Adobe Phishing Kit 5c70696

Adobe phishing kit which uses the same template element id attribute as well as having the same value inside the noscript tags.

References

https://urlscan.io/result/bbdc4254-4c3b-46e8-b5a7-b86f8af3c452
https://urlscan.io/result/f6387380-2258-4113-8375-0195ecd1e268
https://urlscan.io/result/dc6f1a1d-ab62-4ac2-9844-1fb15498ce45
https://urlscan.io/result/4b107c8b-c9a2-406f-ad0f-f592d7e26af8

IOK Rule (edit)

title: Adobe Phishing Kit 5c70696
description: |
    Adobe phishing kit which uses the same `template`
    element `id` attribute as well as having the same
    value inside the `noscript` tags.

references:
    - https://urlscan.io/result/bbdc4254-4c3b-46e8-b5a7-b86f8af3c452
    - https://urlscan.io/result/f6387380-2258-4113-8375-0195ecd1e268
    - https://urlscan.io/result/dc6f1a1d-ab62-4ac2-9844-1fb15498ce45
    - https://urlscan.io/result/4b107c8b-c9a2-406f-ad0f-f592d7e26af8


detection:

    templateElementId:
      html|contains: '5c706966-0c66-4623-bdc3-5bd23e958ca3'

    noScriptValue:
      html|contains: 'f67126f1a0cee6aeda1cbb99c2a1c01f'
   
    condition: templateElementId and noScriptValue

tags:
  - kit
  - target.adobe