Amerant Bank Phishing Kit 4TfEvG

Detects a phishing kit targeting Amerant Bank. This was found as a result of this kit being deployed on Replit.

References

IOK Rule (edit)

title: Amerant Bank Phishing Kit 4TfEvG
description: |
    Detects a phishing kit targeting Amerant Bank.
    This was found as a result of this kit being deployed on Replit.

references:
    - https://www.amerantbank.com/
    - https://urlscan.io/result/88c70641-58c8-45f2-843e-a9026f8110cd/

detection:

    sciptNonce:
      html|contains:
        - script id="GTMSnippet" nonce="" data-nonce="8A089EEA61455255137694196DA9B4F13B99A2F276BDFAF6EA792DC184C1CE16"

    csrfToken:
      html|contains:
        - meta name="csrf-token" content="0_L40lRrtLFzDrKWqGRzeK1Mamr7OvY6ZQ2GU_k7jbHcXRj-BKuuIAkBlMmyeJ1CT5x5KCTlQsajhs3ec7U_1R6eJCg1"

    formCsrfToken:
      html|contains:
        - input name="__RequestVerificationToken" type="hidden" value="9Sb_nRgfghLwjsglA0aLodG6PcRbAkzYwVZr65U7_BWfj_45RxOFA6ID9WBHrzvHIhGn7fDTkV6KhFiINVLLAK0r62g1"


    condition: sciptNonce and csrfToken and formCsrfToken

tags:
  - kit
  - target.amerant
  - target_country.usa