Cazanova phishing kit

Cazanova is the alias of a prolific phishing kit creator. Lucky for us, they like to sign their work by using cazanova for their cookie name rather than the default PHPSESSID, which makes it simple to identify their work.

References

Recent Detections

None found yet

We've not seen any sites matching this indicator yet. Try scanning a site you think matches this rule:

IOK Rule (edit)

title: Cazanova phishing kit
description: |
  Cazanova is the alias of a prolific phishing kit creator.
  Lucky for us, they like to sign their work by using `cazanova` for their cookie name rather than the default `PHPSESSID`, which makes it simple to identify their work.
references:
  - https://www.wmcglobal.com/blog/cazanova-morphine-kit-deep-dive

detection:
  cazanovaCookie:
    cookies|startswith: "cazanova="

  condition: cazanovaCookie

tags:
  - threat_actors.cazanova