[x] Block JSOutProx malware targeting VISA institutions and their customers.
Description
JSOutProx, is targeting financial services and organizations in the APAC and MENA regions. JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET. It employs the .NET (de)serialization feature to interact with a core JavaScript module running on the victim's machine. Once executed, the malware enables the framework to load various plugins, which conduct additional malicious activities on the target. This malware was first identified in 2019 and was initially attributed to SOLAR SPIDER's phishing campaigns, which delivered the JSOutProx RAT to financial institutions across Africa, the Middle East, South Asia and Southeast Asia.
Enhancement idea
JSOutProx
malware targeting VISA institutions and their customers.Description
JSOutProx
, is targeting financial services and organizations in the APAC and MENA regions.JSOutProx
is a sophisticated attack framework utilizing both JavaScript and .NET. It employs the .NET (de)serialization feature to interact with a core JavaScript module running on the victim's machine. Once executed, the malware enables the framework to load various plugins, which conduct additional malicious activities on the target. This malware was first identified in 2019 and was initially attributed toSOLAR SPIDER's
phishing campaigns, which delivered theJSOutProx
RAT to financial institutions across Africa, the Middle East, South Asia and Southeast Asia.Links
https://www.resecurity.com/blog/article/the-new-version-of-jsoutprox-is-attacking-financial-institutions-in-apac-and-mena-via-gitlab-abuse
IOC
I2P websites
n/a
IPFS websites
n/a
Tor2web websites
n/a
TOR websites
n/a
URL's
n/a
Folders
Above: The accounts are now
404
.Sub-Domains
Above: Already blocking
ddns.net
free dns service.Domains
n/a
IP's
ASN's
n/a
Emails
Wallet addresses
n/a
Mining pool addresses
n/a