← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - INTRUSION ANALYSIS: China-Nexus Adversary Targeting Southeast Asian Edge Network Infrastructure
WHITE celestre 2026-05-27 Modified: 2026-05-27
14
IOCs
MEDIUM VOLUME
A China-nexus intrusion set has been identified conducting a large-scale campaign targeting edge network devices across Southeast Asia. The adversary deploys a custom Linux ELF implant (router.elf) directly onto compromised border routers, establishing persistent command-and-control (C2) via DNS over HTTPS (DoH) while simultaneously weaponizing the router's iptables subsystem to hijack downstream DNS traffic at scale.
associated c2cs beaconrogue dnslinux routersha256clientrcstartrouterdll sideloadrouter implantc2 ip
Indicators of Compromise (14)
All FileHash-MD5 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 20c196fd5cf9a4845d048006321a52b8 2026-05-27
FileHash-MD5 6401cdc783b4afcbcc294954b4cc5dd2 2026-05-27
FileHash-MD5 92ed4d259940d4294190e60add5cc587 2026-05-27
FileHash-SHA256 6a43de021fa79dc3eb5f6ed509b605ef617f56af7de8b136698e5dd86c7775ae 2026-05-27
domain contextlayerrun.com 2026-05-27
domain discovercoded.com 2026-05-27
domain namefilecode.com 2026-05-27
domain perfectgo.top 2026-05-27
domain safelyhome.top 2026-05-27
domain specialclouds.com 2026-05-27
domain specialclouds.top 2026-05-27
domain valuecode.top 2026-05-27
domain windowsweatherkb.top 2026-05-27
hostname function.windowsoftmessages.com 2026-05-27
References (1)
↗ https://qiita.com/Y4er/items/0b6071745e4b7b240b3e