This kit seems to define a few configuration values within the page's javascript, possibly to communicate with the backend which user of the phishing service owns the phishing page.
title: ANZ Bank Phishing Kit cd6ec9e7
description: |
This kit seems to define a few configuration
values within the page's javascript, possibly
to communicate with the backend which user
of the phishing service owns the phishing page.
references:
- https://urlscan.io/result/cd6ec9e7-b588-469b-986c-1e2b84d3e9b4
- https://urlscan.io/result/45395d64-b370-4fee-94ae-964fe92965b4
- https://urlscan.io/result/895d7b3b-6bf7-4f42-b36c-150c14867728
detection:
pageTitle:
title: "Login - ANZ Internet Banking"
kitConfiguration:
js|contains|all:
- "var urlroot"
- "var uniqueid"
kitAssets:
dom|contains|all:
- "//js/option.js"
- "//js/browser.js"
- "//panel/img/logo.PNG"
- "//panel/img/img-01.PNG"
- "//panel/img/anz-logo.1.0.0.svg"
condition: pageTitle and kitConfiguration and kitAssets
tags:
- kit
- target.anz_bank
- target_country.new_zealand