← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Thousands of Sites with Popup Builder Compromised by Balada Injector
WHITE Balada tr2222200 2024-01-16 Modified: 2024-02-14
44
IOCs
MEDIUM VOLUME
Balada Injector campaign started infecting websites with older versions of the Popup Builder. The attack used a freshly registered (December 13) domain specialcraftbox[.]com. At the current time of writing PublicWWW detects the injection on over 6,200 sites.
popup builderwordpresscloudflaredecemberbalada injectornnnnjanuarybaladajavascriptwpscanbalada javascriptsitecheck
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Balada JavaScript Popup Builder SiteCheck
Indicators of Compromise (44)
All URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://get.specialcraftbox.com/loc/gr.txt 2024-01-16
URL https://get.specialcraftbox.com/loc/r.php?zd= 2024-01-16
URL https://rest.greenfastline.com/vkRJGzsp 2024-01-16
URL https://soft.specialcraftbox.com/JZFYbC 2024-01-16
URL https://soft.specialcraftbox.com/KQGrXb?c= 2024-01-16
domain bestdarkbars.com 2024-01-16
domain bestlightbars.com 2024-01-16
domain blacklinetosplit.com 2024-01-16
domain blueperfectballon.com 2024-01-16
domain bluesmallbutterfly.com 2024-01-16
domain clearblueline.com 2024-01-16
domain cleargreenline.com 2024-01-16
domain clearlinesprice.com 2024-01-16
domain creativemanagercircle.com 2024-01-16
domain creativemanagerline.com 2024-01-16
domain darkspecialbars.com 2024-01-16
domain daynitroglass.com 2024-01-16
domain goldflowerservice.com 2024-01-16
domain greenfastline.com 2024-01-16
domain greensmallbutterfly.com 2024-01-16
domain lightgreenstep.com 2024-01-16
domain lightredstep.com 2024-01-16
domain lightspecialbars.com 2024-01-16
domain nightnitroglass.com 2024-01-16
domain openspecificdark.com 2024-01-16
domain openspecificwhite.com 2024-01-16
domain redperfectballon.com 2024-01-16
domain solohostering.com 2024-01-16
domain somenewforyou.com 2024-01-16
domain specialcraftbox.com 2024-01-16
domain stoneblacksort.com 2024-01-16
domain stonewhitesort.com 2024-01-16
domain sunshineblackcolor.com 2024-01-16
domain sunshinewhitecolor.com 2024-01-16
domain topgiftsforusers.com 2024-01-16
domain trackspecialdomain.com 2024-01-16
domain whitelinetosplit.com 2024-01-16
domain workandbestservice.com 2024-01-16
domain workandgoodservice.com 2024-01-16
hostname fine.greenfastline.com 2024-01-16
hostname get.specialcraftbox.com 2024-01-16
hostname rest.greenfastline.com 2024-01-16
hostname service.specialcraftbox.com 2024-01-16
hostname soft.specialcraftbox.com 2024-01-16
References (1)
↗ https://blog.sucuri.net/2024/01/thousands-of-sites-with-popup-builder-compromised-by-balada-injector.html