"so-domainstats:$VERSION" \
-"so-tcpreplay:$VERSION" \
-)
-
-for i in "${TRUSTED_CONTAINERS[@]}"
-do
-  # Pull down the trusted docker image
-  docker pull --disable-content-trust=false docker.io/soshybridhunter/$i
-  # Tag it with the new registry destination
-  docker tag soshybridhunter/$i $MANAGER:5000/soshybridhunter/$i
-  docker push $MANAGER:5000/soshybridhunter/$i
-done
diff --git a/salt/manager/init.sls b/salt/manager/init.sls
index e1d8cdb12..43200cd5c 100644
--- a/salt/manager/init.sls
+++ b/salt/manager/init.sls
@@ -13,6 +13,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set managerproxy = salt['pillar.get']('static:managerupdate', '0') %}
 
@@ -59,7 +60,7 @@ acngcopyconf:
 # Install the apt-cacher-ng container
 so-aptcacherng:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-acng:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-acng:{{ VERSION }}
     - hostname: so-acng
     - restart_policy: always
     - port_bindings:
diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls
index e8120724c..c4caa5fcd 100644
--- a/salt/mysql/init.sls
+++ b/salt/mysql/init.sls
@@ -1,6 +1,7 @@
 {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) %}
 {%- set MANAGERIP = salt['pillar.get']('static:managerip', '') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set MAINIP = salt['pillar.get']('elasticsearch:mainip') %}
 {% set FLEETARCH = salt['grains.get']('role') %}
@@ -71,7 +72,7 @@ mysql_password_none:
 
 so-mysql:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-mysql:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-mysql:{{ VERSION }}
     - hostname: so-mysql
     - user: socore
     - port_bindings:
diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls
index 8bbdced0f..53bb13eec 100644
--- a/salt/nginx/init.sls
+++ b/salt/nginx/init.sls
@@ -2,6 +2,7 @@
 {% set FLEETNODE = salt['pillar.get']('static:fleet_node', False) %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 
 # Drop the correct nginx config based on role
 nginxconfdir:
@@ -61,7 +62,7 @@ navigatordefaultlayer:
 
 so-nginx:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-nginx:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-nginx:{{ VERSION }}
     - hostname: so-nginx
     - binds:
       - /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
diff --git a/salt/nodered/init.sls b/salt/nodered/init.sls
index c501445a2..bec8f266a 100644
--- a/salt/nodered/init.sls
+++ b/salt/nodered/init.sls
@@ -13,6 +13,8 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+
 # Create the nodered group
 noderedgroup:
   group.present:
@@ -61,7 +63,7 @@ noderedlog:
 
 so-nodered:
   docker_container.running:
-    - image: soshybridhunter/so-nodered:HH1.2.2
+    - image: {{ IMAGEREPO }}/so-nodered:HH1.2.2
     - interactive: True
     - binds:
       - /opt/so/conf/nodered/:/data:rw
diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls
index dc3db3c21..7a235516a 100644
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -13,6 +13,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
 {% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
@@ -129,7 +130,7 @@ sensoronilog:
 
 so-steno:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-steno:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-steno:{{ VERSION }}
     - network_mode: host
     - privileged: True
     - port_bindings:
@@ -146,7 +147,7 @@ so-steno:
 
 so-sensoroni:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-soc:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soc:{{ VERSION }}
     - network_mode: host
     - binds:
       - /opt/so/conf/steno/certs:/etc/stenographer/certs:rw
diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls
index 6de1c121d..c2380ab3a 100644
--- a/salt/playbook/init.sls
+++ b/salt/playbook/init.sls
@@ -1,5 +1,6 @@
 {% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set MAINIP = salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] %}
 {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
@@ -73,7 +74,7 @@ playbook_password_none:
 
 so-playbook:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-playbook:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-playbook:{{ VERSION }}
     - hostname: playbook
     - name: so-playbook
     - environment:
diff --git a/salt/reactor/fleet.sls b/salt/reactor/fleet.sls
index c29ab85ed..507fab620 100644
--- a/salt/reactor/fleet.sls
+++ b/salt/reactor/fleet.sls
@@ -1,3 +1,5 @@
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+
 #!py
 
 from time import gmtime, strftime
@@ -59,7 +61,7 @@ def run():
 
