Banco Falabella Phishing Kit 5fed617

Detects a phishing kit targeting Banco Falabella (Colombia) users Deployed often on replit.com.

References

https://urlscan.io/result/475d32ad-5860-4a50-aaa3-90226c022533
https://urlscan.io/result/c043ef62-8da3-49d1-92b0-b05a8a62d609

IOK Rule (edit)

title: Banco Falabella Phishing Kit 5fed617
description: |
    Detects a phishing kit targeting Banco Falabella (Colombia) users
    Deployed often on `replit.com`.
    
references:
  - https://urlscan.io/result/475d32ad-5860-4a50-aaa3-90226c022533
  - https://urlscan.io/result/c043ef62-8da3-49d1-92b0-b05a8a62d609

detection:

  googleJS:
    requests|contains: 'f(1).txt'

  jsFile:
    requests|contains: 'bfaf6gq7.js.descarga'
    
  condition: googleJS and jsFile

tags:
  - kit
  - target.banco_falabella
  - target_country.colombia