Detects a Banco de Galicia phishing kit deployed quite oftenly on replit.com.
title: Banco de Galicia Phishing Kit bd53a32
description: |
Detects a Banco de Galicia phishing kit deployed quite oftenly on `replit.com`.
references:
- https://urlscan.io/result/bd53a324-fc80-4bd5-801e-e9b3f10f3564
- https://urlscan.io/result/c88ca20b-ab76-415e-90b5-08f36fcacedd
detection:
formDefinition:
html|contains: 'action="secure.php" method="post" id="form1"'
credentialFieldNames:
html|contains|all:
- 'name="sol"'
- 'name="nahual"'
- 'name="chaneque"'
condition: formDefinition and credentialFieldNames
tags:
- kit
- target.banco_de_galicia
- target_country.argentina