Detects a phishing kit targeting Office 365 using a fake login form. It doesn't attempt to visually mimic the official login pages, allowing it to evade common detection engines.
title: Office 365 Phishing Kit l03TtM
description: |
Detects a phishing kit targeting Office 365 using a fake login form.
It doesn't attempt to visually mimic the official login pages, allowing it to evade common detection engines.
references:
- https://urlscan.io/result/aa88b424-2850-467e-9df1-1a92028e198e/
- https://urlscan.io/result/94ed86b6-2656-4a29-81e8-e60445a15fb7/
detection:
headId:
html|contains:
- head id="ctl00_Head1"
background:
html|contains:
- 'background: url(https://ssomedialax.rapmls.com/backgrounds/bak.jpg)'
copyright:
html|contains:
- Copyright © 2020 Office365 Corporation. All rights reserved.
condition: headId and background and copyright
tags:
- kit
- target.office365