Santander Phishing Kit 951d27d

IOK Rule (edit)

title: Santander Phishing Kit 951d27d
description: |
    Detects a Santander phishing kit targeting Spanish speaking users.
    
references:
    - https://urlscan.io/result/d7f3f389-d10b-4b83-a45c-ba7f8ec54035
    - https://urlscan.io/result/1c849740-38f2-4442-94f8-bf2147cc587e
    
detection:

    cloneTimestamp:
      requests|contains: '?v=1655293257536'
      
    passwordFieldName:
      html|contains: 'name="senha"'
      
    exfilDestination:
      html|contains: '/atualiza'
   

    condition: cloneTimestamp and passwordFieldName and exfilDestination

tags:
  - kit
  - target.santander