"value":"n March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. According to our telemetry data, this malware was detected more than 6,000 times, though the reports came from just 150 unique users (from February 9 to April 9, 2018). Of course, this is down to the nature of the malware distribution, but it also suggests a very painful experience for some users, who saw the same malware appear again and again in their network. More than half of the detections were observed targeting the Asian region.\r\n\r\nDuring our research we received some invaluable information about the true scale of this attack. There were thousands of daily connections to the command and control (C2) infrastructure, with the device locale for the majority of victims set to Korean. Since we didn\u00e2\u20ac\u2122t find a pre-existing name for this malware operation, we decided to assign a new one for future reference. Based on its propagation via smartphones roaming between Wi-Fi networks, potentially carrying and spreading the infection, we decided to call it \u00e2\u20ac\u02dcRoaming Mantis\u00e2\u20ac\u2122.",
"Tag":[
{
"colour":"#00223b",
"local":"0",
"name":"osint:source-type=\"blog-post\"",
"relationship_type":""
}
]
},
{
"category":"Network activity",
"comment":"Malicious hosts",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724025",
"to_ids":true,
"type":"ip-dst",
"uuid":"5b1e7a39-c0d0-416b-a377-495e950d210f",
"value":"114.44.37.112"
},
{
"category":"Network activity",
"comment":"Malicious hosts",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724025",
"to_ids":true,
"type":"ip-dst",
"uuid":"5b1e7a39-eafc-442e-8e89-4925950d210f",
"value":"118.166.1.124"
},
{
"category":"Network activity",
"comment":"Malicious hosts",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724026",
"to_ids":true,
"type":"ip-dst",
"uuid":"5b1e7a3a-4acc-4136-9640-48b9950d210f",
"value":"118.168.193.123"
},
{
"category":"Network activity",
"comment":"Malicious hosts",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724027",
"to_ids":true,
"type":"ip-dst",
"uuid":"5b1e7a3b-ddc4-4396-8481-46a6950d210f",
"value":"128.14.50.146"
},
{
"category":"Network activity",
"comment":"Malicious hosts",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724027",
"to_ids":true,
"type":"ip-dst",
"uuid":"5b1e7a3b-73cc-4c50-bfb7-4cbf950d210f",
"value":"128.14.50.147"
},
{
"category":"Network activity",
"comment":"Malicious hosts",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724027",
"to_ids":true,
"type":"ip-dst",
"uuid":"5b1e7a3b-0948-4c99-8daf-4115950d210f",
"value":"220.136.111.66"
},
{
"category":"Network activity",
"comment":"Malicious hosts",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724028",
"to_ids":true,
"type":"ip-dst",
"uuid":"5b1e7a3c-b3bc-489d-bd9f-436c950d210f",
"value":"220.136.179.5"
},
{
"category":"Network activity",
"comment":"Malicious hosts",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724029",
"to_ids":true,
"type":"ip-dst",
"uuid":"5b1e7a3d-59a8-4d91-8cf3-4159950d210f",
"value":"220.136.76.200"
},
{
"category":"Network activity",
"comment":"Malicious hosts",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724029",
"to_ids":true,
"type":"ip-dst",
"uuid":"5b1e7a3d-a4cc-46b1-b27a-4b57950d210f",
"value":"43.240.14.44"
},
{
"category":"Network activity",
"comment":"Malicious hosts",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724030",
"to_ids":true,
"type":"hostname",
"uuid":"5b1e7a3e-caa8-486d-b084-420d950d210f",
"value":"haoxingfu01.ddns.net"
},
{
"category":"Network activity",
"comment":"Malicious hosts",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724031",
"to_ids":true,
"type":"hostname",
"uuid":"5b1e7a3f-d154-48fe-b4b0-4add950d210f",
"value":"shaoye11.hopto.org"
},
{
"category":"Payload delivery",
"comment":"Malicious apks",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724232",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7b08-e348-4cc8-a3de-ef08950d210f",
"value":"03108e7f426416b0eaca9132f082d568"
},
{
"category":"Payload delivery",
"comment":"Malicious apks",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724233",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7b09-e690-4abf-a0be-ef08950d210f",
"value":"1cc88a79424091121a83d58b6886ea7a"
},
{
"category":"Payload delivery",
"comment":"Malicious apks",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724233",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7b09-8488-4e07-ac20-ef08950d210f",
"value":"2a1da7e17edaefc0468dbf25a0f60390"
},
{
"category":"Payload delivery",
"comment":"Malicious apks",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724235",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7b0b-c3d0-44da-bf91-ef08950d210f",
"value":"31e61e52d38f19cf3958df2239fba1a7"
},
{
"category":"Payload delivery",
"comment":"Malicious apks",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724235",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7b0b-8c9c-400e-99cb-ef08950d210f",
"value":"34efc3ebf51a6511c0d12cce7592db73"
},
{
"category":"Payload delivery",
"comment":"Malicious apks",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724236",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7b0c-8b64-4d60-acfd-ef08950d210f",
"value":"4d9a7e425f8c8b02d598ef0a0a776a58"
},
{
"category":"Payload delivery",
"comment":"Malicious apks",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724236",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7b0c-b198-4ba7-a0f3-ef08950d210f",
