Microsoft Phishing Kit be5a6fa

Recent Detections

  • hxxp://treasuredmellowdifferences[.]bankkio[.]repl[.]co/
  • hxxp://standardickyfunnel[.]gbankoksh[.]repl[.]co/
  • hxxp://confirmarcuenta[.]smsns[.]repl[.]co/
  • hxxp://reactivarcuentaoutlook[.]6044[.]repl[.]co/
  • hxxp://reactivaroutlook[.]reactivar2022[.]repl[.]co/
  • hxxp://reactivarcuenta2022[.]reactivar2022[.]repl[.]co/
  • hxxp://treasurednatural[.]login007[.]repl[.]co/
  • hxxp://rootghostingverification12[.]ghostingloh98[.]repl[.]co/
  • hxxp://zvdvsda1[.]c1[.]biz/
  • hxxp://segurosliveoutmemicros[.]010100019800[.]repl[.]co

IOK Rule (edit)

title: Microsoft Phishing Kit be5a6fa
description: |
    Detects a Microsoft phishing kit targeting Spanish speaking users.
    
references:
    - https://urlscan.io/result/be5a6faa-f5fc-41e1-8274-4999b5d8c616
    - https://urlscan.io/result/00495934-edf4-4625-9a35-7955f6df5367

detection:

    divClass:
      html|contains: 'class="padree"'

    otherDivClass:
      html|contains: 'class="hijoi"'

    inputFieldClass:
      html|contains: 'class="hijo_uno"'

    logoFileName:
      html|contains: 'for-lt-ie10.png'

    condition: divClass and otherDivClass and inputFieldClass and logoFileName

tags:
  - target.microsoft