Microsoft Phishing Kit be5a6fa

Recent Detections

  • hxxps://seguridadlmicrosooftt[.]hotkei[.]repl[.]co/
  • hxxps://outlookseguridad[.]llpersona[.]repl[.]co/
  • hxxps://outlookarfreed[.]microsoftverife[.]repl[.]co/
  • hxxps://casoerrorcolombouy[.]casoerror55c33[.]repl[.]co/
  • hxxps://coolashamedgraphs[.]accountbankserv[.]repl[.]co/
  • hxxps://outlookseguridad[.]carloslugo4[.]repl[.]co/
  • hxxps://confirmar[.]hotre[.]repl[.]co/
  • hxxp://treasuredmellowdifferences[.]bankkio[.]repl[.]co/
  • hxxp://standardickyfunnel[.]gbankoksh[.]repl[.]co/
  • hxxp://confirmarcuenta[.]smsns[.]repl[.]co/

IOK Rule (edit)

title: Microsoft Phishing Kit be5a6fa
description: |
    Detects a Microsoft phishing kit targeting Spanish speaking users.
    
references:
    - https://urlscan.io/result/be5a6faa-f5fc-41e1-8274-4999b5d8c616
    - https://urlscan.io/result/00495934-edf4-4625-9a35-7955f6df5367

detection:

    divClass:
      html|contains: 'class="padree"'

    otherDivClass:
      html|contains: 'class="hijoi"'

    inputFieldClass:
      html|contains: 'class="hijo_uno"'

    logoFileName:
      html|contains: 'for-lt-ie10.png'

    condition: divClass and otherDivClass and inputFieldClass and logoFileName

tags:
  - target.microsoft