ioc[.]one - OSINT Cyber Threat Intelligence Database

Balada Injector still at large – new domains discovered

Tags

country:	Germany Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002

Show in Graph

Common Information

Type	Value
UUID	977ba9ce-de0c-49d1-8dbe-1caa641ac2a7
Fingerprint	a401001388397740
Analysis status	DONE
Considered CTI value	0
Text language
Published	Aug. 9, 2023, 8:10 p.m.
Added to db	Aug. 10, 2023, 11:59 a.m.
Last updated	Nov. 15, 2024, 12:35 p.m.
Headline	Balada Injector still at large – new domains discovered
Title	Balada Injector still at large – new domains discovered
Detected Hints/Tags/Attributes	44/3/27

Source URLs

	Redirection	Url
Details	Redirection	https://securityaffairs.com/149353/cyber-crime/balada-injector-evolution.html?&web_view=true
Details	Source	https://securityaffairs.com/149353/cyber-crime/balada-injector-evolution.html?web_view=true

URL Provider

Details	Provider	Source level domain
Details	securityaffairs.com	securityaffairs.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	99	✔	Cyware News - Latest Cyber News	https://cyware.com/allnews/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	spatialreality.com
Details	Domain	1	get.sortyellowapples.com
Details	Domain	1	step.firstblackphase.com
Details	Domain	1	for.firstblackphase.com
Details	Domain	1	stock.statisticline.com
Details	Domain	1	block.descriptionscripts.com
Details	Domain	1	descriptionscripts.com
Details	Domain	1	fire.descriptionscripts.com
Details	Domain	1	sortyellowapples.com
Details	Domain	1	back.firstblackphase.com
Details	Domain	1	static.206.76.55.162.clients.your-server.de
Details	Domain	71	cybernews.com
Details	File	75	favicon.ico
Details	File	2	balada-injector-synopsis-of-a-massive-ongoing-wordpress-malware-campaign.html
Details	IPv4	1	162.55.76.206
Details	IPv4	1	206.76.55.162
Details	Url	1	https://get.sortyellowapples.com/scripts/get.js?v=7.5
Details	Url	1	https://step.firstblackphase.com/scripts/source.js
Details	Url	1	https://for.firstblackphase.com/trbbbbb0
Details	Url	1	https://stock.statisticline.com/scripts/trick.js
Details	Url	1	https://block.descriptionscripts.com/scripts/step.js?v=1.0.3
Details	Url	1	https://block.descriptionscripts.com/main.js
Details	Url	1	https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463
Details	Url	1	https://stats.statisticline.com/y1hjnr?&se_referrer=&default_keyword=&&_cid=d4781ca6
Details	Url	2	https://blog.sucuri.net/2023/04/balada-injector-synopsis-of-a-massive-ongoing-wordpress-malware-campaign.html
Details	Url	2	https://cybernews.com/security/wordpress-malware-epidemic-balada-injector
Details	Url	1	https://cybernews.com/security/balada-injector-new-domains-discovered