← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
US Republican Party website infected with a credit-card stealing malware
WHITE AlienVault 2016-10-14 Modified: 2016-10-14
3
IOCs
LOW VOLUME
The discovered Javascript code runs hidden in the browser and activates when text is entered on a payment page. All the text is then copied and - again hidden in the background - sent to a foreign server.
republicancredit cardmalwareskimmer
Indicators of Compromise (3)
All domain URL
TYPEINDICATORDESCRIPTIONCREATED
domain jquery-cloud.net 2016-10-14
domain jquery-code.su 2016-10-14
URL https://jquery-code.su/images/lite.js 2016-10-14
References (2)
↗ https://gist.github.com/gwillem/3c3f566278ac01a290560f64129d3df0 ↗ https://gwillem.gitlab.io/2016/10/04/how-republicans-send-your-credit-card-to-russia/