BBVA Phishing Kit aeng1e8e

Detects a BBVA (Banco Bilbao Vizcaya Argentaria) phishing kit deployed often on replit.com.

References

https://urlscan.io/result/46a91562-0580-49c7-9ec5-017a21677382
https://urlscan.io/result/3e8e58e6-7491-4a3f-b841-1a3c958aa7bb

IOK Rule (edit)

title: BBVA Phishing Kit aeng1e8e
description: |
    Detects a BBVA (Banco Bilbao Vizcaya Argentaria) phishing kit deployed often on replit.com.

references:
    - https://urlscan.io/result/46a91562-0580-49c7-9ec5-017a21677382
    - https://urlscan.io/result/3e8e58e6-7491-4a3f-b841-1a3c958aa7bb

detection:

    title:
      html|contains:
        - <title>BBVA | Net</title>

    css:
      html|contains:
        - href="./Index BBVA _ Net_files/style_crown.css"

    script:
      html|contains|all:
        - src="./Index BBVA _ Net_files/2f55199c"
        - src="./Index BBVA _ Net_files/tdcWY"

    form:
      html|contains|all:
        - form method="POST"  id="loggin"
        - form method="post"  id="des" target="_self"

    condition: title and css and script and form

tags:
  - kit
  - target.bbva
  - target_country.argentina