Microsoft Phishing Kit EwNaWJpB

Detects a Microsoft phishing kit in Spanish, targeting the citizens of Argentina.

References

https://urlscan.io/result/8024516d-703a-4a4c-93c2-611549bde820
https://urlscan.io/result/16043b90-f719-4fcf-a9db-f12db5d943c7

IOK Rule (edit)

title: Microsoft Phishing Kit EwNaWJpB
description: |
    Detects a Microsoft phishing kit in Spanish, targeting the citizens of Argentina.
    
references:
    - https://urlscan.io/result/8024516d-703a-4a4c-93c2-611549bde820
    - https://urlscan.io/result/16043b90-f719-4fcf-a9db-f12db5d943c7

detection:

    image:
      html|contains: 
        - <img class="imagen" src="222hotmail.jpg" alt="" />

    form:
      html|contains|all:
        - type="email" name="emil"

    favicon:
      html|contains: 'SCAM/favicon.png'

    cssFile:
      html|contains: 'estilo.css'

    condition: image and form and favicon and cssFile

tags:
  - kit
  - target.microsoft
  - target_country.argentina