ioc[.]one - OSINT Cyber Threat Intelligence Database

Magecart Card Skimmers Injected Into Online Shops

Tags

cmtmf-attack-pattern:	Code Injection
attack-pattern:	Data Direct Code Injection - T1540 Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	d9b124f0-37a3-438f-a775-5b639e43872f
Fingerprint	3c2d21c9f856e0eb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 10, 2019, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Magecart Card Skimmers Injected Into Online Shops
Title	Magecart Card Skimmers Injected Into Online Shops
Detected Hints/Tags/Attributes	50/2/12

Source URLs

	Redirection	Url
Details	Source	https://blog.trendmicro.com/trendlabs-security-intelligence/fin6-compromised-e-commerce-platform-via-magecart-to-inject-credit-card-skimmers-into-thousands-of-online-shops/
Details	Source	https://www.trendmicro.com/en_in/research/19/j/fin6-compromised-e-commerce-platform-via-magecart-to-inject-credit-card-skimmers-into-thousands-of-online-shops.html
Details	Source	https://www.trendmicro.com/en_ca/research/19/j/fin6-compromised-e-commerce-platform-via-magecart-to-inject-credit-card-skimmers-into-thousands-of-online-shops.html
Details	Source	https://www.trendmicro.com/en_au/research/19/j/fin6-compromised-e-commerce-platform-via-magecart-to-inject-credit-card-skimmers-into-thousands-of-online-shops.html
Details	Source	https://www.trendmicro.com/en_hk/research/19/j/fin6-compromised-e-commerce-platform-via-magecart-to-inject-credit-card-skimmers-into-thousands-of-online-shops.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com
Details	trendmicro.com	blog.trendmicro.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	48		storage.googleapis.com
Details	Domain	3		volusion-cdn.com
Details	Domain	1		cdn3.volusion.com
Details	File	2		vnav.js
Details	File	2		resources.js
Details	File	6		trojanspy.js
Details	sha256	1		2348433df49e73217969a45726c53441f092c4a6fce57d1d58a6cf79d3976058
Details	sha256	1		cee25c699a14a04c6e1b6e6fcd5ce7d4414c9f324b62509a7af14ae5bf749af8
Details	sha256	1		d03f18a71ce059a79840a38aad4944426f0524bbd68a7a8fb7003c82996e6533
Details	Threat Actor Identifier - FIN	73		FIN6
Details	Url	2		https://storage.googleapis.com/volusionapi/resources.js
Details	Url	1		https://volusion-cdn.com/analytics/beacon