Santander Phishing Kit d639dea

Detects a Santander phishing kit developed by the threat actor known as 'Kr3pto'

References

https://urlscan.io/result/9809712b-e35c-4f50-b972-79379c77ca22
https://urlscan.io/result/1990ca0a-02a3-4f3f-8862-5945e4ec68ed

IOK Rule (edit)

title: Santander Phishing Kit d639dea
description: |
    Detects a Santander phishing kit developed by the threat 
    actor known as 'Kr3pto'
    
references:
  - https://urlscan.io/result/9809712b-e35c-4f50-b972-79379c77ca22
  - https://urlscan.io/result/1990ca0a-02a3-4f3f-8862-5945e4ec68ed

  
detection:

  siteTitle:
    html|contains: 'Personal Online Banking:'
    
  images:
    requests|contains|all:
        - 'asset-3-3-x.png'
        - 'asset-2.png'

  condition: siteTitle and images

tags:
  - kit
  - target.santander
  - threat_actor.kr3pto