Banco Promerica Phishing Kit ef73ish1

Detects a Banco Promerica phishing kit with images and form action URL that only appear in this kit. Deployed often on replit.com.

References

https://urlscan.io/result/cb8dedfa-8a9d-4da9-944f-e93edea6c38c/
https://banca.grupopromerica.com/PCRC/PB/pages/administration/pbLoginPage.aspx

IOK Rule (edit)

title: Banco Promerica Phishing Kit ef73ish1
description: |
    Detects a Banco Promerica phishing kit with images and form action URL that only appear in this kit.
    Deployed often on `replit.com`.
references:
  - https://urlscan.io/result/cb8dedfa-8a9d-4da9-944f-e93edea6c38c/
  - https://banca.grupopromerica.com/PCRC/PB/pages/administration/pbLoginPage.aspx

detection:

  images:
    html|contains|all:
      - <div class="logo" ><img src="im/logoa.png" width="100%"  ></div>
      - <div class="desa"><img src="im/logob.png" width="100%" ></div>
      - <div class="fo"><img src="im/logoc.png" width="100%"  ></div>

  form:
    html|contains:
      - action="guardar.php"

  condition: images and form

tags:
  - kit
  - target.banco_promerica
  - target_country.costarica