216.73.217.22

A Website Attacked

· Published 16/10/2024 09:29 · Modified 16/10/2024 09:49

Export JSON

Essential information

Published
16/10/2024 09:29
Modified
16/10/2024 09:49
Tags
2024-10-16 browser updates compromised websites malware netsupport spoofing watering hole
Related entities
72 observables, 1 intrusion sets (apt), 4 techniques (mitre), 1 malware, 8 others

Description

This report investigates a attack on a U.S. apartment website that delivered by a fake browser update. The investigation uncovered dozens of other from various industries like healthcare, retail, and consumer sites. The compromised sites loaded malicious scripts from external domains, using techniques like iframes, random variable strings, and insertBefore methods. The spoofed Chrome, Mozilla, and Edge to deliver . Domain registration analysis revealed the actor utilized various registrars, ISPs, and nameservers, prioritizing volume and speed over operational security. The activity shares similarities with the Socgholish threat group.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (72)

  • 5.181.159.28
  • 5.181.159.137
  • 5.181.156.60
  • 94.158.245.103
  • 173.44.141.66
  • https://waterlinesheet.org/bDrVdw9c
  • https://treegreeny.org/KDJnCSZn
  • https://roadrunnersell.com/trade/fix.php?789
  • https://surelytheme.org/ZcqVjVQ1
  • https://quaryget.org/Gb7XTy3b
  • https://neworderspath.org/k4WP6NP9
  • https://nowordshere.org/bjz1khVv
  • https://libertader.org/YMKhmHVC
  • https://linedloop.org/HLgFVr7h
  • https://lemonicecold.org/cd5fkZwv
  • https://jsqur.com/LK2BnrDQ
  • https://jqueryh.org/7JHjvZgP
  • https://gxsicmj3l.top/cdn-vs/download.php?4372
  • https://greenpapers.org/6gjyRhhQ
  • https://greedyclowns.org/NTPm2fKs
  • https://estafetaofj.top/data.php?14979
  • https://drilledgas.org/dpw79r1k
  • https://dailytickyclock.org/Rz7kFbxJ
  • https://devqeury.org/PZyGWrXw
  • https://climedballon.org/ytW8d9XY
  • https://biggerfun.org/HQn5BKC3
  • https://bigbricks.org/cjpYRFns
  • http://lilygovert91.top/data.php?6889
  • http://dcnvahedforil31.com:3121
  • http://94.158.245.103/fakeurl.htm
  • http://5.181.159.28:443/fakeurl.htm
  • http://5.181.159.28/fakeurl.htm
  • http://5.181.159.137:443/fakeurl.htm
  • http://5.181.156.60/fakeurl.htm
  • http://173.44.141.66/fakeurl.htm
  • route.alberta-sl.com
  • waterlinesheet.org
  • uniquetouniquetechnicalservices.com
  • treegreeny.org
  • theaeroescorts.com
  • surelytheme.org
  • service-f0.com
  • robotprintmoney.com
  • roadrunnersell.com
  • nowordshere.org
  • north-residence.com
  • mtpolice2030.com
  • neworderspath.org
  • linedloop.org
  • lilygovert91.top
  • libertader.org
  • lemonicecold.org
  • jsqur.com
  • jqueryh.org
  • gxsicmj3l.top
  • greedyclowns.org
  • ganharcomblog.com
  • estafetaofj.top
  • drilledgas.org
  • elbied.com
  • devqeury.org
  • climedballon.org
  • chefspavilion.com
  • biggerfun.org
  • bigbricks.org
  • alberta-sl.com
  • dailytickyclock.org
  • greenpapers.org
  • quaryget.org
  • f4c80753adb721e3b55febeda133f9604e31ed19e234dca63be005e4bf2199a6
  • 3a8592a08dbed49906e60b66747901fa530d435d1296f8e849097e69ebe026cc
  • 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d

Intrusion sets (APT) (1)

  • Socgholish
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 03:07 · Modified 21/12/2025 07:54

Techniques (MITRE) (4)

  • T1557
    Adversary-in-the-Middle
  • T1564
    Hide Artifacts
  • T1543
    Create or Modify System Process
  • T1195
    Supply Chain Compromise

Malware (1)

  • NetSupport
    Family
    Published 03/11/2025 14:28 · Modified 03/11/2025 14:28

Others (8)

  • Thailand
  • Japan
  • United States of America
  • Aerospace
  • Retail
  • Hospitality
  • Technology
  • Healthcare

External references