Scotiabank Phishing Kit 76fc8cb

Detects a Bank of Nova Scotia (Scotiabank) phishing kit targeting Spanish speaking users. Commonly deployed on replit.com.

References

https://urlscan.io/result/76fc8cb5-bf41-454a-87da-35bef237e243/

IOK Rule (edit)

title: Scotiabank Phishing Kit 76fc8cb
description: |
    Detects a Bank of Nova Scotia (Scotiabank) phishing kit targeting Spanish speaking users.
    Commonly deployed on `replit.com`.
    
references:
    - https://urlscan.io/result/76fc8cb5-bf41-454a-87da-35bef237e243/

detection:
    
    imageAssets:
        html|contains|all: 
            - 'im/logof.png'
            - 'im/logoa.png'
            - 'im/logog.png'
            - 'im/logob.png'
        
    exfilPhpScript:
        html|contains: 'action="step.php"'
        
    buttonId:
        html|contains: 'button id="submitx"'
        
    condition: imageAssets and exfilPhpScript and buttonId
    
tags:
  - kit
  - target.scotiabank