ioc[.]one - OSINT Cyber Threat Intelligence Database

Attack on Indian Government, Financial Institutions | blog

Tags

country:	India Poland
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dynamic Dns - T1311 Dynamic Dns - T1333 File And Directory Discovery - T1420 Javascript - T1059.007 Junk Data - T1001.001 Mshta - T1218.005 Non-Standard Port - T1509 Non-Standard Port - T1571 Python - T1059.006 Registry Run Keys / Startup Folder - T1547.001 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 System Shutdown/Reboot - T1529 File And Directory Discovery - T1083 Mshta - T1170 Registry Run Keys / Start Folder - T1060 Screen Capture - T1113 Software Packing - T1045 Windows Management Instrumentation - T1047 Uncommonly Used Port - T1065 Screen Capture

Show in Graph

Common Information

Type	Value
UUID	8d9970d8-e64e-4941-afcc-171e13a59e97
Fingerprint	ac151d1a003abe88
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 11, 2020, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Targeted Attacks on Indian Government and Financial Institutions Using the JsOutProx RAT
Title	Attack on Indian Government, Financial Institutions \| blog
Detected Hints/Tags/Attributes	88/3/32

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/research/targeted-attacks-indian-government-and-financial-institutions-using-jsoutprox-rat
Details	Source	https://www.zscaler.com/blogs/security-research/targeted-attacks-indian-government-and-financial-institutions-using-jsoutprox-rat

URL Provider

Details	Provider	Source level domain
Details	zscaler.com	www.zscaler.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	hosteam.pl
Details	Domain	1	smtp10.relay.iad3b.emailsrvr.com
Details	Domain	1	syeds-at-rockwellinternationalschool.com
Details	Domain	1	unused-31-133-6-113.hosteam.pl
Details	Domain	41	ddns.net
Details	Domain	1	scndppe.ddns.net
Details	Domain	1	fm.es
Details	Domain	1	fm.mv
Details	Domain	1	fm.ren
Details	Domain	1	sc.mv
Details	Domain	1	sc.ky
Details	Domain	1	backjaadra.ddns.net
Details	File	1	kcc_saturation_letter_to_all_stcbs_rrbs_pdf.zip
Details	File	1	hosteam.pl
Details	File	1	jhkgdldsgf.jar
Details	File	1	fm.nd
Details	File	1	fm.chm
Details	File	44	javaw.exe
Details	File	1	c:\users\user\appdata\roaming\jhkgdldsgf.jar
Details	md5	1	23b32dce9e3a7c1af4534fe9cf7f461e
Details	md5	1	0ac306c29fde5e710ae5d022d78769f6
Details	IPv4	1	31.133.6.113
Details	IPv4	619	0.0.0.0
Details	MITRE ATT&CK Techniques	29	T1045
Details	MITRE ATT&CK Techniques	279	T1060
Details	MITRE ATT&CK Techniques	219	T1113
Details	MITRE ATT&CK Techniques	48	T1529
Details	MITRE ATT&CK Techniques	12	T1170
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	26	T1065
Details	MITRE ATT&CK Techniques	310	T1047
Details	Windows Registry Key	188	HKCU\Software\Microsoft\Windows\CurrentVersion\Run