q-logger skimmer keeps Magecart attacks going
Tags
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Javascript - T1059.007 |
Common Information
| Type | Value |
|---|---|
| UUID | 82a874ed-69cf-4a93-8aab-158469281fce |
| Fingerprint | 82b510db0103e56d |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Oct. 19, 2021, midnight |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 17, 2024, 8:43 p.m. |
| Headline | q-logger skimmer keeps Magecart attacks going |
| Title | q-logger skimmer keeps Magecart attacks going |
| Detected Hints/Tags/Attributes | 34/1/203 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | filltobill5.casa |
|
| Details | Domain | 2 | netmail.tk |
|
| Details | Domain | 1 | emlhub.com |
|
| Details | Domain | 1 | macosnine.com |
|
| Details | Domain | 1 | adminet.site |
|
| Details | Domain | 1 | adminet.space |
|
| Details | Domain | 1 | amasterweb.site |
|
| Details | Domain | 1 | analistcloud.space |
|
| Details | Domain | 1 | analistnet.site |
|
| Details | Domain | 1 | analistnet.space |
|
| Details | Domain | 1 | analistsite.site |
|
| Details | Domain | 1 | analistsite.space |
|
| Details | Domain | 1 | analisttab.site |
|
| Details | Domain | 1 | analisttab.space |
|
| Details | Domain | 1 | analistweb.site |
|
| Details | Domain | 1 | analistweb.space |
|
| Details | Domain | 1 | analitic-tab.site |
|
| Details | Domain | 1 | analitic-tab.space |
|
| Details | Domain | 1 | analiticnet.site |
|
| Details | Domain | 1 | analitics-tab.site |
|
| Details | Domain | 1 | analiticsnet.site |
|
| Details | Domain | 1 | analiticstab.site |
|
| Details | Domain | 1 | analiticstab.space |
|
| Details | Domain | 1 | analitictab.site |
|
| Details | Domain | 1 | analitictab.space |
|
| Details | Domain | 1 | analiticweb.site |
|
| Details | Domain | 1 | analizeport.site |
|
| Details | Domain | 1 | analizerete.site |
|
| Details | Domain | 1 | analylicweb.site |
|
| Details | Domain | 1 | analystclick.site |
|
| Details | Domain | 1 | analysttraffic.site |
|
| Details | Domain | 1 | analystview.site |
|
| Details | Domain | 1 | analystweb.site |
|
| Details | Domain | 1 | analyticlick.site |
|
| Details | Domain | 1 | analyticmanager.site |
|
| Details | Domain | 1 | analyticview.site |
|
| Details | Domain | 1 | aneweb.site |
|
| Details | Domain | 1 | bublegum.xyz |
|
| Details | Domain | 1 | cdnetworker.site |
|
| Details | Domain | 1 | cleanerjs.site |
|
| Details | Domain | 1 | clickanalyst.site |
|
| Details | Domain | 1 | clickanalytic.site |
|
| Details | Domain | 1 | cloudtester.site |
|
| Details | Domain | 1 | cocolatest.sbs |
|
| Details | Domain | 1 | commenter.site |
|
| Details | Domain | 1 | connectweb.space |
|
| Details | Domain | 1 | domainclean.site |
|
| Details | Domain | 1 | domainet.site |
|
| Details | Domain | 1 | domainet.space |
|
| Details | Domain | 1 | fastester.site |
|
| Details | Domain | 1 | fastjspage.site |
|
| Details | Domain | 1 | fastupload.site |
|
| Details | Domain | 1 | foosq.one |
|
| Details | Domain | 1 | foundanalyst.site |
|
| Details | Domain | 1 | foundanalytic.site |
|
| Details | Domain | 1 | fullka.online |
|
| Details | Domain | 1 | goos1.store |
|
| Details | Domain | 1 | gudini.cam |
|
| Details | Domain | 1 | hardtester.site |
|
| Details | Domain | 1 | hostcontrol.space |
|
| Details | Domain | 1 | httpanel.site |
|
| Details | Domain | 1 | indokitel.xyz |
|
| Details | Domain | 1 | interage.site |
|