       # Run Docker container that will build the packages
       gen_packages = subprocess.run(["docker", "run","--rm", "--mount", f"type=bind,source={LOCAL_SALT_DIR}/salt/fleet/packages,target=/output", \
-         "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MANAGER }:5000/soshybridhunter/so-fleet-launcher:{ VERSION }", \
+         "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MANAGER }:5000/{{ IMAGEREPO }}/so-fleet-launcher:{ VERSION }", \
          f"{ESECRET}", f"{PACKAGEHOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii')  
       
       # Update the 'packages-built' timestamp on the webpage (stored in the static pillar)
diff --git a/salt/redis/init.sls b/salt/redis/init.sls
index 4b61c35ef..5a981e688 100644
--- a/salt/redis/init.sls
+++ b/salt/redis/init.sls
@@ -13,6 +13,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 
 # Redis Setup
@@ -47,7 +48,7 @@ redisconfsync:
 
 so-redis:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-redis:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }}
     - hostname: so-redis
     - user: socore
     - port_bindings:
diff --git a/salt/soc/init.sls b/salt/soc/init.sls
index 0490aa13d..e3fdf538a 100644
--- a/salt/soc/init.sls
+++ b/salt/soc/init.sls
@@ -1,4 +1,5 @@
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 
 socdir:
@@ -33,7 +34,7 @@ socsync:
 
 so-soc:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-soc:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soc:{{ VERSION }}
     - hostname: soc
     - name: so-soc
     - binds:
@@ -84,7 +85,7 @@ kratossync:
 
 so-kratos:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-kratos:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-kratos:{{ VERSION }}
     - hostname: kratos
     - name: so-kratos
     - binds:
diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls
index 11727e149..3fcdf8717 100644
--- a/salt/soctopus/init.sls
+++ b/salt/soctopus/init.sls
@@ -1,4 +1,5 @@
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {%- set MANAGER_URL = salt['pillar.get']('manager:url_base', '') %}
 {%- set MANAGER_IP = salt['pillar.get']('static:managerip', '') %}
@@ -50,7 +51,7 @@ playbookrulessync:
 
 so-soctopus:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-soctopus:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soctopus:{{ VERSION }}
     - hostname: soctopus
     - name: so-soctopus
     - binds:
diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls
index b34ee92da..c6a900e8e 100644
--- a/salt/strelka/init.sls
+++ b/salt/strelka/init.sls
@@ -15,6 +15,7 @@
 {%- set MANAGER = salt['grains.get']('master') %}
 {%- set MANAGERIP = salt['pillar.get']('static:managerip', '') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {%- set STRELKA_RULES = salt['pillar.get']('strelka:rules', '1') -%}
 
 # Strelka config
@@ -79,7 +80,7 @@ strelkastagedir:
 
 strelka_coordinator:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-redis:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }}
     - name: so-strelka-coordinator
     - entrypoint: redis-server --save "" --appendonly no
     - port_bindings:
@@ -87,7 +88,7 @@ strelka_coordinator:
 
 strelka_gatekeeper:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-redis:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }}
     - name: so-strelka-gatekeeper
     - entrypoint: redis-server --save "" --appendonly no --maxmemory-policy allkeys-lru
     - port_bindings:
@@ -95,7 +96,7 @@ strelka_gatekeeper:
 
 strelka_frontend:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-strelka-frontend:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-strelka-frontend:{{ VERSION }}
     - binds:
       - /opt/so/conf/strelka/frontend/:/etc/strelka/:ro
       - /nsm/strelka/log/:/var/log/strelka/:rw
@@ -107,7 +108,7 @@ strelka_frontend:
 
