Just arrived in the Feeds (GSF and GCF) :
Name: Compromised Web Application Detection (HTTP)
OID: 1.3.6.1.4.1.25623.1.0.108459
Family: Malware
This new VT aims at collecting various IOCs (Indicators Of Compromise) and thus allow to detect
already compromised web applications.
The VT starts with the detections for these (Javascript code of magentocore.net skimmers):
- Magento: Tausende Online-Shops greifen heimlich Kreditkarten-Informationen ab | heise online
- MagentoCore skimmer most aggressive to date
Moderator note: This is an older scan config that does not work with current versions of Greenbone software, but remains here for reference purposes.
Scan Configuration dedicated to only run this VT (use it in combination with port range limited to HTTP(S) ports for high efficiency): compromised_webapps_scanconfig.xml (598.7 KB)
If you have IOCs to share, please share them here and we add them to the VT.