GOVUK m3dular Phishing Kit ea8f67e

Detects a GOVUK phishing kit targeting citizens of the UK. Kit developed by a user under the alias of 'm3dular' (https://twitter.com/JCyberSec_/status/1575054303873486848) kit intelligence provided by @JCyberSec_.

References

Recent Detections

IOK Rule (edit)

title: GOVUK m3dular Phishing Kit ea8f67e
description: |
    Detects a GOVUK phishing kit targeting citizens of the UK.
    Kit developed by a user under the alias of 'm3dular' (https://twitter.com/JCyberSec_/status/1575054303873486848)
    kit intelligence provided by @JCyberSec_.
    
references:
  - https://urlscan.io/result/ea8f67e9-d22b-4f14-b8f8-7f44a019100d
    
detection:

  fakeMessage:
    html|contains: 'You are eligible to receive a £400 non-repayable discount under the Energy Bills Support Scheme.'

  antiVMScript:
    requests|contains: 'm3d.js' # m3dular antivm script

  condition: fakeMessage and antiVMScript

tags:
  - threat_actor.m3dular
  - target_country.unitedkingdom
  - target.govuk