 strelka_backend:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-strelka-backend:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-strelka-backend:{{ VERSION }}
     - binds:
       - /opt/so/conf/strelka/backend/:/etc/strelka/:ro
       - /opt/so/conf/strelka/rules/:/etc/yara/:ro
@@ -117,7 +118,7 @@ strelka_backend:
 
 strelka_manager:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-strelka-manager:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-strelka-manager:{{ VERSION }}
     - binds:
       - /opt/so/conf/strelka/manager/:/etc/strelka/:ro
     - name: so-strelka-manager
@@ -125,7 +126,7 @@ strelka_manager:
 
 strelka_filestream:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-strelka-filestream:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-strelka-filestream:{{ VERSION }}
     - binds:
       - /opt/so/conf/strelka/filestream/:/etc/strelka/:ro
       - /nsm/strelka:/nsm/strelka
diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index 0dc16e6b0..4bb192316 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -16,6 +16,7 @@
 {% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
 {% set BROVER = salt['pillar.get']('static:broversion', '') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set BPF_NIDS = salt['pillar.get']('nids:bpf') %}
 {% set BPF_STATUS = 0  %}
@@ -132,7 +133,7 @@ suribpf:
     
 so-suricata:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-suricata:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-suricata:{{ VERSION }}
     - privileged: True
     - environment:
       - INTERFACE={{ interface }}
diff --git a/salt/tcpreplay/init.sls b/salt/tcpreplay/init.sls
index 460552bf8..7247e4505 100644
--- a/salt/tcpreplay/init.sls
+++ b/salt/tcpreplay/init.sls
@@ -1,11 +1,12 @@
 {% if grains['role'] == 'so-sensor' or grains['role'] == 'so-eval' %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 
 so-tcpreplay:
   docker_container.running:
     - network_mode: "host"
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-tcpreplay:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-tcpreplay:{{ VERSION }}
     - name: so-tcpreplay
     - user: root
     - interactive: True
diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls
index e75608c6a..99e12a60b 100644
--- a/salt/telegraf/init.sls
+++ b/salt/telegraf/init.sls
@@ -1,5 +1,6 @@
 {% set MANAGER = salt['grains.get']('master') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 
 # Add Telegraf to monitor all the things.
 tgraflogdir:
@@ -36,7 +37,7 @@ tgrafconf:
 
 so-telegraf:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-telegraf:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-telegraf:{{ VERSION }}
     - environment:
       - HOST_PROC=/host/proc
       - HOST_ETC=/host/etc
diff --git a/salt/thehive/init.sls b/salt/thehive/init.sls
index 6d8ac494d..07eff0939 100644
--- a/salt/thehive/init.sls
+++ b/salt/thehive/init.sls
@@ -1,5 +1,6 @@
 {% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 thehiveconfdir:
   file.directory:
@@ -71,7 +72,7 @@ thehiveesdata:
 
 so-thehive-es:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-thehive-es:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-thehive-es:{{ VERSION }}
     - hostname: so-thehive-es
     - name: so-thehive-es
     - user: 939
@@ -99,7 +100,7 @@ so-thehive-es:
 # Install Cortex
 so-cortex:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-thehive-cortex:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-thehive-cortex:{{ VERSION }}
     - hostname: so-cortex
     - name: so-cortex
     - user: 939
@@ -118,7 +119,7 @@ cortexscript:
 
 so-thehive:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-thehive:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-thehive:{{ VERSION }}
     - environment:
       - ELASTICSEARCH_HOST={{ MANAGERIP }}
     - hostname: so-thehive
diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls
index c4ca27d95..2ae4ea715 100644
--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -1,5 +1,6 @@
 {%- set HOSTNAME = salt['grains.get']('host', '') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 # Add ossec group
 ossecgroup:
@@ -83,7 +84,7 @@ wazuhmgrwhitelist:
 
