ioc[.]one - OSINT Cyber Threat Intelligence Database

Resecurity | The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via GitLab Abuse

Tags

cmtmf-attack-pattern:	Masquerading
country:	Malaysia China India Saudi Arabia Laos Philippines Singapore Taiwan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Clipboard Data - T1414 Dns - T1071.004 Dns - T1590.002 Dynamic Dns - T1311 Dynamic Dns - T1333 Email Account - T1087.003 Impersonation - T1656 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Clipboard Data - T1115 Connection Proxy - T1090 Masquerading - T1036 Scripting - T1064 Masquerading Scripting

Show in Graph

Common Information

Type	Value
UUID	874484b3-bcb5-4a61-b4d1-3a476f0b2a95
Fingerprint	34009d190cba8682
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 3, 2024, midnight
Added to db	Aug. 31, 2024, 10:07 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via GitLab Abuse
Title	Resecurity \| The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via GitLab Abuse
Detected Hints/Tags/Attributes	94/4/82

Source URLs

	Redirection	Url
Details	Source	https://www.resecurity.com/blog/article/the-new-version-of-jsoutprox-is-attacking-financial-institutions-in-apac-and-mena-via-gitlab-abuse

URL Provider

Details	Provider	Source level domain
Details	resecurity.com	www.resecurity.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	364	✔	Resecurity	https://www.resecurity.com/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	ykderpgdgopopfuvgt.ddns.net
Details	Domain	74	adodb.stream
Details	Domain	1	suedxcapuertggando.ddns.net
Details	Domain	1	eopgupgdpopopfuupi.ddns.net
Details	Domain	172	www.crowdstrike.com
Details	Domain	15	yoroi.company
Details	Domain	137	securityaffairs.com
Details	Email	1	mike.will@my.com
Details	File	1	transaction_ref_jpg.zip
Details	File	1	transaction_ref_jpg.js
Details	File	1	moneygram_global_compliance_pdf.zip
Details	File	1	moneygram_global_compliance_pdf.js
Details	File	1	swift_copy_jpg.zip
Details	File	1	swift_copy_jpg.js
Details	File	1	trxn-00000087312_pdf.js
Details	File	1	moneygram_aml_compliance_review.pdf
Details	File	1	transaction_details_jpg.zip
Details	File	1	transaction_details_jpg.js
Details	File	1	transaction_ref_01302024_jpg.zip
Details	File	1	transaction_ref_01302024_jpg.js
Details	File	1	696162127010102.zip
Details	File	1	36606696162127010122_65890982136606696162127010102.zip
Details	File	376	wscript.exe
Details	File	62	fodhelper.exe
Details	File	3	eventviewer.exe
Details	File	1	transactions_copy_65880983136606696162127010122_65890982136606696162127010102.zip
Details	File	1	65890982136606696162127010102.js
Details	File	1	jsoutprox-enterprise-grade-implant.html
Details	md5	1	d22f76e60a786f0c92fa20af1a1619b2
Details	md5	1	89a088cd92b7ed59fd3bcc7786075130
Details	md5	1	9c9df8fbcef8acd1a5265be5fd8fdce9
Details	md5	1	66514548cdffab50d1ea75772a08df3d
Details	md5	1	81b9e7deb17e3371d417ad94776b2a26
Details	md5	1	bea8cf1f983120b68204f2fa9448526e
Details	md5	1	72461c94bd27e5b001265bbccc931534
Details	md5	1	1bd7ce64f1a7cf7dc94b912ceb9533d0
Details	md5	1	f1858438a353d38e3e19109bf0a5e1be
Details	md5	1	6764dbc4df70e559b2a59e913d940d4b
Details	md5	1	3a2104953478d1e60927aa6def17e8e7
Details	md5	1	3d46a462f262818cada6899634354138
Details	md5	1	efad51e48d585b639d974fcf39f7ee07
Details	md5	1	118b6673bd06c8eb082296a7b35f8fa5
Details	sha1	1	b540e3682457f2499b687fa0cd213b03ba77290c
Details	IPv4	4	118.0.0.0
Details	IPv4	1	185.244.30.218
Details	IPv4	1	79.134.225.17
Details	IPv4	1	103.212.81.155
Details	IPv4	1	103.212.81.157
Details	MITRE ATT&CK Techniques	348	T1036
Details	Url	1	https://github.com/agbusi/ikeketeorie/blob/main/transaction_ref_jpg.zip
Details	Url	1	https://raw.githubusercontent.com/agbusi/ikeketeorie/main/transaction_ref_jpg.zip
Details	Url	1	https://github.com/agbusi/compliance/blob/main/moneygram_global_compliance_pdf.zip
Details	Url	1	https://raw.githubusercontent.com/agbusi/compliance/main/moneygram_global_compliance_pdf.zip
Details	Url	1	https://github.com/agbusi/singapore/blob/main/swift_copy_jpg.zip
Details	Url	1	https://raw.githubusercontent.com/agbusi/singapore/main/swift_copy_jpg.zip
Details	Url	1	https://github.com/vectorvector11/transaction/blob/main/moneygram_aml_compliance_review.pdf.zip
Details	Url	1	https://raw.githubusercontent.com/vectorvector11/transaction/main/moneygram_aml_compliance_review.pdf.zip
Details	Url	1	https://github.com/conel10/deal/raw/main/transaction_details_jpg.zip
Details	Url	1	https://raw.githubusercontent.com/conel10/deal/main/transaction_details_jpg.zip
Details	Url	1	https://github.com/winners101/admin/raw/main/transaction_ref_01302024_jpg.zip
Details	Url	1	https://raw.githubusercontent.com/winners101/admin/main/transaction_ref_01302024_jpg.zip
Details	Url	1	https://gitlab.com/godicolony4040/dox05/-
Details	Url	1	http://mdytreudsgurifedei.ddns.net:9708
Details	Url	1	http://kiftpuseridsfryiri.ddns.net:8907
Details	Url	1	http://hudukpgdgfytpddswq.ddns.net:8843
Details	Url	1	http://ykderpgdgopopfuvgt.ddns.net:7891
Details	Url	1	https://www.crowdstrike.com/adversaries/solar-spider
Details	Url	1	https://yoroi.company/en/research/financial-institutions-in-the-sight-of-new-jsoutprox-attack-waves
Details	Url	1	https://www.seqrite.com/documents/en/white-papers/whitepaper-multi-staged-jsoutprox-rat-target-india...
Details	Url	1	https://securityaffairs.com/95438/malware/jsoutprox-enterprise-grade-implant.html
Details	Url	1	https://www.fortinet.com/blog/threat-research/adversary-playbook-javascript-rat-looking-for-that-gov...
Details	Domain	20	my.com
Details	Domain	30	pdf.zip
Details	Domain	4127	github.com
Details	Domain	291	raw.githubusercontent.com
Details	Domain	67	gitlab.com
Details	Domain	1	696162127010102.zip
Details	Domain	20	obfuscator.io
Details	Domain	372	wscript.shell
Details	Domain	1	mdytreudsgurifedei.ddns.net
Details	Domain	1	kiftpuseridsfryiri.ddns.net
Details	Domain	1	hudukpgdgfytpddswq.ddns.net