Paypal Phishing Kit 6c455a6

Detects a Paypal phishing kit.

References

https://urlscan.io/result/6c455a62-1533-49d8-ae6d-db0905cc779f

IOK Rule (edit)

title: Paypal Phishing Kit 6c455a6
description: |
    Detects a Paypal phishing kit.
    
references:
    - https://urlscan.io/result/6c455a62-1533-49d8-ae6d-db0905cc779f
    
detection:

    exfilPhpScript:
      html|contains: 'login.php'

    csrfToken:
      html|contains: 'p02PG7qTPOzRbBlVOVYcIZp207FMD847ffoS0='
     
    clonedNonce:
      html|contains: 'OdHJON702gbbVy4cAFWxaboMpVOk5muI1jhED3XwaB6eOIPN'

    condition: exfilPhpScript and csrfToken and clonedNonce

tags:
  - kit
  - target.paypal