ONNX Store: Phishing-as-a-Service Platform Targeting Financial Institution
Tags
cmtmf-attack-pattern: Obfuscated Files Or Information
country: Argentina United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Adversary-In-The-Middle - T1638 Adversary-In-The-Middle - T1557 Credentials - T1589.001 Domain Fronting - T1090.004 Domains - T1583.001 Domains - T1584.001 Exfiltration Over Web Service - T1567 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Javascript - T1059.007 Obfuscated Files Or Information - T1406 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Standard Encoding - T1132.001 Steal Web Session Cookie - T1539 Tool - T1588.002 Connection Proxy - T1090 Data Encoding - T1132 Domain Fronting - T1172 Email Collection - T1114 Obfuscated Files Or Information - T1027 Remote Desktop Protocol - T1076 Spearphishing Attachment - T1193 User Execution - T1204 Spearphishing Attachment User Execution
Show in Graph
Common Information
Type Value
UUID cc8f8aba-034e-46db-bded-7b8d84b47f55
Fingerprint b4008d5ba30234e0
Analysis status DONE
Considered CTI value 2
Text language
Published June 18, 2024, midnight
Added to db Aug. 31, 2024, 12:35 a.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline ONNX Store: Phishing-as-a-Service Platform Targeting Financial Institution
Title ONNX Store: Phishing-as-a-Service Platform Targeting Financial Institution
Detected Hints/Tags/Attributes 105/4/53
Source URLs
Redirection Url
Details Source https://blog.eclecticiq.com/onnx-store-targeting-financial-institution
URL Provider
Details Provider Source level domain
Details eclecticiq.com blog.eclecticiq.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 32 EclecticIQ Blog https://blog.eclecticiq.com/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 94 
bing.com
Details Domain 1 
httbin.org
Details Domain 14 
ipapi.co
Details Domain 1 
authmicronlineonfication.com
Details Domain 1 
verify-office-outlook.com
Details Domain 1 
stream-verify-login.com
Details Domain 1 
zaq.gletber.com
Details Domain 1 
v744.r9gh2.com
Details Domain 1 
bsifinancial019.ssllst.cloud
Details Domain 1 
473.kernam.com
Details Domain 1 
docusign.multiparteurope.com
Details Domain 1 
56789iugtfrd5t69i9ei9die9di9eidy7u889.rhiltons.com
Details Domain 1 
agchoice.us-hindus.com
Details Domain 1 
onnx.su
Details Domain 18 
cti.eclecticiq.com
Details Domain 49 
eclecticiq.com
Details Domain 58 
www.cloudflare.com
Details Domain 50 
cloud.google.com
Details Domain 4 
crax.tube
Details Domain 124 
www.sentinelone.com
Details Domain 118 
sekoia.io
Details Email 47 
research@eclecticiq.com
Details md5 1 
77e03c77a2bdbc09d5279fa316a35db0
Details md5 1 
0250a5ba26791e7ffddb4b294d486479
Details sha256 1 
432b1b688e21e43d2ccc68e040b3ecac4734b7d1d4356049f9e1297814627cb3
Details sha256 1 
47b12127c3d1d2af24f6d230e8e86a7b0c661b4e70ba3b77a9beca4998a491ea
Details sha256 1 
51fdaa65511e7c3a8d4d08af59d310a2ad8a18093ca8d3c817147d79a89f44a1
Details sha256 1 
f99b01620ef174bb48e22e54327ca9cffa4520868f49a41c524b81ab6d935070
Details sha256 1 
52e04c615b08af10b4982506c1cee74cb062116d31f0300ed027f6efd3119b1a
Details sha256 1 
3d58733b646431a60d39394be99ff083d6db3583796b503e8422baebed8d097e
Details sha256 1 
702008cae9a145741e817e6c6566cd1d79c737d51b718f13a2d16d72a00cd5a7
Details sha256 1 
908af49857b6f5d1e0384a5e6fc8ee53ca1df077601843ebdd7fc8a4db8bcb12
Details sha256 1 
d3b03f79cf1d088d2ed41e25c961e9945533aeabb93eac2d33ebc4b589ba6172
Details sha256 1 
4751234ac4e1b0a5d4685b870de1ea1a7754258977f5d1d9534631c09c748732
Details sha256 1 
0f5be6f53fe198ca32d82a75339fe832b70d676563ce8b7ca446d1902b926856
Details IPv4 1 
5.181.156.247
Details MITRE ATT&CK Techniques 310 
T1566.001
Details MITRE ATT&CK Techniques 420 
T1204
Details MITRE ATT&CK Techniques 99 
T1539
Details MITRE ATT&CK Techniques 126 
T1567
Details MITRE ATT&CK Techniques 99 
T1132.001
Details MITRE ATT&CK Techniques 627 
T1027
Details MITRE ATT&CK Techniques 14 
T1090.004
Details MITRE ATT&CK Techniques 89 
T1114
Details MITRE ATT&CK Techniques 21 
T1557
Details Url 13 
https://cti.eclecticiq.com/taxii/discovery.
Details Url 1 
https://www.cloudflare.com/learning/security/what-is-quishing
Details Url 1 
https://cloud.google.com/blog/topics/threat-intelligence/caffeine-phishing-service-platform
Details Url 2 
https://crax.tube
Details Url 1 
https://www.sentinelone.com/cybersecurity-101/what-is-an-adversary-in-the-middle-aitm-attack
Details Url 1 
https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit
Details Url 1 
https://www.darkreading.com/threat-intelligence/sale-of-stolen-credentials-and-initial-access-dominate-dark-web-markets
Details Yara rule 1 
rule HUNT_CRIME_ONNX_PHISHING_URL {
	meta:
		description = "Searches for default ONNX Store API error"
		author = "Arda Buyukkaya"
		date = "2024-05-23"
		hash = "77e03c77a2bdbc09d5279fa316a35db0"
	strings:
		$contact_link = "https://t.me/ONNXIT"
		$support_message = "Please contact <a href='https://t.me/ONNXIT'>ONNX              SUPPORT</a>"
		$expired_api = "Your API has been expired"
	condition:
		all of them
}