None found yet
We've not seen any sites matching this indicator yet. Try scanning a site you think matches this rule:
Cazanova is the alias of a prolific phishing kit creator.
Lucky for us, they like to sign their work by using cazanova for their cookie name rather than the default PHPSESSID, which makes it simple to identify their work.
None found yet
We've not seen any sites matching this indicator yet. Try scanning a site you think matches this rule:
title: Cazanova phishing kit
description: |
Cazanova is the alias of a prolific phishing kit creator.
Lucky for us, they like to sign their work by using `cazanova` for their cookie name rather than the default `PHPSESSID`, which makes it simple to identify their work.
references:
- https://www.wmcglobal.com/blog/cazanova-morphine-kit-deep-dive
detection:
cazanovaCookie:
cookies|startswith: "cazanova="
condition: cazanovaCookie
tags:
- threat_actors.cazanova