Facebook Phishing Kit f675021b

Detects a Facebook phishing kit targeting Polish users.

References

https://urlscan.io/result/f675021b-9b3d-4729-885d-796c2b42433d
https://urlscan.io/result/3fc04106-e4aa-41ab-824e-a9e364cff5dc
https://urlscan.io/result/5bad220a-d5ed-479e-b00d-bd6e875d4fa8

IOK Rule (edit)

title: Facebook Phishing Kit f675021b
description: |
    Detects a Facebook phishing kit targeting Polish users.

references:
  - https://urlscan.io/result/f675021b-9b3d-4729-885d-796c2b42433d
  - https://urlscan.io/result/3fc04106-e4aa-41ab-824e-a9e364cff5dc
  - https://urlscan.io/result/5bad220a-d5ed-479e-b00d-bd6e875d4fa8

detection:

    facebookLogo:
      requests|contains: '/img/logo-fb.png'

    mainPage:
      requests|contains: 'authorize.php'

    formAction:
      dom|contains: '/savetofile.php'

    bootstrapCSSHash:
      dom|contains: '1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3'

    condition: facebookLogo and mainPage and formAction and bootstrapCSSHash

tags:
  - kit
  - target.facebook
  - target_country.poland