ONNX Store: Phishing-as-a-Service Platform Targeting Financial Institution
July 2, 2024, 3:51 p.m.
Description
This intelligence report analyzes the ONNX Store, a phishing-as-a-service platform targeting financial institutions through embedded QR codes in PDF attachments redirecting victims to phishing sites. The report details the platform's features, including two-factor authentication bypass, realistic Microsoft 365 phishing pages, and use of Cloudflare to evade detection. It assesses with high confidence that ONNX Store is a rebranding of the Caffeine phishing kit, likely developed and maintained by the Arabic-speaking threat actor MRxC0DER. The report also covers prevention strategies, detection opportunities, and provides indicators of compromise.
Tags
Date
- Created: July 2, 2024, 3:45 p.m.
- Published: July 2, 2024, 3:45 p.m.
- Modified: July 2, 2024, 3:51 p.m.
Indicators
- f99b01620ef174bb48e22e54327ca9cffa4520868f49a41c524b81ab6d935070
- d3b03f79cf1d088d2ed41e25c961e9945533aeabb93eac2d33ebc4b589ba6172
- 908af49857b6f5d1e0384a5e6fc8ee53ca1df077601843ebdd7fc8a4db8bcb12
- 702008cae9a145741e817e6c6566cd1d79c737d51b718f13a2d16d72a00cd5a7
- 52e04c615b08af10b4982506c1cee74cb062116d31f0300ed027f6efd3119b1a
- 51fdaa65511e7c3a8d4d08af59d310a2ad8a18093ca8d3c817147d79a89f44a1
- 47b12127c3d1d2af24f6d230e8e86a7b0c661b4e70ba3b77a9beca4998a491ea
- 4751234ac4e1b0a5d4685b870de1ea1a7754258977f5d1d9534631c09c748732
- 432b1b688e21e43d2ccc68e040b3ecac4734b7d1d4356049f9e1297814627cb3
- 3d58733b646431a60d39394be99ff083d6db3583796b503e8422baebed8d097e
- 0f5be6f53fe198ca32d82a75339fe832b70d676563ce8b7ca446d1902b926856
- 5.181.156.247
- https://crax.tube/@caffeinestore
- zaq.gletber.com
- v744.r9gh2.com
- docusign.multiparteurope.com
- bsifinancial019.ssllst.cloud
- agchoice.us-hindus.com
- 473.kernam.com
- 56789iugtfrd5t69i9ei9die9di9eidy7u889.rhiltons.com
- verify-office-outlook.com
- stream-verify-login.com
- httbin.org
- crax.tube
- authmicronlineonfication.com
Additional Informations
- Finance