Rocket Loader skimmer impersonates CloudFlare library in clever scheme | Malwarebytes Labs
Tags
| country: | Portugal |
| attack-pattern: | Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 4da636ae-db17-465e-bc26-d8d2c99d7d0a |
| Fingerprint | 360409c98a16e229 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | March 10, 2020, midnight |
| Added to db | Jan. 18, 2023, 8:36 p.m. |
| Last updated | Nov. 15, 2024, 1:38 p.m. |
| Headline | Rocket Loader skimmer impersonates CloudFlare library in clever scheme |
| Title | Rocket Loader skimmer impersonates CloudFlare library in clever scheme | Malwarebytes Labs |
| Detected Hints/Tags/Attributes | 33/2/10 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | https.ps |
|
| Details | Domain | 4 | http.ps |
|
| Details | Domain | 2 | e4.ms |
|
| Details | Domain | 3 | autocapital.pw |
|
| Details | Domain | 154 | urlscan.io |
|
| Details | Domain | 3 | xxx-club.pw |
|
| Details | Domain | 3 | y5.ms |
|
| Details | File | 1 | http.ps |
|
| Details | IPv4 | 3 | 83.166.248.67 |
|
| Details | IPv4 | 3 | 83.166.244.189 |