Microsoft Phishing Kit rxkr4n3b

Detects a poorly designed and simple Microsoft phishing kit. Discovered as a result of this being deployed on Replit.com.

References

IOK Rule (edit)

title: Microsoft Phishing Kit rxkr4n3b
description: |
    Detects a poorly designed and simple Microsoft phishing kit.
    Discovered as a result of this being deployed on Replit.com.

references:
    - https://urlscan.io/result/b88dcbad-2ef0-4904-8046-3ca438fb4afa
    - https://urlscan.io/result/4a06b13e-57b1-47a6-852b-d68c9518d25f

detection:

    title:
      html|contains:
        - <title>PROCESO</title>

    css:
      html|contains:
        - link rel="stylesheet" type="text/css" href="forma.css"

    form:
      html|contains:
        - form action="complete.php" method="post"

    inputs:
      html|contains|all:
        - input type="email" name="lgdmdp" placeholder="EMAIL ALCTUAL"
        - input id="clave" type="password" name="djddhd" placeholder="CLAVE ACTUAL"
        - input type="submit" class="boton" value="Confirmar"

    img:
      html|contains:
        - 'img  style="width: 101px;" src="imagen.jpg"  alt=""'

    condition: all of them

tags:
  - kit
  - target.microsoft