"value":"808b186ddfa5e62ee882d5bdb94cc6e2"
},
{
"category":"Payload delivery",
"comment":"Malicious apks",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724237",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7b0d-91c8-46e7-8595-ef08950d210f",
"value":"904b4d615c05952bcf58f35acadee5c1"
},
{
"category":"Payload delivery",
"comment":"Malicious apks",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724237",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7b0d-126c-4f8e-82c0-ef08950d210f",
"value":"a21322b2416fce17a1877542d16929d5"
},
{
"category":"Payload delivery",
"comment":"Malicious apks",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724238",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7b0e-7b30-4993-9ae7-ef08950d210f",
"value":"b84b0d5f128a8e0621733a6f3b412e19"
},
{
"category":"Payload delivery",
"comment":"Malicious apks",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724238",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7b0e-06a4-466d-a5ac-ef08950d210f",
"value":"bd90279ad5c5a813bc34c06093665e55"
},
{
"category":"Payload delivery",
"comment":"Malicious apks",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724239",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7b0f-b210-471d-b5da-ef08950d210f",
"value":"ff163a92f2622f2b8330a5730d3d636c"
},
{
"category":"Payload delivery",
"comment":"class.dex",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724813",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7d4d-f590-41cc-a20e-4a8c950d210f",
"value":"19e3daf40460aea22962d98de4bc32d2"
},
{
"category":"Payload delivery",
"comment":"class.dex",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724814",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7d4e-0dbc-4091-be32-465a950d210f",
"value":"36b2609a98aa39c730c2f5b49097d0ad"
},
{
"category":"Payload delivery",
"comment":"class.dex",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724815",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7d4f-c838-4b57-b76f-4017950d210f",
"value":"3ba4882dbf2dd6bd4fc0f54ec1373f4c"
},
{
"category":"Payload delivery",
"comment":"class.dex",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724816",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7d50-3de4-44b8-acca-4886950d210f",
"value":"6cac4c9eda750a69e435c801a7ca7b8d"
},
{
"category":"Payload delivery",
"comment":"class.dex",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724817",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7d51-61c4-47c2-9e1e-4695950d210f",
"value":"8a4ed9c4a66d7ccb3d155f85383ea3b3"
},
{
"category":"Payload delivery",
"comment":"class.dex",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724817",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7d51-8dd8-481b-aa0b-4ef6950d210f",
"value":"b43335b043212355619fd827b01be9a0"
},
{
"category":"Payload delivery",
"comment":"class.dex",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724818",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7d52-1c88-4857-bd0e-4c9e950d210f",
"value":"b7afa4b2dafb57886fc47a1355824199"
},
{
"category":"Payload delivery",
"comment":"class.dex",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528724819",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7d53-d158-407d-a141-46ab950d210f",
"value":"f89214bfa4b4ac9000087e4253e7f754"
},
{
"category":"Payload delivery",
"comment":"test.dex",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528725335",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7f57-9470-4e10-b576-47cb950d210f",
"value":"1bd7815bece1b54b7728b8dd16f1d3a9"
},
{
"category":"Payload delivery",
"comment":"test.dex",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528725336",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7f58-fe1c-4183-89d3-4c7a950d210f",
"value":"307d2780185ba2b8c5ad4c9256407504"
},
{
"category":"Payload delivery",
"comment":"test.dex",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528725336",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7f58-5938-41ef-9274-4767950d210f",
"value":"3e4bff0e8ed962f3c420692a35d2e503"
},
{
"category":"Payload delivery",
"comment":"test.dex",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528725336",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7f58-0268-40b9-bcc1-417a950d210f",
"value":"57abbe642b85fa00b1f76f62acad4d3b"
},
{
"category":"Payload delivery",
"comment":"test.dex",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528725337",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7f59-772c-4467-8c2e-42ef950d210f",
"value":"6e1926d548ffac0f6cedfb4a4f49196e"
},
{
"category":"Payload delivery",
"comment":"test.dex",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528725338",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7f5a-d1a8-405b-8bd0-40e4950d210f",
"value":"7714321baf6a54b09baa6a777b9742ef"
},
{
"category":"Payload delivery",
"comment":"test.dex",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528725339",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7f5b-2e0c-4982-b9d3-4b88950d210f",
"value":"7aa46b4d67c3ab07caa53e8d8df3005c"
},
{
"category":"Payload delivery",
"comment":"test.dex",
"deleted":false,
"disable_correlation":false,
"timestamp":"1528725340",
"to_ids":true,
"type":"md5",
"uuid":"5b1e7f5c-4e44-4842-b85a-4f14950d210f",
"value":"a0f88c77b183da227b9902968862c2b9"
}
],
"Object":[
{
"comment":"",
"deleted":false,
"description":"File object describing a file with meta-information",