Discord Phishing Kit 4EK3uS

IOK Rule (edit)

title: Discord Phishing Kit 4EK3uS
description: |
    Detects a phishing kit targeting Discord and Steam by promising a Free Discord Nitro subscription.


references:
    - https://urlscan.io/result/0030c20b-4573-4e83-8048-47692aa9bf6d/
    - https://urlscan.io/result/44812aa4-942c-43e1-a451-a1c3aeecdb40/
    - https://urlscan.io/result/4bccb167-a836-41ee-9b5e-fecd937445f6/
    - https://urlscan.io/result/a2274bd5-1b28-4bdf-9952-a2fa103f6e84/
    - https://urlscan.io/result/6d7c16d7-374c-40d1-b863-178afb9ba5e6/

detection:

    image:
      html|contains:
        - <img src="https://sapientist.ru/images/62a315f45888ab5517509314_b941bc1dfe379db6cc1f2acc5a612f41.png"

    embedImage:
      html|contains:
        - <meta content="https://assets-global.website-files.com/6257adef93867e50d84d30e2/625d07708827f8702cce4899_photo_2022-04-18_10-38-29.jpg" property="twitter:image">

    condition: image and embedImage

tags:
  - kit
  - target.discord