Banco Galicia Phishing Kit bd53a32

Detects a Banco Galicia phishing kit deployed quite oftenly on replit.com.

References

https://urlscan.io/result/bd53a324-fc80-4bd5-801e-e9b3f10f3564
https://urlscan.io/result/c88ca20b-ab76-415e-90b5-08f36fcacedd

IOK Rule (edit)

title: Banco Galicia Phishing Kit bd53a32
description: |
    Detects a Banco Galicia phishing kit deployed quite oftenly on `replit.com`.
    
references:
    - https://urlscan.io/result/bd53a324-fc80-4bd5-801e-e9b3f10f3564
    - https://urlscan.io/result/c88ca20b-ab76-415e-90b5-08f36fcacedd

detection:

    formDefinition:
      html|contains: '<form action="secure.php" method="post" id="form1">'

    credentialFieldNames:
      html|contains|all:
        - 'name="sol"'
        - 'name="nahual"'
        - 'name="chaneque"'
   
    condition: formDefinition and credentialFieldNames

tags:
  - target.bancogalicia
  - target_country.argentina