Possible link between Magecart group & Cerberus Banking Trojan C2

Magecart Web Skimmer:

JS content
VT domain details
JS VT Results

CERBERUS Banking Trojan Malware:

fake app download page
Apk VT results
VT xancc4fp.online DNS resolution

IP Analysis:

Passive DNS for the C2 IP on VT
Malicious files hosted on C2
url scan result
Dridex samples hosted on C2

Could this C2 be used by multiple Threat Actors for various purposes? How do Cerberus, Magecart and Dridex connect?



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store