An Apple iCloud Phishing Kit appearing in English and Spanish. This looks for file name references of a stylesheet, title styling and a loader image.
title: Apple iCloud Phishing Kit 467ab986
description: |
An Apple iCloud Phishing Kit appearing in English and Spanish.
This looks for file name references of a stylesheet, title styling and a loader image.
references:
- https://urlscan.io/result/467ab986-22c1-466a-a9b4-173f6bd75205/
- https://urlscan.io/result/ec2b7fc2-7906-4f72-9f00-c8b35e6d6328/
- https://urlscan.io/result/e8eb17de-97c5-4e0a-a755-984208e6c35e/
- https://urlscan.io/result/224947d7-24c8-4c5f-b67c-236b150e87c2/
- https://urlscan.io/result/a40f91d6-fd26-4094-b9c6-70976c0df9d2/
- https://urlscan.io/search/#(filename%3A%22assets%2Flayout%2Fapple.css%22)%20AND%20(filename%3A%22assets%2Fimg%2Fajax-loader.gif%22)
detection:
stylesheet:
html|contains: "href=\"assets/layout/apple.css\""
titleClassStyle:
html|contains: ".Estilo2"
imageAjaxLoader:
html|contains: "src=\"assets/img/ajax-loader.gif\""
condition: stylesheet and titleClassStyle and imageAjaxLoader
tags:
- kit
- target.icloud
- target.apple