SYMBOLCOMMON_NAMEaka. SYNONYMS
win.jsoutprox (Back to overview)

JSOutProx

Actor(s): SOLAR SPIDER

JSOutProx is a sophisticated attack framework built using both Javascript and .NET. It uses the .NET (de)serialization feature to interact with a Javascript file which is the core module running on a victim machine. Once the malware is run on the victim, the framework can load several plugins performing additional malicious activities on the target.

References
2024-04-03ResecurityResecurity
The New Version Of JsOutProx Is Attacking Financial Institutions In APAC And MENA Via GitLab Abuse
JSOutProx
2022-04-01Quick HealQuick Heal
Multi-Staged JSOutProx RAT Target Indian Co-Operative Banks and Finance Companies
JSOutProx
2021-10-21Quick HealSameer Patil
Multi-Staged JSOutProx RAT Targets Indian Co-operative Banks and Finance Companies
JSOutProx
2021-08-31YoroiLuca Mella, Luigi Martire, Yoroi
Financial Institutions in the Sight of New JsOutProx Attack Waves
JSOutProx
2021-02-23CrowdStrikeCrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER
2020-12-16FortinetFred Gutierrez, Val Saengphaibul
Adversary Playbook: JavaScript RAT Looking for that Government Cheese
JSOutProx
2020-05-11ZscalerSudeep Singh
Targeted Attacks on Indian Government and Financial Institutions Using the JsOutProx RAT
JSOutProx
2019-12-21Twitter (@zlab_team)Z-Lab
Tweet on Possible New Threatactor
JSOutProx
2019-12-20YoroiAntonio Farina, Antonio Pirozzi, Luca Mella
Unveiling JsOutProx: A New Enterprise Grade Implant
JSOutProx

There is no Yara-Signature yet.