Discord Phishing Kit ee3f9f72

Detects a Discord phishing kit targeting Discord users.

This kit proxies all requests made by the original Discord website to the domain the kit is running on.

References

Recent Detections

IOK Rule (edit)

title: Discord Phishing Kit ee3f9f72
description: |
    Detects a `Discord` phishing kit targeting Discord users.
    
    This kit proxies all requests made by the original Discord
    website to the domain the kit is running on.
    
references:
    - https://urlscan.io/result/a0823bf6-9814-44ce-9517-271904fa7eed
    - https://urlscan.io/result/ee3f9f72-fe13-4729-b11e-ebcf51a02ed8

detection:

    proxyOpenCall:
        js|contains: 'oldXHROpen'
        
    proxyFetchCall:
        js|contains: 'oldFetch'

    originCheck:
        js|contains: "url.includes('://discord.com/api/')"
        
    condition: proxyOpenCall and proxyFetchCall and originCheck
    
tags:
  - target.discord