Profile picture
, 15 tweets, 15 min read
My Authors
Read all threads
:: Magecart Hunting Thread ::

This is a thread about how to hunt and find #Magecart infected sites using @URLscan. 💰💵

♻️Please retweet to help spread knowledge and feel free to add your own techniques, ideas, and suggestions.

⚠️THREAD⚠️
A brief overview of Magecart.

Magecart is an umbrella term for the technique of injecting JavaScript to steal credit card numbers on E-commerce sites. A number of actors/groups operate under the same term implanting JavaScript onto checkout pages all over the world.
To get started we need a foothold.
I have a hunt running looking for a known Magecart hash.

This morning a new site hit the search, looking at the site I then used the filename as a pivot. The filename which is infected with Magecart is "jquery_noconflict.js"
Using this filename as a pivot we can find other sites using a file with the same name.

The second site listed ':/www.shopatsimba.com' requires further analysis I think.
Initial analysis needs to check the domain tree to see what domains the site calls out to when loading.

There are three which require further analysis:
- :/images-amazon.com
- :/jquerycdnlib.at
- :/gnogle.ru
It turns out, 'images-amazon' is legitimate and owned by Amazon.
Sadly, the same can't be said about the other two domains identified which appear highly suspicious.
Starting with 'gnogle' - The site returned 0 Bytes, so for now this site is a dead end; however, it is worth keeping in mind and using as a pivot for another investigation in the future.
Moving our attention to 'jquerycdnlib'

URL🌐- hxxps://jquerycdnlib.at
IP - 217.8.117.42
TLS🔐- @letsencrypt
Looking at the HTTP resources on the e-commerce site for the transaction details to the domain that is being analysed.

The file requested from this domain is called '5c3a398f10058.js'
Looking at the JavaScript code it becomes clear this is a Magecart script, it searches for credit card information, and then sends this data back to the domain it was loaded from.
Without fully deobfuscating the script we will not know the full capabilities of the script. However, it is clear at this point that 'shopatsimba' is infected with Magecart and all card details are being stolen when they are entered into the site.
We can continue to hunt this script using the hash, the file name, and also looking into the IP address to see if any further scripts can be found.

But that is for you to do!
If you have any questions or want to chat, my DM's are open to enable me to talk to cool people.

If you enjoyed this thread then why not check out my other threat hunting threads:
-
-
Please see the above thread which may be of interest to you. Retweets would be great. Thanks!

@malwrhunterteam @jknsCo @dave_daves @nullcookies @dvk01uk @cybsecbot @JackRhysider @SecurityNewsbot @RiskIQ @Ring0x0 @ydklijnsma @Aamog @BleepinComputer @proofpoint @SteveD3 @ANeilan
@malwrhunterteam @jknsCo @dave_daves @nullcookies @dvk01uk @cybsecbot @JackRhysider @SecurityNewsbot @RiskIQ @Ring0x0 @ydklijnsma @Aamog @BleepinComputer @proofpoint @SteveD3 @ANeilan Please see the above thread which may be of interest to you.

♻️Retweets would be appreciated to help knowledge share!

Thanks.

@SINON_REBORN @echobit @three_cube @ThisIsNuse @pry0cc @malware_traffic @NarimanGharib @darienhuss @kfalconspb @RH_Poseidon @JAMESWT_MHT @kfalconspb
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Jake

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#Magecart

More from @JCyberSec_ see all

Profile picture
Jake
@JCyberSec_
:: Phishing Admin Panel Hunting Thread ::

In this thread we will find ways to hunt and attribute phishing admin panels.

This is a continuation from my #phishing hunting thread released earlier this year. ()

Please retweet to knowledge share among others.
Firstly we need to understand what an admin panel is in relation to phishing sites. There are many phishing-as-a-service (PaaS) offerings for threat actors to buy allowing them to quickly and easily deploy kits online. They normally consists of a threat actor buying an API key.
In this thread I will show you how to fingerprint some of the major panels, if you feel I have missed any let me know as I would love to keep this thread current and up-to-date on new threats.
Read 21 tweets
Profile picture
Jake
@JCyberSec_
:: Phishing Hunting Thread ::

This is a thread about how to hunt and find #Phishing sites.
Retweets would be great to help spread the knowledge and please add your own techniques, ideas and suggestions.

Let's go hunting!
Firstly we need a site to use as a pivot. I have attached a number of sources at the bottom of this thread. For demonstration purposes we will use this site ::

hxxp://www.new.froid-guyader.fr/libraries/sharepointcontract/

This is a #Phishing site against Microsoft Office
Initially let's see if there is a #PhishingKit or #OpenDir on the domain. Enumeration on the domain is important. This is a example of sites to load and see ::

- hxxp://www.new.froid-guyader.fr/libraries/
- hxxp://www.new.froid-guyader.fr/
- hxxp://www.froid-guyader.fr/
Read 16 tweets

