Bookmark Grabber bf623f6

Detects a phishing page that leverages the Dyno discord bot as a lure to install a malicious browser bookmark to steal the victim's Discord token.

References

https://urlscan.io/result/bf623f6d-f6b8-42cb-af39-97d75a04784c
https://urlscan.io/result/e47140ac-d6f9-44d9-83c0-02741a137fbb

IOK Rule (edit)

title: Bookmark Grabber bf623f6
description: |
    Detects a phishing page that leverages the Dyno 
    discord bot as a lure to install a malicious browser
    bookmark to steal the victim's Discord token.
    
references:
  - https://urlscan.io/result/bf623f6d-f6b8-42cb-af39-97d75a04784c
  - https://urlscan.io/result/e47140ac-d6f9-44d9-83c0-02741a137fbb

detection:

  divElement:
    html|contains: 'id="div-gpt-ad-1559171339966-0"'
    
  cssFile:
    requests|contains: 'serverlist.c0b3a1eec6.css'

  fakeText:
    html|contains: '20222022 Solomid Corporation'


  condition: divElement and cssFile and fakeText

tags:
  - target.discord