● 0 online
ANALYZING THREAT INTELLIGENCE
CTI
PORTAL
Threat Intelligence
INTELLIGENCE
Dashboard
IOC Search
Bulk Search
Pulses
Actors
Tags
Watchlist
ANALYSIS
Phishing
Knowledge Base
SYSTEM
Cache
← Back to Pulse Feed
PULSE
DETAIL
PULSE NAME
Thousands of Sites with Popup Builder Compromised by Balada Injector
WHITE
Balada
Tr1sa111
2024-01-16
Modified: 2024-02-14
44
IOCs
MEDIUM VOLUME
↓ CSV
↓ JSON
★ Watch
popup builder
wordpress
cloudflare
december
balada injector
nnnn
january
balada
javascript
wpscan
balada javascript
sitecheck
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
T1027
T1036
T1056
T1055
MALWARE FAMILIES
Balada JavaScript
Popup Builder
SiteCheck
Indicators of Compromise (44)
All
URL
domain
hostname
⎘ Copy All
TYPE
INDICATOR
DESCRIPTION
CREATED
URL
http://get.specialcraftbox.com/loc/gr.txt
—
2024-01-16
⎘
URL
https://get.specialcraftbox.com/loc/r.php?zd=
—
2024-01-16
⎘
URL
https://rest.greenfastline.com/vkRJGzsp
—
2024-01-16
⎘
URL
https://soft.specialcraftbox.com/JZFYbC
—
2024-01-16
⎘
URL
https://soft.specialcraftbox.com/KQGrXb?c=
—
2024-01-16
⎘
domain
bestdarkbars.com
—
2024-01-16
⎘
domain
bestlightbars.com
—
2024-01-16
⎘
domain
blacklinetosplit.com
—
2024-01-16
⎘
domain
blueperfectballon.com
—
2024-01-16
⎘
domain
bluesmallbutterfly.com
—
2024-01-16
⎘
domain
clearblueline.com
—
2024-01-16
⎘
domain
cleargreenline.com
—
2024-01-16
⎘
domain
clearlinesprice.com
—
2024-01-16
⎘
domain
creativemanagercircle.com
—
2024-01-16
⎘
domain
creativemanagerline.com
—
2024-01-16
⎘
domain
darkspecialbars.com
—
2024-01-16
⎘
domain
daynitroglass.com
—
2024-01-16
⎘
domain
goldflowerservice.com
—
2024-01-16
⎘
domain
greenfastline.com
—
2024-01-16
⎘
domain
greensmallbutterfly.com
—
2024-01-16
⎘
domain
lightgreenstep.com
—
2024-01-16
⎘
domain
lightredstep.com
—
2024-01-16
⎘
domain
lightspecialbars.com
—
2024-01-16
⎘
domain
nightnitroglass.com
—
2024-01-16
⎘
domain
openspecificdark.com
—
2024-01-16
⎘
domain
openspecificwhite.com
—
2024-01-16
⎘
domain
redperfectballon.com
—
2024-01-16
⎘
domain
solohostering.com
—
2024-01-16
⎘
domain
somenewforyou.com
—
2024-01-16
⎘
domain
specialcraftbox.com
—
2024-01-16
⎘
domain
stoneblacksort.com
—
2024-01-16
⎘
domain
stonewhitesort.com
—
2024-01-16
⎘
domain
sunshineblackcolor.com
—
2024-01-16
⎘
domain
sunshinewhitecolor.com
—
2024-01-16
⎘
domain
topgiftsforusers.com
—
2024-01-16
⎘
domain
trackspecialdomain.com
—
2024-01-16
⎘
domain
whitelinetosplit.com
—
2024-01-16
⎘
domain
workandbestservice.com
—
2024-01-16
⎘
domain
workandgoodservice.com
—
2024-01-16
⎘
hostname
fine.greenfastline.com
—
2024-01-16
⎘
hostname
get.specialcraftbox.com
—
2024-01-16
⎘
hostname
rest.greenfastline.com
—
2024-01-16
⎘
hostname
service.specialcraftbox.com
—
2024-01-16
⎘
hostname
soft.specialcraftbox.com
—
2024-01-16
⎘
References (1)
↗ https://blog.sucuri.net/2024/01/thousands-of-sites-with-popup-builder-compromised-by-balada-injector.html