Related threads

Profile picture
FarmGreedy™
@BashorunGa_
NATURAL MEDICATIONS IN POULTRY REARING
In this #Thread, I will be discussing how small flock poultry owners can save money from drugs and also raise organic chickens. Fasten your seat belt and travel with me to the school of poultry studies.Kindly follows back and RT
Misuse of antibiotics is common among poultry farmers and this is dangerous to both animals and human beings. Birds are becoming resistant to antibiotics. The remains of antibiotics are left in animal products like eggs, poultry meat and milk..
Do u know dt common foods & spices we consume on a daily basis can also cure ailments in your poultry flock? Ginger,Pepper,Garlic,Aloe-vera and Yoghurt are just among d food and spices that are medicinal in nature. Farmers practicing organic farming will understand this better.
Read 13 tweets
Profile picture
Oladeji Stephen
@RealSaintSteven
Automation Tools To Ease Your Data Science Project

Working on Data Science Project can be overwhelming for beginners esp student that intend to carry our a research in this field.

Below are some automation tools that data science professional can use.
#DataScience #Thread
1 WEKA
Weka is a collection of machine learning algorithms for data mining tasks. It contains tools for data preparation, classification, regression, clustering, association rules mining, and visualization
#WEKA help you discover practical data mining &learn to mine your own data
#WEKA make it easy for you to play around with data and it gives you test options regarding how you split your #dataset.
I once used WEKA to get result 'clue' for Classification of EEG signal using AIRS, Immuno, CLONALG.

Download WEKA: cs.waikato.ac.nz/ml/weka/
Read 11 tweets
Profile picture
Dr Benjamin Janaway Esq. 🧠
@drjanaway
#tipsfornewdoctors

I will try to be comprehensive, so feel free to add more and #retweet to build this thread. Best of luck to all of you, and remember, you earned your place.
1) Listen - to your patients and seniors, they know more than you do. Especially the patients, they are experts in themselves.
2) Reflect - this allows you to spot mistakes, ways of improving, and learn about yourself.
3) Document - if it isn't written down, it didn't happen.
4) Compare new results with old ones - ECG, bloods, unless you know what's normal for the patient, you don't know what's abnormal. Patterns guide our treatments.
5) Use a chaperone if examining a patient - make sure to document who was with you. This is for your career.
Read 26 tweets
Profile picture
Jude Gomila
@judegomila
1/ My team and I at Golden have been working diligently for the last two years to map out 10bn+ fascinating topics in high detail. Today we are officially launching, announcing a $5m seed round from @a16z @foundersfund, GigaFund and others

golden.com/blog/introduci… thread below ->
2/ Golden’s mission is to collect, organize and express 10+ billion topics in an accessible way, presented in neutrally-written and comprehensive topic pages using AI and UI to automate the process where possible.
3/ In order to help achieve the mission we raised $5m from @a16z @pmarca Gigafund (Luke + @oskoui), @foundersfund @cyantist @svangel @JoeMontana @__aston__ @jellyfishbloom @immad @joshbuckley @howietl, @loopj @JamesTamplin @_jacksmith @michaeleinziger @sharpshoot @tripadler ++
Read 11 tweets
Profile picture
Dr Benjamin Janaway 🧠
@drjanaway
KIM KARDASHIAN

Right, now I have your attention.

1) Climate change reversal requires incentivising businesses to go green.
2) Proper use of antibiotics will prevent the resurgence of medieval diseases, and countless deaths.
3) Facism is becoming prominent as clickbait.
4) Confusing strength and childish hubris leads to the election of dangerous politicians (Trump, May.)
5) Voting based on evidence is the best way forward, but it means you have to research the source material.
6) Vaccines do not cause autism. Charlatans are exploiting fear.
7) Windmills do not cause cancer. Sound waves do not have a frequency or wavelength relevant to mutating DNA.
8) Socialism is not communism, and socialist efforts save lives (NHS, welfare.)
9) The right and left is a media hyperbole, most people hold variable views.
Read 6 tweets
Profile picture
Global Entrepreneurship
@entreprenenture
Hello, everyone! Let's start our #thread on #child #entrepreneurs, both in #Malaysia and abroad.

We'll talk about the success stories as well as how to foster their development 😊 Let's go! Feel free to add on to the thread with your own opinion and sharing.
Latest in Malaysia is the story of Ferris. Ferris merupakan usahawan cilik yang terpengaruh secara positif dengan siri Upin dan Ipin! It's good to see how entrepreneurship in an animated series can piqued children and their interest in entrepreneurship!

If you ask if there are more of such stories in #Malaysia, there are!

11 y.o Elisa Ahmad Sayuti and her friends got inspired by both their participation in Kelab Usahawan Cilik as well as seeing their parents who are also #entrepreneurs!

sinarharian.com.my/gps-bestari/us…
Read 11 tweets

Trending hashtags

#MakeOthersHappy #presurgery #ML #science #polbots #phdlife #AmericaFirst #WSUEntomology #AI #MAGA #Islamophobia #antiracist #VoteRepublican #Trump #Paraprosdokians #witchhunt #Tulsi2020 #Enjoy #Retweet #RoshHashanah #ShareCheer #readingcommunity #RETWEET #britsplaining #parenting
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!