This repositroy contains IOCs and signatures related to Redirection Roulette threat. Add them to your Threat Intelligence feed ASAP. Thousands of hijacked websites in East Asia redirecting visitors to other sites.
Note that this attack was occured recently in Oct 2022 and there could be some more IOCs,but below IOCs are active and spawned recently.
T1055 - Process Injection, T1059 - Command and Scripting Interpreter, T1036 - Masquerading, T1059.007 - JavaScript, T1001 - Data Obfuscation
172.81.104.64 (Scanning Host)
ed7970300fa87fefdd991d68166cbd5ca6c3f5e0b90202a24c73bb048325ec62 deb980b8dbce4914e4ce5f5b9c1245d5aef9dc58ba530b8b1f4a63d0669aee2d c1049a0e6437f01007b2c4eeb2ce1bcfa4f2e1ece02bef617d3adb1b76b7fb1c abdf025595c1e544d7a33432d4a8b2ed0a0170bc4d1657312396e14d277dc2d1 a39970152a2d753c4fb449b15617820c72d02c3489f99155131f68376edc714e 952a70429797ca33ffc8d3344feec6c24ff4b72e03c01dbc0bd12967d5688fbb 8ac547a78fb6a06aaac7562be6423362b4ac23e5dd89ab82819f2116688f76e8 7873091e8596080c441dd07dae1f6bb6486aa160e9f3fc728425ae3293420d62 76acbfd3312024f2c3046ead1c6da8d1bb832cb9e71fe74a4977f9e30067cfb3 7259f39c86e94cf04b5843946e669e093955d37ca2e7ea1dd88fdd5d63698f61 6b5313f3ef4b260bebe59df8af4f1f1b7c112e0def8666d57e6033db381dea2c 5e100ab9bfb7fea33e294f56ece82cfd50c8f5cce86aaacc6bd50f4c58ccaec7 50bf3385e888eee5e31a92d71c9a194b3bdfb62760b9cc069b962ef9d3b5646f 4770fdd231dccd6775a561fbf9c9dc16c0009aaea934107f5d7e9a79e10295d7 30ec43c09bc09a4224001acb4af67126d5f2c58a2120c3e9f606c719ab6c826b 271a25666415ef308797072fbd710d8ddba82d181010182dedd1384bac0a5c3c 0a1cecea008b34bcbc8db9f4f56077a02492b3970cfe59fd8e96a08655c81cc2 08d6092832ab0631cb45415707fe6e262a205d1809a064ed9aa577647a39ba8e
[http://]tpc.cdn-linkedin.info/js/vendor.5b3ca61.js
[http://]stat.51sdk.org/b8nb3Ww5CtxpZis2
[http://]beacon-v2.helpscout.help/static/js/vendor.06c7227b.js