SYMBOLCOMMON_NAMEaka. SYNONYMS
apk.moqhao (Back to overview)

MoqHao

aka: Shaoye, XLoader

Actor(s): Yanbian Gang

There is no description at this point.

References
2023-03-31TelekomTR4xx
@online{tr4xx:20230331:moqhao:f4ea395, author = {TR4xx}, title = {{Moqhao masters new tricks}}, date = {2023-03-31}, organization = {Telekom}, url = {https://www.telekom.com/en/blog/group/article/moqhao-masters-new-tricks-1031484}, language = {English}, urldate = {2023-04-02} } Moqhao masters new tricks
MoqHao
2023-03-16Team CymruS2 Research Team
@online{team:20230316:moqhao:b249827, author = {S2 Research Team}, title = {{MoqHao Part 3: Recent Global Targeting Trends}}, date = {2023-03-16}, organization = {Team Cymru}, url = {https://www.team-cymru.com/post/moqhao-part-3-recent-global-targeting-trends}, language = {English}, urldate = {2023-03-20} } MoqHao Part 3: Recent Global Targeting Trends
MoqHao
2023-01-19Kaspersky LabsGReAT
@online{great:20230119:roaming:46b7adb, author = {GReAT}, title = {{Roaming Mantis implements new DNS changer in its malicious mobile app in 2022}}, date = {2023-01-19}, organization = {Kaspersky Labs}, url = {https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464/}, language = {English}, urldate = {2023-01-19} } Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
MoqHao
2022-08-11xanhacks' infosec blogxanhacks
@online{xanhacks:20220811:moqhao:a27e664, author = {xanhacks}, title = {{MoqHao Android malware analysis and phishing campaign}}, date = {2022-08-11}, organization = {xanhacks' infosec blog}, url = {https://www.xanhacks.xyz/p/moqhao-malware-analysis}, language = {English}, urldate = {2022-08-22} } MoqHao Android malware analysis and phishing campaign
MoqHao
2022-07-18SekoiaThreat & Detection Research Team
@online{team:20220718:ongoing:e5bd178, author = {Threat & Detection Research Team}, title = {{Ongoing Roaming Mantis smishing campaign targeting France}}, date = {2022-07-18}, organization = {Sekoia}, url = {https://blog.sekoia.io/ongoing-roaming-mantis-smishing-campaign-targeting-france/}, language = {English}, urldate = {2022-07-18} } Ongoing Roaming Mantis smishing campaign targeting France
MoqHao
2022-04-07Team CymruJosh Hopkins
@online{hopkins:20220407:moqhao:459286e, author = {Josh Hopkins}, title = {{MoqHao Part 2: Continued European Expansion}}, date = {2022-04-07}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/04/07/moqhao-part-2-continued-european-expansion/}, language = {English}, urldate = {2022-04-12} } MoqHao Part 2: Continued European Expansion
MoqHao
2021-08-11Team CymruJosh Hopkins
@online{hopkins:20210811:moqhao:91b7e4c, author = {Josh Hopkins}, title = {{MoqHao Part 1.5: High-Level Trends of Recent Campaigns Targeting Japan}}, date = {2021-08-11}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/08/11/moqhao-part-1-5-high-level-trends-of-recent-campaigns-targeting-japan/}, language = {English}, urldate = {2022-03-28} } MoqHao Part 1.5: High-Level Trends of Recent Campaigns Targeting Japan
MoqHao
2021-05-18Medium (Cryptax)Axelle Apvrille
@online{apvrille:20210518:native:350d98f, author = {Axelle Apvrille}, title = {{A native packer for Android/MoqHao}}, date = {2021-05-18}, organization = {Medium (Cryptax)}, url = {https://cryptax.medium.com/a-native-packer-for-android-moqhao-6362a8412fe1}, language = {English}, urldate = {2021-05-19} } A native packer for Android/MoqHao
MoqHao
2021-05-05Kashif Ali Surfeit and Blasé SecurityKashif Ali
@online{ali:20210505:roaming:b3131fd, author = {Kashif Ali}, title = {{Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware}}, date = {2021-05-05}, organization = {Kashif Ali Surfeit and Blasé Security}, url = {https://www.kashifali.ca/2021/05/05/roaming-mantis-amplifies-smishing-campaign-with-os-specific-android-malware/}, language = {English}, urldate = {2021-05-08} } Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware
