Exfiltration using Form2Chat

Form2Chat is a service that takes HTML form submissions and sends the results to an email address or instant messenger service.

It can be used by threat actors building "serverless" phishing pages i.e. where they don't have a backend server that can send emails or store logs.

IOK Rule (edit)

title: Exfiltration using Form2Chat
description: |
  Form2Chat is a service that takes HTML form submissions and sends the results to an email address or instant messenger service.

  It can be used by threat actors building "serverless" phishing pages i.e. where they don't have a backend server that can send emails or store logs.
related:
  - id: getform-io

detection:
  formAction:
    html|contains: "https://app.form2chat.io/f/"
  condition: formAction

tags:
  - exfiltration