Detects a Banco de la República phishing kit using a form action URL and CSS files that only appear in this kit.
Deployed often on replit.com
.
title: Banco de la República (eBROU) Phishing Kit g5d6u78z
description: |
Detects a Banco de la República phishing kit using a form action URL and CSS files that only appear in this kit.
Deployed often on `replit.com`.
references:
- https://urlscan.io/result/cc2a1241-1e5f-4062-acb8-1f03f0f381ae/
- https://ebanking.brou.com.uy/frontend/loginStep1
detection:
form:
html|contains:
- action="index2.php"
image:
requests|contains: 'selectArrowDown.b3a49a7d.svg'
css:
html|contains|all:
- 2.d18bb301.chunk.css
- main.8d29879f.chunk.css
condition: (form and css and image) or (form and css)
tags:
- kit
- target.banco_de_la_republica
- target_country.uruguay