Detects a SAISON Card phishing kit targeting Japanese users.
title: SAISON Card Phishing Kit b85570be
description: |
Detects a SAISON Card phishing kit targeting Japanese users.
references:
- https://urlscan.io/result/b85570be-adc3-45f8-83ee-9a4a46737f89
- https://urlscan.io/result/4332baf6-7b01-49e9-9d88-b7dcb9ad5a33
- https://urlscan.io/result/7ddc9c4a-2a7d-403d-9743-82cb62f0eb02
detection:
formContains:
html|contains:
- 'name="loginForm" id="loginForm" method="post" action="USA0201UIP01SCR.do.php"'
tokenContains:
html|contains:
- 'type="hidden" name="_csrf" value="a9410f4f-e742-47a4-bcb4-78b655267747"'
pagePHP:
requests|contains: 'auth.php'
condition: formContains and tokenContains and pagePHP
tags:
- kit
- target.saison_card
- target_country.japan