Bank of America Phishing Kit a53b161

Detects a Bank of America phishing kit.

References

IOK Rule (edit)

title: Bank of America Phishing Kit a53b161
description: |
    Detects a Bank of America phishing kit.
    
references:
    - https://urlscan.io/result/c38fab40-3a0b-4c90-b01e-605d4b8e0b4c
    
detection:

    exfilPHPScript:
      html|contains: 'conplas/sand.php'

    csrfToken:
      html|contains: 'a53b161c2b3f889e'
      
    fakeSecurityPopupText:
      js|contains|all:
        - 'Security Message!!'
        - 'The importance of security and the integrity of our services.  To avoid blockages and the suspension of services in our online banking, complete the information requested below correctly.!'

    condition: exfilPHPScript and csrfToken and fakeSecurityPopupText

tags:
  - kit
  - target.bank_of_america
  - target_country.usa