None found yet
We've not seen any sites matching this indicator yet. Try scanning a site you think matches this rule:
Cazanova is the alias of a prolific phishing kit creator.
Lucky for us, they like to sign their work by using cazanova
for their cookie name rather than the default PHPSESSID
, which makes it simple to identify their work.
title: Cazanova phishing kit
description: |
Cazanova is the alias of a prolific phishing kit creator.
Lucky for us, they like to sign their work by using `cazanova` for their cookie name rather than the default `PHPSESSID`, which makes it simple to identify their work.
references:
- https://www.wmcglobal.com/blog/cazanova-morphine-kit-deep-dive
detection:
cazanovaCookie:
cookies|startswith: "cazanova="
condition: cazanovaCookie
tags:
- threat_actors.cazanova