Facebook Phishing Kit 07c20f69

Detects a Facebook phishing kit that uses unique filenames for image assets of the fake login page.

References

https://urlscan.io/result/07c20f69-b46c-45cd-8405-69545f3d65b8
https://urlscan.io/result/e4271d0c-ca24-469d-ba14-d2b30b7ebe71
https://urlscan.io/result/58212748-a0cb-4d63-9a03-330a15bc3b55
https://urlscan.io/result/358791e7-ad89-4298-a903-25f0ac7c8922

IOK Rule (edit)

title: Facebook Phishing Kit 07c20f69
description: | 
  Detects a Facebook phishing kit 
  that uses unique filenames for 
  image assets of the fake login 
  page.

references: 
  - https://urlscan.io/result/07c20f69-b46c-45cd-8405-69545f3d65b8
  - https://urlscan.io/result/e4271d0c-ca24-469d-ba14-d2b30b7ebe71
  - https://urlscan.io/result/58212748-a0cb-4d63-9a03-330a15bc3b55
  - https://urlscan.io/result/358791e7-ad89-4298-a903-25f0ac7c8922

detection: 

  firstAsset: 
    requests|contains: '5yj6qxk6guu51.jpg'
    
  secondAsset: 
    requests|contains: '190947209-1002880900116912-4375102209501448340-n.jpg' 

  pathSegment:
    requests|contains: 'ilham@sultan' 

  condition: firstAsset and secondAsset and pathSegment


tags: 
  - kit
  - target.facebook