Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Phishing - T1660 Phishing - T1566 Software - T1592.002 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID 5f87ac28-0bc6-4f3c-aa0b-e2bc7b52218d
Fingerprint be013b7069ed8188
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 28, 2023, 8:28 p.m.
Added to db Aug. 31, 2024, 12:36 a.m.
Last updated Nov. 18, 2024, 2:36 a.m.
Headline Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
Title Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
Detected Hints/Tags/Attributes 31/2/15
Source URLs
Redirection Url
Details Source https://blog.confiant.com/exploring-scamclub-payloads-via-deobfuscation-using-abstract-syntax-trees-65ef7f412537?gi=b9933b78cf35&source=rss----4423e6ce17be---4
URL Provider
Details Provider Source level domain
Details confiant.com blog.confiant.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
id.name
Details Domain 1 
path.node.object.name
Details Domain 1 
path.node.property
Details Domain 1 
path.node.id.name
Details Domain 1 
path2.node.callee.name
Details Domain 1 
returnbody.argument.name
Details Domain 7 
confiant.com
Details Domain 6 
ioc.exchange
Details Domain 18 
matrix.org
Details Email 1 
gregory@confiant.com
Details Email 1 
bozoslivehere@ioc.exchange
Details File 674 
node.js
Details File 365 
console.log
Details File 1 
program.opt
Details File 1 
node.obj