 so-wazuh:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-wazuh:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-wazuh:{{ VERSION }}
     - hostname: {{HOSTNAME}}-wazuh-manager
     - name: so-wazuh
     - detach: True
diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index 4fb7fe458..103f36c5a 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -1,4 +1,5 @@
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set BPF_ZEEK = salt['pillar.get']('zeek:bpf', {}) %}
 {% set BPF_STATUS = 0  %}
@@ -156,7 +157,7 @@ localzeeksync:
 
 so-zeek:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/soshybridhunter/so-zeek:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-zeek:{{ VERSION }}
     - privileged: True
     - binds:
       - /nsm/zeek/logs:/nsm/zeek/logs:rw
diff --git a/setup/so-common-functions b/setup/so-common-functions
index fc380f85b..078a721bf 100644
--- a/setup/so-common-functions
+++ b/setup/so-common-functions
@@ -1,6 +1,7 @@
 #!/bin/bash
 
 source ./so-variables
+source ../salt/common/tools/sbin/so-common
 
 # Helper functions
 
diff --git a/setup/so-functions b/setup/so-functions
index 7d05852e0..03265c1e4 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -797,14 +797,14 @@ docker_seed_registry() {
 			set_progress_str "$percent" "Downloading $i"
 			{
 				
-				if ! docker pull --disable-content-trust=false docker.io/soshybridhunter/"$i"; then
+				if ! docker pull --disable-content-trust=false docker.io/$IMAGEREPO/"$i"; then
 					sleep 5
-					docker pull --disable-content-trust=false docker.io/soshybridhunter/"$i"
+					docker pull --disable-content-trust=false docker.io/$IMAGEREPO/"$i"
 				fi
 				# Tag it with the new registry destination
-				docker tag soshybridhunter/"$i" "$HOSTNAME":5000/soshybridhunter/"$i"
-				docker push "$HOSTNAME":5000/soshybridhunter/"$i"
-				#docker rmi soshybridhunter/"$i"
+				docker tag $IMAGEREPO/"$i" "$HOSTNAME":5000/$IMAGEREPO/"$i"
+				docker push "$HOSTNAME":5000/$IMAGEREPO/"$i"
+				#docker rmi $IMAGEREPO/"$i"
 			} >> "$setup_log" 2>&1
 		done
 	else
@@ -1023,6 +1023,7 @@ manager_static() {
 		"  sensoronikey: $SENSORONIKEY"\
 		"  wazuh: $WAZUH"\
         "  managerupdate: $MANAGERUPDATES"\
+		"  imagerepo: $IMAGEREPO"\
 		"strelka:"\
 		"  enabled: $STRELKA"\
 		"  rules: $STRELKARULES"\
diff --git a/upgrade/so-update-functions b/upgrade/so-update-functions
index a0a4b0288..3ab79df39 100644
--- a/upgrade/so-update-functions
+++ b/upgrade/so-update-functions
@@ -15,8 +15,9 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-# Set the new SO Version
+. /usr/sbin/so-common
 
+# Set the new SO Version
 UPDATEVERSION=1.2.2
 BUILD=HH
 
@@ -184,16 +185,16 @@ update_docker_containers() {
   do
     # Pull down the trusted docker image
     echo "Downloading $i"
-    docker pull --disable-content-trust=false docker.io/soshybridhunter/$i
+    docker pull --disable-content-trust=false docker.io/$IMAGEREPO/$i
     # Tag it with the new registry destination
-    docker tag soshybridhunter/$i $HOSTNAME:5000/soshybridhunter/$i
-    docker push $HOSTNAME:5000/soshybridhunter/$i
+    docker tag $IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i
+    docker push $HOSTNAME:5000/$IMAGEREPO/$i
   done
 
   for i in "${TRUSTED_CONTAINERS[@]}"
   do
     echo "Removing $i locally"
-    docker rmi soshybridhunter/$i
+    docker rmi $IMAGEREPO/$i
   done
   
 }