ioc[.]one - OSINT Cyber Threat Intelligence Database

Backdoored Browser Extensions Hid Malicious Traffic in Analytics Requests - Avast Threat Labs

Tags

country:	Brazil France Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Model Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Browser Extensions - T1176

Show in Graph

Common Information

Type	Value
UUID	8bd74f12-923f-4022-bfd1-84c7a3891b69
Fingerprint	1c429b00392d06a3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 3, 2021, 10:43 a.m.
Added to db	Sept. 11, 2022, 12:30 p.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Backdoored Browser Extensions Hid Malicious Traffic in Analytics Requests
Title	Backdoored Browser Extensions Hid Malicious Traffic in Analytics Requests - Avast Threat Labs
Detected Hints/Tags/Attributes	64/3/65

Source URLs

	Redirection	Url
Details	Source	https://decoded.avast.io/janvojtesek/backdoored-browser-extensions-hid-malicious-traffic-in-analytics-requests/

URL Provider

Details	Provider	Source level domain
Details	avast.io	decoded.avast.io

Attributes

Details	Type	#Events	Value
Details	Domain	1	stats.script-protection.com
Details	Domain	1	ulkon.johnoil.com
Details	Domain	17	myaccount.google.com
Details	Domain	1	orgun.johnoil.com
Details	Domain	330	facebook.com
Details	Domain	1	servscrpt.de
Details	Domain	52	window.open
Details	Domain	1	serviceimg.de
Details	Domain	4128	github.com
Details	Domain	1	abuse-extensions.com
Details	Domain	1	ampliacion.xyz
Details	Domain	1	xfreeservice.com
Details	Domain	1	browser-stat.com
Details	Domain	1	check-stat.com
Details	Domain	1	check4.scamprotection.net
Details	Domain	1	connecting-to-the.net
Details	Domain	1	cornewus.com
Details	Domain	1	downloader-ig.com
Details	Domain	1	exstats.com
Details	Domain	1	ext-feedback.com
Details	Domain	1	extstatistics.com
Details	Domain	1	figures-analysis.com
Details	Domain	1	huffily.mydiaconal.com
Details	Domain	1	jastats.com
Details	Domain	1	jokopinter.com
Details	Domain	1	limbo-urg.com
Details	Domain	1	mydiaconal.com
Details	Domain	1	notification-stat.com
Details	Domain	1	outstole.my-sins.com
Details	Domain	1	peta-line.com
Details	Domain	1	root.s-i-z.com
Details	Domain	73	s3.amazonaws.com
Details	Domain	1	safenewtab.com
Details	Domain	1	script-protection.com
Details	Domain	1	server-status.xyz
Details	Domain	1	statslight.com
Details	Domain	1	user-experience.space
Details	Domain	1	user-feedbacks.com
Details	Domain	1	user.ampliacion.xyz
Details	Domain	1	xf.gdprvalidate.de
Details	File	86	manifest.json
Details	File	40	jquery.js
Details	File	40	background.js
Details	File	17	__utm.gif
Details	File	1	localstorage.dat
Details	File	13	chrome.tab
Details	File	30	s.exe
Details	File	1	j6dle93f17c30.js
Details	File	1	ga9anf7c53390.js
Details	File	1	hc8e0ccd7266c.js
Details	File	1	instagram-downloader.js
Details	File	1206	index.php
Details	Github username	12	avast
Details	sha256	1	2bc86c14609928183bf3d94e1b6f082a07e6ce0e80b1dffc48d3356b6942c051
Details	sha256	1	bdd2ec1f2e5cc0ba3980f7f96cba5bf795a6e012120db9cab0d8981af3fa7f20
Details	sha256	1	3dad00763b7f97c27d481242bafa510a89fed19ba60c9487a65fa4e86dcf970d
Details	sha256	1	4e236104f6e155cfe65179e7646bdb825078a9fea39463498c5b8cd99d409e7a
Details	sha256	1	ebf6ca39894fc7d0e634bd6747131efbbd0d736e65e68dcc940e3294d3c93df4
Details	sha256	1	0f99ec8031d482d3cefa979fbd61416558e03a5079f43c2d31aaf4ea20ce28a0
Details	Url	1	https://stats.script-protection.com/__utm.gif
Details	Url	2	https://myaccount.google.com/birthday
Details	Url	1	https://orgun.johnoil.com/link
Details	Url	12	https://facebook.com
Details	Url	1	https://go.lnkam.com/link/r?u=https://www.facebook.com
Details	Url	1	https://github.com/avast/ioc/tree/master/cacheflow.