ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool OddJob

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: OddJob

NamesOddJob
CategoryMalware
TypeBanking trojan, Backdoor, Info stealer, Credential stealer
Description(IBM) OddJob’s most obvious characteristic is that it is designed to intercept user communications through the browser to steal or inject information and terminate user sessions inside Internet Explorer and Firefox. We have extracted OddJob’s configuration data and concluded that it is capable of performing different actions on targeted websites, depending on its configuration. The code is capable of logging GET and POST requests, grabbing full pages, terminating connections and injecting data into Web pages.

All logged requests and grabbed pages are sent to the C&C server in real time, allowing fraudsters to perform session hijacks — also in real time but hidden from the legitimate user of the online bank account. By tapping the session ID token, which banks use to identify a user’s online banking session, the fraudsters can electronically impersonate the legitimate user and complete a range of banking operations.
Information<https://securityintelligence.com/oddjob-new-financial-trojan-keeps-online-banking-sessions-open-after-users-logout/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.oddjob>

Last change to this tool card: 23 May 2020

Download this tool card in JSON format

All groups using tool OddJob

ChangedNameCountryObserved

APT groups

 Equation GroupUSA2001-Aug 2016X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key