Microsoft Phishing Kit zuu2wvfc

Detects a Microsoft phishing kit with a lot of entropy, making it easy to detect. Discovered as a result of this being deployed on Replit.com.

References

https://urlscan.io/result/4f4e2f28-f18f-466c-8365-80226ea967fa

IOK Rule (edit)

title: Microsoft Phishing Kit zuu2wvfc
description: |
    Detects a Microsoft phishing kit with a lot of entropy, making it easy to detect.
    Discovered as a result of this being deployed on Replit.com.

references:
    - https://urlscan.io/result/4f4e2f28-f18f-466c-8365-80226ea967fa

detection:

    title:
      html|contains:
        - <title>Iniciar sesión en tu cuenta Microsoft</title>

    css:
      html|contains:
        - link rel="stylesheet" title="Converged_v2" type="text/css" href="Converged_v23082_AZXChPIB5jI3ijrmoNll5w2.css"

    form:
      html|contains:
        - 'form name="f1" id="i0281" novalidate="novalidate" spellcheck="false" method="post" target="_top" autocomplete="off" data-bind="autoSubmit: forceSubmit, attr: { action: postUrl }, ariaHidden: activeDialog" action="secure.php"'

    img:
      html|contains:
        - https://logincdn.msauth.net/16.000.28510.10/content/images/microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d9.png

    condition: title and css and form and img

tags:
  - kit
  - target.microsoft