MoqHao Roaming Mantis
2021-01-20Team CymruAndy Kraus
@online{kraus:20210120:moqhao:e1742ce, author = {Andy Kraus}, title = {{MoqHao Part 1: Identifying Phishing Infrastructure}}, date = {2021-01-20}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/01/20/moqhao-part-1-identifying-phishing-infrastructure/}, language = {English}, urldate = {2022-04-12} } MoqHao Part 1: Identifying Phishing Infrastructure
MoqHao
2020-06-25Medium CSIS TechblogAleksejs Kuprins
@online{kuprins:20200625:roamingmantis:256a9f9, author = {Aleksejs Kuprins}, title = {{The RoamingMantis Group’s Expansion to European Apple Accounts and Android Devices}}, date = {2020-06-25}, organization = {Medium CSIS Techblog}, url = {https://medium.com/csis-techblog/the-roamingmantis-groups-expansion-to-european-apple-accounts-and-android-devices-e6381723c681}, language = {English}, urldate = {2020-06-25} } The RoamingMantis Group’s Expansion to European Apple Accounts and Android Devices
FakeSpy FunkyBot MoqHao
2020-02-27Kaspersky LabsSuguru Ishimaru
@online{ishimaru:20200227:roaming:3e14d12, author = {Suguru Ishimaru}, title = {{Roaming Mantis, part V: Distributed in 2019 using SMiShing and enhanced anti-researcher techniques}}, date = {2020-02-27}, organization = {Kaspersky Labs}, url = {https://securelist.com/roaming-mantis-part-v/96250/}, language = {English}, urldate = {2022-07-13} } Roaming Mantis, part V: Distributed in 2019 using SMiShing and enhanced anti-researcher techniques
FunkyBot MoqHao Roaming Mantis
2020-01-17Hiroaki Ogawa, Manabu Niseki
@techreport{ogawa:20200117:100:035a7dd, author = {Hiroaki Ogawa and Manabu Niseki}, title = {{100 more behind cockroaches?}}, date = {2020-01-17}, institution = {}, url = {https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_4_ogawa-niseki_en.pdf}, language = {English}, urldate = {2020-01-17} } 100 more behind cockroaches?
MoqHao Emotet Predator The Thief
2019Kaspersky LabsSuguru Ishimaru, Manabu Niseki, Hiroaki Ogawa
@techreport{ishimaru:2019:roaming:23097da, author = {Suguru Ishimaru and Manabu Niseki and Hiroaki Ogawa}, title = {{Roaming Mantis: an Anatomy of a DNS Hijacking Campaign}}, date = {2019}, institution = {Kaspersky Labs}, url = {https://hitcon.org/2019/CMT/slide-files/d2_s1_r1.pdf}, language = {English}, urldate = {2022-07-13} } Roaming Mantis: an Anatomy of a DNS Hijacking Campaign
MoqHao Roaming Mantis
2018-11-26Trend MicroLorin Wu, Ecular Xu
@online{wu:20181126:examining:7a7ccc0, author = {Lorin Wu and Ecular Xu}, title = {{Examining XLoader, FakeSpy, and the Yanbian Gang}}, date = {2018-11-26}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/18/k/a-look-into-the-connection-between-xloader-and-fakespy-and-their-possible-ties-with-the-yanbian-gang.html}, language = {English}, urldate = {2021-07-07} } Examining XLoader, FakeSpy, and the Yanbian Gang
FakeSpy MoqHao Yanbian Gang
2018-11-26Trend MicroLorin Wu, Ecular Xu
@online{wu:20181126:look:89e0f68, author = {Lorin Wu and Ecular Xu}, title = {{A Look into the Connection Between XLoader and FakeSpy, and Their Possible Ties With the Yanbian Gang}}, date = {2018-11-26}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/a-look-into-the-connection-between-xloader-and-fakespy-and-their-possible-ties-with-the-yanbian-gang/}, language = {English}, urldate = {2021-07-07} } A Look into the Connection Between XLoader and FakeSpy, and Their Possible Ties With the Yanbian Gang
FakeSpy MoqHao
2018-04-20Trend MicroTrend Micro
@online{micro:20180420:xloader:e46474f, author = {Trend Micro}, title = {{XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing}}, date = {2018-04-20}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/18/d/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing.html}, language = {English}, urldate = {2021-07-07} } XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
MoqHao Yanbian Gang

There is no Yara-Signature yet.