DHL Phishing Kit 27b89b9e

Detects a DHL phishing kit that uses KillBot to detect bots with a unique API key and a session hash that was left behind when cloning the original page.

References

https://urlscan.io/result/27b89b9e-23c7-4987-a6a6-696863b2bf2f
https://urlscan.io/result/75cbf995-0dd6-43bd-b07c-6c89646221cc

IOK Rule (edit)

title: DHL Phishing Kit 27b89b9e
description: | 
  Detects a DHL phishing kit that uses KillBot to 
  detect bots with a unique API key and a session 
  hash that was left behind when cloning the original
  page.
  
references: 
  - https://urlscan.io/result/27b89b9e-23c7-4987-a6a6-696863b2bf2f
  - https://urlscan.io/result/75cbf995-0dd6-43bd-b07c-6c89646221cc
  
detection: 

  killbotKey: 
    js|contains: 'XVMpB5exZpe6LjHpLHitdhu8mRZbRdZtq5UF6LD4hpXOX'

  sessionHash: 
    html|contains: 'fa08304132bc7b0252df9782a2491d28'

  condition: killbotKey and sessionHash


tags: 
  - kit
  - target.dhl