Bank of America Phishing Kit kgzRkD

Detects a phishing kit targeting Bank of America. This kit is already detected by Urlscan. Found as a result of it being deployed on Replit.

References

IOK Rule (edit)

title: Bank of America Phishing Kit kgzRkD
description: |
    Detects a phishing kit targeting Bank of America. This kit is already detected by Urlscan.
    Found as a result of it being deployed on Replit.


references:
    - https://urlscan.io/result/928c09f2-1a08-4a13-a76e-4c8c5e741063/
    - https://urlscan.io/result/3377f34c-fa5a-4171-8ea4-6501c3b70c9b/

detection:

    title:
      html|contains:
        - <title>Bank of America | Online Banking | DebitCard Information</title>

    css:
      html|contains|all:
        - .fondo{	background:url(prin.png);	background-repeat:no-repeat;	}
        - ".Sign #button:hover{background:url(BotonAzul.png)}"

    form:
      html|contains:
        - form method="post" action="conplas/sando.php" autocomplete="off"


    condition: title and css and form

tags:
  - kit
  - target.bank_of_america
  - target_country.usa