| Details | Domain | 1 | ipcounter.space |
|
| Details | Domain | 1 | itoltuico.cyou |
|
| Details | Domain | 1 | itsector.date |
|
| Details | Domain | 1 | jscleaner.site |
|
| Details | Domain | 1 | lanetester.site |
|
| Details | Domain | 1 | lanlocker.site |
|
| Details | Domain | 1 | linkerange.site |
|
| Details | Domain | 1 | linkerange.space |
|
| Details | Domain | 1 | listmanager.space |
|
| Details | Domain | 1 | loockerweb.site |
|
| Details | Domain | 1 | magengine.site |
|
| Details | Domain | 1 | managerage.site |
|
| Details | Domain | 1 | managerage.space |
|
| Details | Domain | 1 | managertraffic.site |
|
| Details | Domain | 1 | mariaschool.xyz |
|
| Details | Domain | 1 | masterlinker.site |
|
| Details | Domain | 1 | masternet.space |
|
| Details | Domain | 1 | masterport.site |
|
| Details | Domain | 1 | mediaconservative.xyz |
|
| Details | Domain | 1 | minanalize.site |
|
| Details | Domain | 1 | minimazerjs.site |
|
| Details | Domain | 1 | netanalist.site |
|
| Details | Domain | 1 | netanalist.space |
|
| Details | Domain | 1 | netanalisttest.space |
|
| Details | Domain | 1 | netanalitic.site |
|
| Details | Domain | 1 | netanalitic.space |
|
| Details | Domain | 1 | netanalitics.site |
|
| Details | Domain | 1 | netcontrol.site |
|
| Details | Domain | 1 | netpanel.site |
|
| Details | Domain | 1 | netstart.space |
|
| Details | Domain | 1 | nettingpanel.site |
|
| Details | Domain | 1 | nettingtest.site |
|
| Details | Domain | 1 | nettraffic.site |
|
| Details | Domain | 1 | ollaholla.cyou |
|
| Details | Domain | 1 | onehitech.casa |
|
| Details | Domain | 1 | ownerpage.site |
|
| Details | Domain | 1 | pagecleaner.site |
|
| Details | Domain | 1 | pagegine.site |
|
| Details | Domain | 1 | pageloader.site |
|
| Details | Domain | 1 | pagenator.site |
|
| Details | Domain | 1 | pagestater.site |
|
| Details | Domain | 1 | pagesupport.site |
|
| Details | Domain | 1 | panelake.site |
|
| Details | Domain | 1 | panelake.space |
|
| Details | Domain | 1 | panelan.site |
|
| Details | Domain | 1 | panelblock.site |
|
| Details | Domain | 1 | panelnetting.site |
|
| Details | Domain | 1 | panelocker.site |
|
| Details | Domain | 1 | pinokio.online |
|
| Details | Domain | 1 | planetspeed.site |
|
| Details | Domain | 1 | producteditor.site |
|
| Details | Domain | 1 | retenetweb.site |
|
| Details | Domain | 1 | rokki.club |
|
| Details | Domain | 1 | saverplanel.site |
|
| Details | Domain | 1 | sectimer.site |
|
| Details | Domain | 1 | securefield.site |
|
| Details | Domain | 1 | seeweb.space |
|
| Details | Domain | 1 | sentech.cyou |
|
| Details | Domain | 1 | showproduct.site |
|
| Details | Domain | 1 | siteanalist.site |
|
| Details | Domain | 1 | siteanalist.space |
|
| Details | Domain | 1 | siteanalitic.site |
|
| Details | Domain | 1 | siteanalitics.site |
|
| Details | Domain | 1 | siteanalyst.site |
|
| Details | Domain | 1 | siteanalytic.site |
|
| Details | Domain | 1 | sitengine.site |
|
| Details | Domain | 1 | sitesecure.space |
|
| Details | Domain | 1 | sitetraffic.site |
|
| Details | Domain | 1 | slickclean.site |
|
| Details | Domain | 1 | slotmanager.site |
|
| Details | Domain | 1 | slotshower.site |
|
| Details | Domain | 1 | smallka.cam |
|
| Details | Domain | 1 | smalltrch.cc |
|
| Details | Domain | 1 | soorkis.one |
|
| Details | Domain | 1 | spaceclean.site |
|
| Details | Domain | 1 | spacecom.site |
|
| Details | Domain | 1 | speedstress.site |
|
