Facebook Phishing Kit e9da0f06

Detects a phishing page targeting Facebook users asking them to enter the credentials to verify they own the account in question.

References

IOK Rule (edit) 

title: Facebook Phishing Kit e9da0f06
description: |
    Detects a phishing page targeting Facebook users
    asking them to enter the credentials to verify
    they own the account in question.
    
references:
  - https://urlscan.io/result/e9da0f06-c14d-41d1-ad3c-c1e17e87a95a
  - https://urlscan.io/result/a0a7feb0-8510-4222-8c7e-7c6dc9a3f81e
  - https://urlscan.io/result/bf7d1fb0-ef51-416b-ab81-739d523eee32

detection:

  formString:
    dom|contains: 'AQEeSudqCxLiEhc:9:1637830325'

  scriptNonce:
    dom|contains: 'u_0_9_SZ'

  pageTitle:
    dom|contains: 'Account security'

  condition: formString and scriptNonce and pageTitle

tags:
  - kit
  - target.facebook