Detects a phishing kit pretending to be Outlook and attempting to capture the user's credentials. Found as a result of this kit being deployed on Replit.
title: Outlook Phishing Kit hCO41m
description: |
Detects a phishing kit pretending to be Outlook and attempting to capture the user's credentials.
Found as a result of this kit being deployed on Replit.
references:
- https://urlscan.io/result/ef32cd01-2a2c-4513-bdc2-d44e7d3f870c/
- https://urlscan.io/result/686725c9-178d-494d-afbb-25900318cb70/
detection:
title:
html|contains:
- <title>Document</title>
logo:
html|contains:
- <img src="logo.png" class="img-fluid">
privateComputerCheckmark:
html|contains:
- <img src="k.png" class="img-fluid">
logoGenerator:
html|contains:
- logo.clearbit.com
condition: title and logo and privateComputerCheckmark and logoGenerator
tags:
- kit
- target.outlook