None found yet
We've not seen any sites matching this indicator yet. Try scanning a site you think matches this rule:
Detects a phishing kit targeting Office 365 using a fake login form. It doesn't attempt to visually mimic the official login pages, allowing it to evade common detection engines.
None found yet
We've not seen any sites matching this indicator yet. Try scanning a site you think matches this rule:
title: Office 365 Phishing Kit l03TtM
description: |
Detects a phishing kit targeting Office 365 using a fake login form.
It doesn't attempt to visually mimic the official login pages, allowing it to evade common detection engines.
references:
- https://urlscan.io/result/aa88b424-2850-467e-9df1-1a92028e198e/
- https://urlscan.io/result/94ed86b6-2656-4a29-81e8-e60445a15fb7/
detection:
headId:
html|contains:
- head id="ctl00_Head1"
background:
html|contains:
- 'background: url(https://ssomedialax.rapmls.com/backgrounds/bak.jpg)'
copyright:
html|contains:
- Copyright © 2020 Office365 Corporation. All rights reserved.
condition: headId and background and copyright
tags:
- kit
- target.office365