By Fred Gutierrez and Val Saengphaibul | December 16, 2020
An Adversary Playbook by FortiGuard Labs
Adversary Playbooks provide detailed threat research on specific malicious campaigns or threat actors so organizations may better understand the threats they face and align their defenses accordingly.
Introduction
FortiGuards Labs recently discovered a malicious campaign targeting verticals in the governmental monetary and financial sectors in Asia. This campaign poses as a central bank of an Asian nation to compel a victim to open a compressed attachment containing a malicious HTA file. Once the HTA file is executed, it contains heavily obfuscated JavaScript that ultimately installs and runs a remote access trojan or RAT. What makes this unique from other attacks in this space is that it utilizes JsOutProx.
The attacker has also been careful to ensure that the campaign goes undiscovered. This playbook highlights the observed campaigns, the attack infrastructure, as well as provide new updates about this unique threat.