SAISON Card Phishing Kit b85570be

Detects a SAISON Card phishing kit targeting Japanese users.

References

https://urlscan.io/result/b85570be-adc3-45f8-83ee-9a4a46737f89
https://urlscan.io/result/4332baf6-7b01-49e9-9d88-b7dcb9ad5a33
https://urlscan.io/result/7ddc9c4a-2a7d-403d-9743-82cb62f0eb02

IOK Rule (edit)

title: SAISON Card Phishing Kit b85570be
description: |
    Detects a SAISON Card phishing kit targeting Japanese users.
    
references:
  - https://urlscan.io/result/b85570be-adc3-45f8-83ee-9a4a46737f89
  - https://urlscan.io/result/4332baf6-7b01-49e9-9d88-b7dcb9ad5a33
  - https://urlscan.io/result/7ddc9c4a-2a7d-403d-9743-82cb62f0eb02

detection:

    formContains: 
        html|contains: 
            - 'name="loginForm" id="loginForm" method="post" action="USA0201UIP01SCR.do.php"'
    tokenContains: 
        html|contains: 
            - 'type="hidden" name="_csrf" value="a9410f4f-e742-47a4-bcb4-78b655267747"'
    pagePHP:
        requests|contains: 'auth.php'

    condition: formContains and tokenContains and pagePHP

tags:
  - kit
  - target.saison_card
  - target_country.japan