Microsoft Phishing Kit be5a6fa

Detects a Microsoft phishing kit targeting Spanish speaking users.

References

Recent Detections

hxxps://seguridadlmicrosooftt[.]hotkei[.]repl[.]co/

urlscan.io
hxxps://outlookseguridad[.]llpersona[.]repl[.]co/

urlscan.io
hxxps://outlookarfreed[.]microsoftverife[.]repl[.]co/

urlscan.io
hxxps://casoerrorcolombouy[.]casoerror55c33[.]repl[.]co/

urlscan.io
hxxps://coolashamedgraphs[.]accountbankserv[.]repl[.]co/

urlscan.io
hxxps://outlookseguridad[.]carloslugo4[.]repl[.]co/

urlscan.io
hxxps://confirmar[.]hotre[.]repl[.]co/

urlscan.io
hxxp://treasuredmellowdifferences[.]bankkio[.]repl[.]co/

urlscan.io
hxxp://standardickyfunnel[.]gbankoksh[.]repl[.]co/

urlscan.io
hxxp://confirmarcuenta[.]smsns[.]repl[.]co/

urlscan.io

IOK Rule (edit)

title: Microsoft Phishing Kit be5a6fa
description: |
    Detects a Microsoft phishing kit targeting Spanish speaking users.
    
references:
    - https://urlscan.io/result/be5a6faa-f5fc-41e1-8274-4999b5d8c616
    - https://urlscan.io/result/00495934-edf4-4625-9a35-7955f6df5367

detection:

    divClass:
      html|contains: 'class="padree"'

    otherDivClass:
      html|contains: 'class="hijoi"'

    inputFieldClass:
      html|contains: 'class="hijo_uno"'

    logoFileName:
      html|contains: 'for-lt-ie10.png'

    condition: divClass and otherDivClass and inputFieldClass and logoFileName

tags:
  - target.microsoft