Meet the JS-Sniffers 3: Illum Family
Tags
country: Germany
attack-pattern: Data Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004
Show in Graph
Common Information
Type Value
UUID ffc3ba9d-a6fe-4a5f-b3f8-f39ad7fb19f8
Fingerprint a48412bbc968e7ae
Analysis status DONE
Considered CTI value 0
Text language
Published April 25, 2019, midnight
Added to db Aug. 30, 2024, 11:30 p.m.
Last updated Nov. 17, 2024, 12:56 p.m.
Headline UNKNOWN
Title Meet the JS-Sniffers 3: Illum Family
Detected Hints/Tags/Attributes 41/2/20
Source URLs
Redirection Url
Details Source https://blog.group-ib.com/illum
URL Provider
Details Provider Source level domain
Details group-ib.com blog.group-ib.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 36 Blog Group-IB https://blog.group-ib.com/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 2 
cve-2009-1185
Details CVE 2 
cve-2016-4010
Details Domain 1 
cdn.illum.pw
Details Domain 3 
records.nstatistics.com
Details Domain 3 
gwillem.gitlab.io
Details Domain 2 
www.csu-shop.de
Details Domain 1 
maxchadwick.xyz
Details Domain 9 
steemit.com
Details Domain 1 
paymentnow.tk
Details Domain 1 
request.requestnet.tk
Details File 5 
records.php
Details File 252 
www.cs
Details File 1 
segapay_standart.js
Details File 1 
segapay_onpage.js
Details File 1 
payment_forminsite.js
Details File 3 
evil.js
Details Url 1 
https://gwillem.gitlab.io/2018/10/15/csu-shop-magecarted
Details Url 1 
https://www.csu-shop.de
Details Url 1 
https://maxchadwick.xyz/blog/using-cve-2016-4010-gadget-chain-in-magento-1
Details Url 1 
https://steemit.com/cybersecurity