Banco de la Nación Phishing Kit 0blz45du

Detects a Banco de la Nación phishing kit using a form action URL and a button ID that only appear in this kit. Deployed often on replit.com.

References

https://urlscan.io/result/3d822399-1fe2-49fb-b989-7d3d976c7af9/
https://hb.redlink.com.ar/bna/login.htm

IOK Rule (edit)

title: Banco de la Nación Phishing Kit 0blz45du
description: |
    Detects a Banco de la Nación phishing kit using a form action URL and a button ID that only appear in this kit.
    Deployed often on `replit.com`.
references:
  - https://urlscan.io/result/3d822399-1fe2-49fb-b989-7d3d976c7af9/
  - https://hb.redlink.com.ar/bna/login.htm

detection:

  form:
    html|contains|all:
      - action="$icko.php"
      - name="ksfmn"

  button:
    html|contains:
      - id="frostie"

  condition: form and button

tags:
  - kit
  - target.banco_de_la_nacion
  - target_country.argentina