Financial Institutions in the Sight of New JsOutProx Attack Waves - Yoroi
Tags
cmtmf-attack-pattern: Masquerading
maec-delivery-vectors: Watering Hole
attack-pattern: Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Mshta - T1218.005 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Tool - T1588.002 Connection Proxy - T1090 Masquerading - T1036 Mshta - T1170 Powershell - T1086 Scripting - T1064 Signed Binary Proxy Execution - T1218 Masquerading Scripting
Show in Graph
Common Information
Type Value
UUID 9299a4cd-32e7-4354-aed7-a23ec89b4427
Fingerprint b0079367a1a082b1
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 31, 2021, 9 a.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Financial Institutions in the Sight of New JsOutProx Attack Waves
Title Financial Institutions in the Sight of New JsOutProx Attack Waves - Yoroi
Detected Hints/Tags/Attributes 70/3/30
Source URLs
Redirection Url
Details Source https://yoroi.company/research/financial-institutions-in-the-sight-of-new-jsoutprox-attack-waves/
URL Provider
Details Provider Source level domain
Details yoroi.company yoroi.company
Attributes
Details Type #Events CTI Value
Details Domain 1 
as.sa
Details Domain 1 
as.st
Details Domain 1 
fi.mv
Details Domain 1 
fi.ren
Details Domain 1 
fi.es
Details Domain 1 
fi.do
Details Domain 1 
fi.uz
Details Domain 1 
fi.az
Details Domain 1 
fi.dz
Details Domain 2 
fi.st
Details Domain 1 
jv.st
Details Domain 1 
mv.st
Details Domain 1 
pr.rs
Details Domain 1 
pr.rw
Details Domain 1 
sp.kp
Details Domain 1 
sp.su
Details Domain 1 
sp.sd
Details Domain 1 
sp.mv
Details Domain 1 
dilideanter.zapto.org
Details File 46 
microsoft.xml
Details File 2 
fi.nd
Details File 376 
wscript.exe
Details sha256 1 
65987f95b365501579431ea8dec1d45940430d8c9defad58908a14e6fb96a347
Details MITRE ATT&CK Techniques 348 
T1036
Details MITRE ATT&CK Techniques 121 
T1218
Details Url 1 
http://dilideanter.zapto.org
Details Windows Registry Key 1 
HKLM\SYSTEM\CurrentControlSet\Control\Nls\CodePage\ACP
Details Windows Registry Key 1 
HKUS
Details Windows Registry Key 1 
HKLM\SYSTEM\CurrentControlSet\Control\Nls\CodePage\OEMCP
Details Yara rule 1 
rule JsOutProx_v2 {
	meta:
		description = "Yara Rule for JsOutProx_v2"
		author = "Yoroi Malware Zlab"
		last_updated = "2021_07_29"
		tlp = "white"
		category = "informational"
	strings:
		$s1 = /uA\[[a-zA-Z]/ ascii wide
		$s2 = /u[A-Z]\(/ ascii wide
	condition:
		#s1 > 800 and #s2 > 4000 and (filesize > 1500KB)
}