MUFG Phishing Kit 483cbea7

Detects a phishing page that targets Japanese users of MUFG (Mitsubishi UFJ Financial Group) Bank

This original page seems to have been cloned leaving a trace of the cloner's useragent in the hidden input elements of the website's login form

References

Recent Detections

None found yet

We've not seen any sites matching this indicator yet. Try scanning a site you think matches this rule:

IOK Rule (edit)

title: MUFG Phishing Kit 483cbea7
description: |
    Detects a phishing page that targets Japanese users
    of MUFG (Mitsubishi UFJ Financial Group) Bank

    This original page seems to have been cloned leaving
    a trace of the cloner's useragent in the hidden input 
    elements of the website's login form
   
references:
    - https://urlscan.io/result/483cbea7-5acc-42d3-9e3b-c6d413df2ad6
    - https://urlscan.io/result/0e072075-0244-49fb-88e6-d09ebbbaaedc
    - https://urlscan.io/result/0088bf2a-18ac-4a83-9793-25c113e4c9f4
    - https://urlscan.io/result/6484b228-2b2e-45a4-bbc1-1b004cc26beb

detection:

  clonerUserAgent:
      dom|contains: 'Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1'

  redirectUrl:
      dom|contains: '/info.php?dilefa=iejfeafe454a56f4a8ew4fa684fa3efawe1faw5ef4awe64fa6w54'

  condition: clonerUserAgent and redirectUrl

tags:
  - target.mufg
  - target_country.japan