ioc[.]one - OSINT Cyber Threat Intelligence Database

Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server | Malwarebytes Labs

Tags

attack-pattern:

Data Cdns - T1596.004 Domains - T1583.001 Domains - T1584.001 Impersonation - T1656 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	a432586e-1726-4a21-b9b6-744eced4f09b
Fingerprint	bce031926207aa43
Analysis status	DONE
Considered CTI value	0
Text language
Published	Feb. 26, 2020, midnight
Added to db	Jan. 18, 2023, 8:35 p.m.
Last updated	Nov. 17, 2024, 12:54 p.m.
Headline	Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server
Title	Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server \| Malwarebytes Labs
Detected Hints/Tags/Attributes	43/1/11

Source URLs

	Redirection	Url
Details	Source	https://blog.malwarebytes.com/threat-analysis/2020/02/fraudsters-cloak-credit-card-skimmer-with-fake-content-delivery-network-ngrok-server/

URL Provider

Details	Provider	Source level domain
Details	malwarebytes.com	blog.malwarebytes.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		cdn-sources.org
Details	Domain	1		cdn-mediafiles.org
Details	Domain	1		d68344fb.ngrok.io
Details	Domain	1		jquery.social
Details	File	1		unveil.js
Details	File	6		cache.php
Details	File	2		ad.php
Details	File	1		717.js
Details	File	218		min.js
Details	Url	1		https://cdn-mediafiles.org/cache.php
Details	Url	1		https://www.{removed}.com/checkout/onepage