Roaming Mantis, part III
Tags
country: Japan
maec-delivery-vectors: Watering Hole
attack-pattern: Data Control Panel - T1218.002 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Python - T1059.006 Server - T1583.004 Server - T1584.004 Sms Messages - T1636.004
Show in Graph
Common Information
Type Value
UUID 4dc34795-82f5-4de0-b5de-b0a7d3d335ce
Fingerprint b625b909a9ab26f1
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 1, 2018, 10 a.m.
Added to db Feb. 17, 2023, 11:17 p.m.
Last updated Nov. 17, 2024, 6:30 p.m.
Headline Roaming Mantis, part III
Title Roaming Mantis, part III
Detected Hints/Tags/Attributes 74/3/24
Source URLs
Redirection Url
Details Source https://securelist.com/roaming-mantis-part-3/88071/
URL Provider
Details Provider Source level domain
Details securelist.com securelist.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
trojan-banker.androidos.wroba.al
Details Domain 1 
libkao.so
Details Domain 1 
code.so
Details Domain 71 
aes.new
Details Domain 4 
prezi.com
Details Domain 1 
sagawa-otqwt.com
Details Domain 1 
sagawa-polsw.com
Details File 5 
sagawa.apk
Details File 4 
facebook.apk
Details File 8 
chrome.apk
Details File 1 
_typea_payload_extractor.py
Details File 1 
_typeb_payload_extractor.py
Details md5 1 
956f32a28d0057805c7234d6a13aa99b
Details md5 1 
a19f4cb93274c949e66efe13173c95e6
Details md5 1 
3562f9de6dbe70c2e19a20d8683330ce
Details md5 1 
01fa0039b62c5db8d91dfc6b75b246f8
Details md5 1 
5e913208ecc69427efb6bbf9e6505624
Details md5 1 
67bc2e8beb14b259a5c60fe7a31e6795
Details md5 1 
f120f5f78c7ef762996314cf10f343af
Details md5 1 
efe54c22e2b28a44f723d3479487620c
Details md5 1 
e723c6aec4433f3c6e5d3d24fe810e05
Details md5 1 
daeccda295de93cf767fd39a86a44355
Details md5 1 
581b08b277a8504ed222a71c19cea5f9
Details IPv4 2 
59.105.6.230