| Details | Domain | 1 | speedtester.site |
|
| Details | Domain | 1 | speedtester.space |
|
| Details | Domain | 1 | sslmanager.site |
|
| Details | Domain | 1 | starnetting.site |
|
| Details | Domain | 1 | statetraffic.site |
|
| Details | Domain | 1 | statsclick.site |
|
| Details | Domain | 1 | storepanel.site |
|
| Details | Domain | 1 | suporter.site |
|
| Details | Domain | 1 | tab-analitic.site |
|
| Details | Domain | 1 | tab-analitic.space |
|
| Details | Domain | 1 | tab-analitics.site |
|
| Details | Domain | 1 | tab-analitics.space |
|
| Details | Domain | 1 | tabanalist.site |
|
| Details | Domain | 1 | tabanalist.space |
|
| Details | Domain | 1 | tabanalitic.site |
|
| Details | Domain | 1 | tabanalitic.space |
|
| Details | Domain | 1 | tabanalitics.site |
|
| Details | Domain | 1 | tabanalitics.space |
|
| Details | Domain | 1 | targetag.space |
|
| Details | Domain | 1 | telanet.site |
|
| Details | Domain | 1 | telanet.space |
|
| Details | Domain | 1 | trafficanalyst.site |
|
| Details | Domain | 1 | trafficanalytics.site |
|
| Details | Domain | 1 | trafficcloud.site |
|
| Details | Domain | 1 | trafficsanalist.site |
|
| Details | Domain | 1 | trafficsee.site |
|
| Details | Domain | 1 | trafficweb.site |
|
| Details | Domain | 1 | truetech.cam |
|
| Details | Domain | 1 | unpkgtraffic.site |
|
| Details | Domain | 1 | veeneetech.world |
|
| Details | Domain | 1 | versionhtml.site |
|
| Details | Domain | 1 | viewanalyst.site |
|
| Details | Domain | 1 | viewanalytic.site |
|
| Details | Domain | 1 | webanalist.site |
|
| Details | Domain | 1 | webanalist.space |
|
| Details | Domain | 1 | webanalitic.site |
|
| Details | Domain | 1 | webanalitics.site |
|
| Details | Domain | 1 | webanalylic.site |
|
| Details | Domain | 1 | webanalyst.site |
|
| Details | Domain | 1 | webmode.site |
|
| Details | Domain | 1 | webmoder.space |
|
| Details | Domain | 1 | welltech.bar |
|
| Details | Domain | 1 | welltech.monster |
|
| Details | Domain | 1 | welltech.rest |
|
| Details | 1 | wxugvvvu@netmail.tk |
||
| Details | 1 | isgskpys@netmail.tk |
||
| Details | 2 | zulhqmnr@netmail.tk |
||
| Details | 1 | yzzljjkmc@emlhub.com |
||
| Details | 1 | foyiy11183@macosnine.com |
||
| Details | File | 218 | min.js |
|
| Details | File | 3 | 7.js |
|
| Details | File | 2 | mobile.js |
|
| Details | File | 11 | utils.js |
|
| Details | File | 19 | 1.js |
|
| Details | File | 3 | 6.js |
|
| Details | File | 1 | tag.js |
|
| Details | File | 26 | 0.js |
|
| Details | File | 5 | common.js |
|
| Details | File | 4 | 3.js |
|
| Details | File | 62 | script.js |
|
| Details | Url | 1 | https://filltobill5.casa |
|
| Details | Yara rule | 1 | rule qlogger_loader_WebSkimmer : Magecart WebSkimmer {
meta:
author = "Malwarebytes"
description = "Magecart (q-logger loader)"
source = "/blog/threat-intelligence/2021/10/q-logger-skimmer-keeps-magecart-attacks-going/"
date = "2021-10-19"
strings:
$regex = /"load",function\(\)\{\(function\(\)\{/
$regex2 = /while\(!!\[\]\)\{try{var/
$regex3 = /\(\w\['shift'\]\(\)\);\}\}\}/
condition:
all of them
} |
|
| Details | Yara rule | 1 | rule qlogger_skimmer_WebSkimmer : Magecart WebSkimmer {
meta:
author = "Malwarebytes"
description = "Magecart (q-logger skimmer)"
source = "/blog/threat-intelligence/2021/10/q-logger-skimmer-keeps-magecart-attacks-going/"
date = "2021-10-19"
strings:
$regex = /return\(!!window\[\w{2}\(/
$regex2 = /\w\(\)&&console\[/
condition:
all of them
} |