Severity
High
Analysis Summary
Megacart is also known as CoffeMokko, keeper, and FBseo this group is the oldest and dangerous threat actors in cybersecurity. In the past couple of years in which the COVID-19 pandemic is impacting the world and the use of online shopping has continued to increase at a rapid pace. In a recent survey, online shopping is increased up to 70.7%. These threat actors are taking advantage and stealing user’s credentials and other sensitive information.
Impact
- Credential Theft
Indicators of Compromise
Domain Name
- jquery[.]su
- jquery-statistika[.]info
- gstaticx[.]com
- gstaticxs[.]com
- googlestatix[.]com
- fontstatics[.]com
- fontsgoooglestatic[.]com
- CONFIDENTIAL 3
- drhorveys[.]com
- adwords-track[.]top
- winqsupply[.]com
- underscorefw[.]com
- swappastore[.]com
- speedtransaction[.]com
- slickjs[.]org
- shoppersbaycdn[.]com
- security-payment[.]su
- scriptopia[.]net
- scriptdesire[.]com
- sainester[.]com
- sagecdn[.]org
- safeprocessor[.]com
- payprocessor[.]net
- panelsaveok[.]com
- magento-stores[.]com
- jqueryalert[.]com
- hqassets[.]com
- hottrackcdn[.]com
- devlibscdn[.]com
- clipboardplugin[.]com
- cigarpaqe[.]com
- cdnforplugins[.]com
- cdncontainer[.]com
- braincdn[.]org
- bootstrapmag[.]com
- assetstorage[.]net
- ankese[.]com
- anduansury[.]com
- amazonawscdn[.]com
- agilityscripts[.]com
- adaptivestyles[.]com
IP
- 217[.]8[.]117[.]166
- 185[.]246[.]130[.]169
Remediation
- Search for IOCs in your environment.
- Block all threat indicators at their respective controls.