SYMBOLCOMMON_NAMEaka. SYNONYMS
win.jsoutprox (Back to overview)

JSOutProx

Actor(s): SOLAR SPIDER


JSOutProx is a sophisticated attack framework built using both Javascript and .NET. It uses the .NET (de)serialization feature to interact with a Javascript file which is the core module running on a victim machine. Once the malware is run on the victim, the framework can load several plugins performing additional malicious activities on the target.

References
2022-04-01Quick HealQuick Heal
@techreport{heal:20220401:multistaged:ca03aba, author = {Quick Heal}, title = {{Multi-Staged JSOutProx RAT Target Indian Co-Operative Banks and Finance Companies}}, date = {2022-04-01}, institution = {Quick Heal}, url = {https://www.seqrite.com/documents/en/white-papers/whitepaper-multi-staged-jsoutprox-rat-target-indian-co-operative-banks-and-finance-companies.pdf}, language = {English}, urldate = {2022-04-05} } Multi-Staged JSOutProx RAT Target Indian Co-Operative Banks and Finance Companies
JSOutProx
2021-10-21Quick HealSameer Patil
@online{patil:20211021:multistaged:7dcd0d7, author = {Sameer Patil}, title = {{Multi-Staged JSOutProx RAT Targets Indian Co-operative Banks and Finance Companies}}, date = {2021-10-21}, organization = {Quick Heal}, url = {https://blogs.quickheal.com/multi-staged-jsoutprox-rat-targets-indian-cooperative-banks-and-finance-companies/}, language = {English}, urldate = {2021-11-02} } Multi-Staged JSOutProx RAT Targets Indian Co-operative Banks and Finance Companies
JSOutProx
2021-08-31YoroiLuigi Martire, Luca Mella, Yoroi
@online{martire:20210831:financial:e78f0cc, author = {Luigi Martire and Luca Mella and Yoroi}, title = {{Financial Institutions in the Sight of New JsOutProx Attack Waves}}, date = {2021-08-31}, organization = {Yoroi}, url = {https://yoroi.company/research/financial-institutions-in-the-sight-of-new-jsoutprox-attack-waves/}, language = {English}, urldate = {2021-09-09} } Financial Institutions in the Sight of New JsOutProx Attack Waves
JSOutProx
2021-02-23CrowdStrikeCrowdStrike
@techreport{crowdstrike:20210223:2021:bf5bc4f, author = {CrowdStrike}, title = {{2021 Global Threat Report}}, date = {2021-02-23}, institution = {CrowdStrike}, url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf}, language = {English}, urldate = {2021-02-25} } 2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader KNOCKOUT SPIDER OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER
2020-12-16FortinetFred Gutierrez, Val Saengphaibul
@online{gutierrez:20201216:adversary:3b3781a, author = {Fred Gutierrez and Val Saengphaibul}, title = {{Adversary Playbook: JavaScript RAT Looking for that Government Cheese}}, date = {2020-12-16}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/adversary-playbook-javascript-rat-looking-for-that-government-cheese}, language = {English}, urldate = {2021-01-18} } Adversary Playbook: JavaScript RAT Looking for that Government Cheese
JSOutProx
2020-05-11ZscalerSudeep Singh
@online{singh:20200511:targeted:cf94e5a, author = {Sudeep Singh}, title = {{Targeted Attacks on Indian Government and Financial Institutions Using the JsOutProx RAT}}, date = {2020-05-11}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/research/targeted-attacks-indian-government-and-financial-institutions-using-jsoutprox-rat}, language = {English}, urldate = {2020-05-23} } Targeted Attacks on Indian Government and Financial Institutions Using the JsOutProx RAT
JSOutProx
2019-12-21Twitter (@zlab_team)Z-Lab
@online{zlab:20191221:possible:330f06e, author = {Z-Lab}, title = {{Tweet on Possible New Threatactor}}, date = {2019-12-21}, organization = {Twitter (@zlab_team)}, url = {https://twitter.com/zlab_team/status/1208022180241530882}, language = {English}, urldate = {2020-01-08} } Tweet on Possible New Threatactor
JSOutProx
2019-12-20YoroiAntonio Farina, Luca Mella, Antonio Pirozzi
@online{farina:20191220:unveiling:0abaa1d, author = {Antonio Farina and Luca Mella and Antonio Pirozzi}, title = {{Unveiling JsOutProx: A New Enterprise Grade Implant}}, date = {2019-12-20}, organization = {Yoroi}, url = {https://blog.yoroi.company/research/unveiling-jsoutprox-a-new-enterprise-grade-implant/}, language = {English}, urldate = {2021-06-16} } Unveiling JsOutProx: A New Enterprise Grade Implant
JSOutProx

There is no Yara-Signature yet.