← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - INTRUSION ANALYSIS: China-Nexus Adversary Targeting Southeast Asian Edge Network Infrastructure
WHITE celestre 2026-05-27 Modified: 2026-05-27
14
IOCs
MEDIUM VOLUME
A China-nexus intrusion set has been identified conducting a large-scale campaign targeting edge network devices across Southeast Asia. The adversary deploys a custom Linux ELF implant (router.elf) directly onto compromised border routers, establishing persistent command-and-control (C2) via DNS over HTTPS (DoH) while simultaneously weaponizing the router's iptables subsystem to hijack downstream DNS traffic at scale.
associated c2cs beaconrogue dnslinux routersha256clientrcstartrouterdll sideloadrouter implantc2 ip
Indicators of Compromise (3 / 14 total)
All FileHash-MD5 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 20c196fd5cf9a4845d048006321a52b8 2026-05-27
FileHash-MD5 6401cdc783b4afcbcc294954b4cc5dd2 2026-05-27
FileHash-MD5 92ed4d259940d4294190e60add5cc587 2026-05-27
References (1)
↗ https://qiita.com/Y4er/items/0b6071745e4b7b240b3e