This will be a brief tutorial on using Open Source Intelligence (OSINT) to hunt down Magecart infections. I will go over some tools that could be used to pivot off of indicators and find new ones. I will also be giving a brief overview of my new tool, Gunslinger, and how it can be used to hunt for new infections.
I have recently found a few new domains that are associated with Magecart activity. This article will provide a brief overview of each domain, and will include information about the infected companies.
This is a continuation on the joint analysis of the opendoorcdn domain with Max Kersten. Thanks to an article by RiskIQ we now know that the Magecart sample we were analyzing was related to Magecart Group 12. RiskIQ also identified two more domains related to the group, toplevelstatic[.]com and storefrontcdn[.]com. After hunting through other OSINT sources, several more domains were also found.
In my previous article I went over a joint analysis with Max Kersten about an Olympic ticket reseller website that was infected with a Magecart-like credit card skimmer. This article is a continuation of that, since we have more findings to share. This is also a joint analysis with Max Kersten, you can find his blog here. You can read the original post on this here.
I have recently stumbled across a Magecart infection on an olympic ticket reseller site. This article will contain a brief analysis on the Magecart infection as well as my experience disclosing this information to the company. This is a joint analysis with Max Kersten, whose blog you can find here.