#1289778: Roaming Mantis: an Anatomy of a DNS Hijacking Campaign - Additional IOCs

Description: At least 6,000 mobile devices are infected with malicious apps, leaking more than 1 million pieces of personal information. The infection spreads to 55 countries in the world and South Korea being the main target has a victim rate of 75%.

REFERENCE:
https://hitcon.org/2019/CMT/slide-files/d2_s1_r1.pdf
First Aid: IOCs

TYPE INDICATOR

FileHash-MD5 720c9528f2bb436fa3ca2196af718332
FileHash-MD5 710b672224653ad7e31bd081031928b4
FileHash-MD5 2275e5b5186fdfddd64cbb653cc7c5e2
FileHash-MD5 7d41ef4c8e39d4dd8ca937d23521254a
FileHash-MD5 95aa090211fd06bbd2d2c310d0742371
FileHash-MD5 c2dea0e63bd58062824fd960c6ff5d10
FileHash-MD5 11ab174bf1dbac0418a14853bae5f1ae
FileHash-MD5 14eb70a63a16612ec929b552fced6190
More info: https://otx.alienvault.com/pulse/5de51f47d52e15a3a6eae896

Date added Dec. 2, 2019, 5 p.m.
Source AlienVault
Subjects
  • All New Malware or Attack Alerts - New Reports / IOCs in
  • BIND / DNS / Name / DHCP Servers - Various
  • BIND DNS Server
  • DNS, BIND and ARP based Attacks
  • DNS/Domain Hijacking
  • DNS / Name Servers - Various
  • Info on - DNS Infrastructure
  • MoqHao Banking Trojan
  • Roaming Mantis Android / Apple Malware