New VT to collect detections of compromised web applications


#1

Just arrived in the Feeds (GSF and GCF) :

Name: Compromised Web Application Detection (HTTP)
OID: 1.3.6.1.4.1.25623.1.0.108459
Family: Malware

This new VT aims at collecting various IOCs (Indicators Of Compromise) and thus allow to detect
already compromised web applications.

The VT starts with the detections for these (Javascript code of magentocore.net skimmers):

Scan Configuration dedicated to only run this VT (use it in combination with port range limited to HTTP(S) ports for high efficiency): compromised_webapps_scanconfig.xml (598.7 KB)

If you have IOCs to share, please share them here and we add them to the VT.