Santander Phishing Kit 85b6cae

Detects a Santander phishing kit targeting Spanish speaking users.

References

https://urlscan.io/result/56fb9b2c-e078-4d1d-b8a6-e6e5147e90d3
https://urlscan.io/result/5ccf3cfc-cc1a-432d-a6e2-575f80742672

IOK Rule (edit)

title: Santander Phishing Kit 85b6cae
description: |
    Detects a Santander phishing kit targeting Spanish speaking users.
    
references:
    - https://urlscan.io/result/56fb9b2c-e078-4d1d-b8a6-e6e5147e90d3
    - https://urlscan.io/result/5ccf3cfc-cc1a-432d-a6e2-575f80742672
    
detection:

    usernameLabelId:
      html|contains: 'EB8236264AE3C04429B8F46076848E7B'
      
    passwordLabelId:
      html|contains: '85B6CAE065D33FEEEB4297826ECB9B2D'
      
    exfilDestination:
      html|contains: 'database_setup/routes/process_login.php'
   

    condition: usernameLabelId and passwordLabelId and exfilDestination

tags:
  - kit
  - target.santander