Microsoft Phishing Kit EwNaWJpB

Detects a Microsoft phishing kit in Spanish, targeting the citizens of Argentina.

References

https://urlscan.io/result/8024516d-703a-4a4c-93c2-611549bde820
https://urlscan.io/result/16043b90-f719-4fcf-a9db-f12db5d943c7

IOK Rule (edit)

title: Microsoft Phishing Kit EwNaWJpB
description: |
    Detects a Microsoft phishing kit in Spanish, targeting the citizens of Argentina.
    
references:
    - https://urlscan.io/result/8024516d-703a-4a4c-93c2-611549bde820
    - https://urlscan.io/result/16043b90-f719-4fcf-a9db-f12db5d943c7

detection:

    form:
      html|contains|all:
        - type="email" name="emil"
        - id="clave" type="password" name="pss"

    favicon:
      html|contains: 'SCAM/favicon.png'

    cssFile:
      html|contains: 'estilo.css'

    condition: form and favicon and cssFile

tags:
  - target.microsoft
  - target_country.argentina