Roaming Mantis Android Trojan Banker uses DNS hijacking to i

1. IOC
2. Malicious hosts:
3. 114.44.37[.]112
4. 118.166.1[.]124
5. 118.168.193[.]123
6. 128.14.50[.]146
7. 128.14.50[.]147
8. 220.136.111[.]66
9. 220.136.179[.]5
10. 220.136.76[.]200
11. 43.240.14[.]44
12. haoxingfu01.ddns[.]net
13. shaoye11.hopto[.]org
14.  
15. Malicious apks:
16. 03108e7f426416b0eaca9132f082d568
17. 1cc88a79424091121a83d58b6886ea7a
18. 2a1da7e17edaefc0468dbf25a0f60390
19. 31e61e52d38f19cf3958df2239fba1a7
20. 34efc3ebf51a6511c0d12cce7592db73
21. 4d9a7e425f8c8b02d598ef0a0a776a58
22. 808b186ddfa5e62ee882d5bdb94cc6e2
23. 904b4d615c05952bcf58f35acadee5c1
24. a21322b2416fce17a1877542d16929d5
25. b84b0d5f128a8e0621733a6f3b412e19
26. bd90279ad5c5a813bc34c06093665e55
27. ff163a92f2622f2b8330a5730d3d636c
28.  
29. class.dex:
30. 19e3daf40460aea22962d98de4bc32d2
31. 36b2609a98aa39c730c2f5b49097d0ad
32. 3ba4882dbf2dd6bd4fc0f54ec1373f4c
33. 6cac4c9eda750a69e435c801a7ca7b8d
34. 8a4ed9c4a66d7ccb3d155f85383ea3b3
35. b43335b043212355619fd827b01be9a0
36. b7afa4b2dafb57886fc47a1355824199
37. f89214bfa4b4ac9000087e4253e7f754
38.  
39. test.dex:
40. 1bd7815bece1b54b7728b8dd16f1d3a9
41. 307d2780185ba2b8c5ad4c9256407504
42. 3e4bff0e8ed962f3c420692a35d2e503
43. 57abbe642b85fa00b1f76f62acad4d3b
44. 6e1926d548ffac0f6cedfb4a4f49196e
45. 7714321baf6a54b09baa6a777b9742ef
46. 7aa46b4d67c3ab07caa53e8d8df3005c
47. a0f88c77b183da227b9902968862c2b9