Roaming Mantis: an Anatomy of a DNS Hijacking Campaign
Common Information
| Type | Value |
|---|---|
| UUID | ebd2f15a-2c87-4803-b78e-1b9aff9014fc |
| Fingerprint | c482c8658fc80f0c23983cce001a76f97d723388eb7d2beeac488e1592bbf516 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 23, 2019, 4:35 p.m. |
| Added to db | April 14, 2024, 3:21 a.m. |
| Last updated | Aug. 31, 2024, 6:31 a.m. |
| Headline | Roaming Mantis: an Anatomy of a DNS Hijacking Campaign |
| Title | Roaming Mantis: an Anatomy of a DNS Hijacking Campaign |
| Detected Hints/Tags/Attributes | 71/3/59 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://hitcon.org/2019/CMT/slide-files/d2_s1_r1.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 768 | www.youtube.com |
|
| Details | Domain | 1 | www.nccst.nat.gov.tw |
|
| Details | Domain | 7 | asia.nikkei.com |
|
| Details | Domain | 317 | bit.ly |
|
| Details | Domain | 1 | www.motive.com.tw |
|
| Details | Domain | 6 | des.new |
|
| Details | Domain | 1 | www.setn.com |
|
| Details | Domain | 46 | vk.com |
|
| Details | Domain | 10 | blogger.com |
|
| Details | Domain | 177 | blog.trendmicro.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 28 | securingtomorrow.mcafee.com |
|
| Details | File | 1 | 7.apk |
|
| Details | File | 1 | moqhao.apk |
|
| Details | File | 5 | sagawa.apk |
|
| Details | File | 1 | smartcat.apk |
|
| Details | File | 17 | base64.url |
|
| Details | File | 3 | news.aspx |
|
| Details | md5 | 1 | c2dea0e63bd58062824fd960c6ff5d10 |
|
| Details | md5 | 1 | 720c9528f2bb436fa3ca2196af718332 |
|
| Details | md5 | 1 | 11ab174bf1dbac0418a14853bae5f1ae |
|
| Details | md5 | 1 | 95aa090211fd06bbd2d2c310d0742371 |
|
| Details | md5 | 1 | 2275e5b5186fdfddd64cbb653cc7c5e2 |
|
| Details | md5 | 1 | 14eb70a63a16612ec929b552fced6190 |
|
| Details | md5 | 1 | 710b672224653ad7e31bd081031928b4 |
|
| Details | IPv4 | 1 | 1.53.252.215 |
|
| Details | IPv4 | 1 | 171.244.3.110 |
|
| Details | IPv4 | 1 | 118.30.28.38 |
|
| Details | IPv4 | 1 | 42.112.35.45 |
|
| Details | IPv4 | 1 | 1.53.252.164 |
|
| Details | IPv4 | 1 | 171.244.3.111 |
|
| Details | IPv4 | 1 | 118.30.28.39 |
|
| Details | IPv4 | 1 | 42.112.35.55 |
|
| Details | IPv4 | 1 | 168.126.63.1 |
|
| Details | IPv4 | 1 | 203.248.252.2 |
|
| Details | IPv4 | 1 | 219.250.36.130 |
|
| Details | IPv4 | 1 | 205.209.174.238 |
|
| Details | IPv4 | 1 | 1.171.153.177 |
|
| Details | IPv4 | 1 | 1.171.154.9 |
|
| Details | IPv4 | 1 | 1.171.156.75 |
|
| Details | IPv4 | 1 | 1.171.158.91 |
|
| Details | IPv4 | 1 | 1.171.169.160 |
|
| Details | IPv4 | 1 | 1.171.169.201 |
|
| Details | IPv4 | 1 | 1.171.171.34 |
|
| Details | IPv4 | 1 | 1.171.174.228 |
|
| Details | IPv4 | 1 | 1.171.175.167 |
|
| Details | IPv4 | 1 | 175.181.255.52 |
|
| Details | IPv4 | 1 | 112.104.27.225 |
|
| Details | IPv4 | 1 | 112.104.26.33 |
|
| Details | Url | 1 | https://www.youtube.com/watch?v=nevmxhxg2le |
|
| Details | Url | 1 | https://www.nccst.nat.gov.tw/newsrssdetail?lang=en&rsstype=news&seq=16111 |
|
| Details | Url | 1 | https://asia.nikkei.com/business/japan-s-sagawa-chasing-drivers-with-4-day-workweek |
|
| Details | Url | 1 | https://asia.nikkei.com/business/yamato-transport-no.-1-in-japan-brand-survey |
|
| Details | Url | 1 | https://www.motive.com.tw/?p=18207 |
|
| Details | Url | 1 | https://www.youtube.com/watch?v=0qkrdfua7dc |
|
| Details | Url | 1 | https://www.setn.com/news.aspx?newsid=577291 |
|
| Details | Url | 12 | https://blog.trendmicro.com/trendlabs- |
|
| Details | Url | 1 | https://securelist.com/roaming-mantis- |
|
| Details | Url | 2 | https://securingtomorrow.mcafee.com |