Pulse Detail — Threat Intelligence

PULSE NAME

IOC - INTRUSION ANALYSIS: China-Nexus Adversary Targeting Southeast Asian Edge Network Infrastructure

WHITE celestre 2026-05-27 Modified: 2026-05-27

IOCs

MEDIUM VOLUME

A China-nexus intrusion set has been identified conducting a large-scale campaign targeting edge network devices across Southeast Asia. The adversary deploys a custom Linux ELF implant (router.elf) directly onto compromised border routers, establishing persistent command-and-control (C2) via DNS over HTTPS (DoH) while simultaneously weaponizing the router's iptables subsystem to hijack downstream DNS traffic at scale.

associated c2 cs beacon rogue dns linux router sha256 clientrcstart router dll sideload router implant c2 ip

Indicators of Compromise (1 / 14 total)

All FileHash-MD5 FileHash-SHA256 domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA256	6a43de021fa79dc3eb5f6ed509b605ef617f56af7de8b136698e5dd86c7775ae	—	2026-05-27

References (1)

↗ https://qiita.com/Y4er/items/0b6071745e4b7b240b3e