m3dular Phishing Kit ea8f67e

Detects a phishing kit developed by a threat actor under the alias of 'm3dular'.

References

https://urlscan.io/result/ea8f67e9-d22b-4f14-b8f8-7f44a019100d
https://urlscan.io/result/4d5df981-e768-4acf-a925-8395fdc73cc4
https://twitter.com/JCyberSec_/status/1575054303873486848

IOK Rule (edit)

title: m3dular Phishing Kit ea8f67e
description: |
    Detects a phishing kit developed by 
    a threat actor under the alias of 'm3dular'.
    
references:
  - https://urlscan.io/result/ea8f67e9-d22b-4f14-b8f8-7f44a019100d
  - https://urlscan.io/result/4d5df981-e768-4acf-a925-8395fdc73cc4
  - https://twitter.com/JCyberSec_/status/1575054303873486848
    
detection:

  kitStructure:
    requests|contains|all: 
        - 'm3d.js' # antivm script
        - 'm3cache' # asset cache folder 
        - 'mx.png' # 
        

  condition: kitStructure

tags:
  - kit
  - threat_actor.m3dular