Bancor Phishing Kit 5bb0b5u3

Detects a Bancor phishing kit deployed often on replit.com.

References

IOK Rule (edit)

title: Bancor Phishing Kit 5bb0b5u3
description: |
    Detects a Bancor phishing kit deployed often on replit.com.

references:
    - https://urlscan.io/result/2f5aad26-8754-4dc7-98c7-019b2848c329
    - https://urlscan.io/result/4900ffe0-f28f-4f46-a4c0-2f8fe5484a14
    - https://urlscan.io/result/fa1931a0-fc51-45b0-8fb3-059d472066e6/
    - https://urlscan.io/result/edb68cb2-dd60-4ef1-b812-442855064cd8/

detection:

    form:
      html|contains|all:
        - form id="maleeye"
        - action="clave.php"

    css:
      html|contains:
        - href="./complementos/main.css"

    img:
      requests|contains|all:
        - complementos/img/Logo-Bancor.png
        - complementos/img/user-login.png
        - complementos/img/_DSC0103-HDR.jpg
        - complementos/font/Roboto-Regular.woff

    condition: form and css and img

tags:
  - kit
  - target.bancor
  - target_country.argentina