Microsoft Outlook Phishing Kit 9e75296

Detects a Microsoft Outlook phishing kit targeting Spanish speaking users.

References

https://urlscan.io/result/9e752962-a73a-41b6-813d-ca9026cb5391
https://urlscan.io/result/5c31c1c9-d13d-4ce6-a01b-b6c22e64e932

IOK Rule (edit)

title: Microsoft Outlook Phishing Kit 9e75296
description: |
    Detects a Microsoft Outlook phishing kit targeting Spanish speaking users.
    
references:
    - https://urlscan.io/result/9e752962-a73a-41b6-813d-ca9026cb5391
    - https://urlscan.io/result/5c31c1c9-d13d-4ce6-a01b-b6c22e64e932
    
detection:

    jsFunction:
      html|contains: 'soloNumeros'
      
    logoFileName:
      html|contains: 'fond.png'
      
    exfilDestination:
      html|contains: 'action="savefile.php"'
      
    condition: jsFunction and logoFileName and exfilDestination

tags:
  - kit
  - target.microsoft_outlook