March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Donot APT Group – Active IOCs
September 15, 2021Rewterz Threat Advisory – CVE-2021-34720 – Cisco IOS Software Security Vulnerability
September 16, 2021Rewterz Threat Alert – Donot APT Group – Active IOCs
September 15, 2021Rewterz Threat Advisory – CVE-2021-34720 – Cisco IOS Software Security Vulnerability
September 16, 2021
Severity
High
Analysis Summary
Megacart is also known as CoffeMokko, keeper, and FBseo this group is the oldest and dangerous threat actors in cybersecurity. In the past couple of years in which the COVID-19 pandemic is impacting the world and the use of online shopping has continued to increase at a rapid pace. In a recent survey, online shopping is increased up to 70.7%. These threat actors are taking advantage and stealing user’s credentials and other sensitive information.
Impact
- Credential Theft
Indicators of Compromise
Domain Name
- jquery[.]su
- jquery-statistika[.]info
- gstaticx[.]com
- gstaticxs[.]com
- googlestatix[.]com
- fontstatics[.]com
- fontsgoooglestatic[.]com
- CONFIDENTIAL 3
- drhorveys[.]com
- adwords-track[.]top
- winqsupply[.]com
- underscorefw[.]com
- swappastore[.]com
- speedtransaction[.]com
- slickjs[.]org
- shoppersbaycdn[.]com
- security-payment[.]su
- scriptopia[.]net
- scriptdesire[.]com
- sainester[.]com
- sagecdn[.]org
- safeprocessor[.]com
- payprocessor[.]net
- panelsaveok[.]com
- magento-stores[.]com
- jqueryalert[.]com
- hqassets[.]com
- hottrackcdn[.]com
- devlibscdn[.]com
- clipboardplugin[.]com
- cigarpaqe[.]com
- cdnforplugins[.]com
- cdncontainer[.]com
- braincdn[.]org
- bootstrapmag[.]com
- assetstorage[.]net
- ankese[.]com
- anduansury[.]com
- amazonawscdn[.]com
- agilityscripts[.]com
- adaptivestyles[.]com
IP
- 217[.]8[.]117[.]166
- 185[.]246[.]130[.]169
Remediation
- Search for IOCs in your environment.
- Block all threat indicators at their respective controls.